Merge remote-tracking branch 'chainlink/develop' into develop

smartcontractkit · Dec 14, 2023 · 1d20c9b · 1d20c9b
2 parents 1abdb05 + e427abb
commit 1d20c9b
Show file tree

Hide file tree

Showing 2,498 changed files with 195,694 additions and 111,466 deletions.
diff --git a/.github/actions/build-chainlink-image/action.yml b/.github/actions/build-chainlink-image/action.yml
@@ -0,0 +1,48 @@
+name: Build Chainlink Image
+description: A composite action that allows building and publishing the Chainlink image for integration testing
+
+inputs:
+  tag_suffix:
+    description: The suffix to append to the image tag (usually blank or "-plugins")
+    default: ""
+  dockerfile:
+    description: The path to the Dockerfile to use (usually core/chainlink.Dockerfile or plugins/chainlink.Dockerfile)
+    default: core/chainlink.Dockerfile
+  git_commit_sha:
+    description: The git commit sha to use for the image tag
+    default: ${{ github.sha }}
+  GRAFANA_CLOUD_BASIC_AUTH:
+    description: "grafana cloud basic auth"
+  GRAFANA_CLOUD_HOST:
+    description: "grafana cloud hostname"
+  AWS_REGION:
+    description: "AWS region to use for ECR"
+  AWS_ROLE_TO_ASSUME:
+    description: "AWS role to assume for ECR"
+
+runs:
+  using: composite
+  steps:
+    - name: Check if image exists
+      id: check-image
+      uses: smartcontractkit/chainlink-github-actions/docker/image-exists@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
+      with:
+        repository: chainlink
+        tag: ${{ inputs.git_commit_sha }}${{ inputs.tag_suffix }}
+        AWS_REGION: ${{ inputs.AWS_REGION }}
+        AWS_ROLE_TO_ASSUME: ${{ inputs.AWS_ROLE_TO_ASSUME }}
+    - name: Build Image
+      if: steps.check-image.outputs.exists == 'false'
+      uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/build-image@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
+      with:
+        cl_repo: smartcontractkit/chainlink
+        cl_ref: ${{ inputs.git_commit_sha }}
+        cl_dockerfile: ${{ inputs.dockerfile }}
+        push_tag: ${{ env.CHAINLINK_IMAGE }}:${{ inputs.git_commit_sha }}${{ inputs.tag_suffix }}
+        QA_AWS_REGION: ${{ inputs.AWS_REGION }}
+        QA_AWS_ROLE_TO_ASSUME: ${{ inputs.AWS_ROLE_TO_ASSUME }}
+    - name: Print Chainlink Image Built
+      shell: sh
+      run: |
+        echo "### Chainlink node image tag used for this test run :link:" >>$GITHUB_STEP_SUMMARY
+        echo "\`${GITHUB_SHA}\`" >>$GITHUB_STEP_SUMMARY
diff --git a/.github/actions/build-sign-publish-chainlink/action.yml b/.github/actions/build-sign-publish-chainlink/action.yml
@@ -10,8 +10,15 @@ inputs:
     required: false
 
   dockerfile:
+    description: Path to the Dockerfile (relative to the repo root)
     default: core/chainlink.Dockerfile
     required: false
+  dockerhub_username:
+    description: Username for Docker Hub to avoid rate limits when pulling public images
+    required: false
+  dockerhub_password:
+    description: Password for Docker Hub to avoid rate limits when pulling public images
+    required: false
   ecr-hostname:
     description: The ECR registry scope
     default: public.ecr.aws
@@ -23,6 +30,11 @@ inputs:
     default: chainlink/chainlink
     required: false
   ecr-tag-suffix:
+    description: Docker image tag suffix
+    required: false
+  git-commit-sha:
+    description: Git commit SHA used as metadata when building the application (appears in logs)
+    default: ${{ github.event.pull_request.head.sha || github.sha }}
     required: false
   aws-role-to-assume:
     description: The AWS role to assume as the CD user, if any. Used in configuring the docker/login-action
@@ -61,7 +73,7 @@ runs:
   using: composite
   steps:
     - name: Set shared variables
-      shell: sh
+      shell: bash
       # See https://docs.github.com/en/actions/learn-github-actions/workflow-commands-for-github-actions#multiline-strings
       run: |
         SHARED_IMAGES=${{ inputs.ecr-hostname }}/${{ inputs.ecr-image-name }}
@@ -74,7 +86,7 @@ runs:
         )
 
         SHARED_BUILD_ARGS=$(cat << EOF
-        COMMIT_SHA=${{ github.sha }}
+        COMMIT_SHA=${{ inputs.git-commit-sha }}
         EOF
         )
 
@@ -93,7 +105,7 @@ runs:
     - if: inputs.publish == 'true'
       # Log in to AWS for publish to ECR
       name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
+      uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
       with:
         role-to-assume: ${{ inputs.aws-role-to-assume }}
         role-duration-seconds: ${{ inputs.aws-role-duration-seconds }}
@@ -106,11 +118,13 @@ runs:
         registry: ${{ inputs.ecr-hostname }}
 
     - name: Setup Docker Buildx
-      uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
+      uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
 
     - name: Generate docker metadata for root image
       id: meta-root
-      uses: docker/metadata-action@c4ee3adeed93b1fa6a762f209fb01608c1a22f1e # v4.4.4
+      uses: docker/metadata-action@2c0bd771b40637d97bf205cbccdd294a32112176 # v4.5.0
+      env:
+        DOCKER_METADATA_PR_HEAD_SHA: "true"
       with:
         # list of Docker images to use as base name for tags
         images: ${{ env.shared-images }}
@@ -120,9 +134,17 @@ runs:
           type=semver,pattern={{version}},suffix=${{ inputs.ecr-tag-suffix }}-root
           type=sha,format=short,suffix=${{ inputs.ecr-tag-suffix }}-root
 
+    # To avoid rate limiting from Docker Hub, we login with a paid user account.
+    - name: Login to Docker Hub
+      if: inputs.dockerhub_username && inputs.dockerhub_password
+      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+      with:
+        username: ${{ inputs.dockerhub_username }}
+        password: ${{ inputs.dockerhub_password }}
+
     - name: Build and push root docker image
       id: buildpush-root
-      uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
+      uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
       with:
         push: ${{ inputs.publish }}
         context: .
@@ -144,7 +166,9 @@ runs:
 
     - name: Generate docker metadata for non-root image
       id: meta-nonroot
-      uses: docker/metadata-action@c4ee3adeed93b1fa6a762f209fb01608c1a22f1e # v4.4.4
+      uses: docker/metadata-action@2c0bd771b40637d97bf205cbccdd294a32112176 # v4.5.0
+      env:
+        DOCKER_METADATA_PR_HEAD_SHA: "true"
       with:
         flavor: |
           latest=auto
@@ -153,9 +177,17 @@ runs:
         images: ${{ env.shared-images }}
         tags: ${{ env.shared-tag-list }}
 
+    # To avoid rate limiting from Docker Hub, we login with a paid user account.
+    - name: Login to Docker Hub
+      if: inputs.dockerhub_username && inputs.dockerhub_password
+      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+      with:
+        username: ${{ inputs.dockerhub_username }}
+        password: ${{ inputs.dockerhub_password }}
+
     - name: Build and push non-root docker image
       id: buildpush-nonroot
-      uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
+      uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
       with:
         push: ${{ inputs.publish }}
         context: .
@@ -195,7 +227,7 @@ runs:
 
     - if: inputs.sign-images == 'true'
       name: Install cosign
-      uses: sigstore/cosign-installer@581838fbedd492d2350a9ecd427a95d6de1e5d01 # v2.1.0
+      uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
       with:
         cosign-release: "v1.6.0"
 

diff --git a/.github/actions/build-test-image/action.yml b/.github/actions/build-test-image/action.yml
@@ -15,7 +15,7 @@ inputs:
     required: false
   suites:
     description: The test suites to build into the image
-    default: chaos migration performance reorg smoke soak benchmark
+    default: chaos migration performance reorg smoke soak benchmark load/automationv2_1
     required: false
   QA_AWS_ROLE_TO_ASSUME:
     description: The AWS role to assume as the CD user, if any. Used in configuring the docker/login-action
@@ -30,25 +30,85 @@ inputs:
 runs:
   using: composite
   steps:
+
+    # Base Test Image Logic
+    - name: Get CTF Version
+      id: version
+      uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/mod-version@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
+      with:
+        go-project-path: ./integration-tests
+        module-name: github.com/smartcontractkit/chainlink-testing-framework
+        enforce-semantic-tag: false
+    - name: Get CTF sha
+      if: steps.version.outputs.is_semantic == 'false'
+      id: short_sha
+      env:
+        VERSION: ${{ steps.version.outputs.version }}
+      shell: bash
+      run: |
+        short_sha="${VERSION##*-}"
+        echo "short sha is: ${short_sha}"
+        echo "short_sha=${short_sha}" >> "$GITHUB_OUTPUT"
+    - name: Checkout chainlink-testing-framework
+      if: steps.version.outputs.is_semantic == 'false'
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      with:
+        repository: smartcontractkit/chainlink-testing-framework
+        ref: main
+        fetch-depth: 0
+        path: ctf
+    - name: Get long sha
+      if: steps.version.outputs.is_semantic == 'false'
+      id: long_sha
+      env:
+        SHORT_SHA: ${{ steps.short_sha.outputs.short_sha }}
+      shell: bash
+      run: |
+        cd ctf
+        long_sha=$(git rev-parse ${SHORT_SHA})
+        echo "sha is: ${long_sha}"
+        echo "long_sha=${long_sha}" >> "$GITHUB_OUTPUT"
+    - name: Check if test base image exists
+      if: steps.version.outputs.is_semantic == 'false'
+      id: check-base-image
+      uses: smartcontractkit/chainlink-github-actions/docker/image-exists@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
+      with:
+        repository: ${{ inputs.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ inputs.QA_AWS_REGION }}.amazonaws.com/test-base-image
+        tag: ${{ steps.long_sha.outputs.long_sha }}
+        AWS_REGION: ${{ inputs.QA_AWS_REGION }}
+        AWS_ROLE_TO_ASSUME: ${{ inputs.QA_AWS_ROLE_TO_ASSUME }}
+    - name: Build Base Image
+      if: steps.version.outputs.is_semantic == 'false' && steps.check-base-image.outputs.exists == 'false'
+      uses: smartcontractkit/chainlink-github-actions/docker/build-push@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
+      env:
+        BASE_IMAGE_NAME: ${{ inputs.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ inputs.QA_AWS_REGION }}.amazonaws.com/test-base-image:${{ steps.long_sha.outputs.long_sha }}
+      with:
+        tags: ${{ env.BASE_IMAGE_NAME }}
+        file: ctf/k8s/Dockerfile.base
+        AWS_REGION: ${{ inputs.QA_AWS_REGION }}
+        AWS_ROLE_TO_ASSUME: ${{ inputs.QA_AWS_ROLE_TO_ASSUME }}
+    # End Base Image Logic
+
+    # Test Runner Logic
     - name: Check if image exists
       id: check-image
-      uses: smartcontractkit/chainlink-github-actions/docker/image-exists@ab595504ae9cf10c60eb8d2c5ce025284e58b210 #v2.1.5
+      uses: smartcontractkit/chainlink-github-actions/docker/image-exists@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
       with:
         repository: ${{ inputs.repository }}
         tag: ${{ inputs.tag }}
         AWS_REGION: ${{ inputs.QA_AWS_REGION }}
         AWS_ROLE_TO_ASSUME: ${{ inputs.QA_AWS_ROLE_TO_ASSUME }}
     - name: Build and Publish Test Runner
       if: steps.check-image.outputs.exists == 'false'
-      uses: smartcontractkit/chainlink-github-actions/docker/build-push@ab595504ae9cf10c60eb8d2c5ce025284e58b210 #v2.1.5
+      uses: smartcontractkit/chainlink-github-actions/docker/build-push@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
       with:
         tags: |
           ${{ inputs.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ inputs.QA_AWS_REGION }}.amazonaws.com/${{ inputs.repository }}:${{ inputs.tag }}
           ${{ inputs.other_tags }}
         file: ./integration-tests/test.Dockerfile
         build-args: |
           BASE_IMAGE=${{ inputs.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ inputs.QA_AWS_REGION }}.amazonaws.com/test-base-image
-          IMAGE_VERSION=v0.32.9
+          IMAGE_VERSION=${{ steps.long_sha.outputs.long_sha || steps.version.outputs.version }}
           SUITES="${{ inputs.suites }}"
         AWS_REGION: ${{ inputs.QA_AWS_REGION }}
         AWS_ROLE_TO_ASSUME: ${{ inputs.QA_AWS_ROLE_TO_ASSUME }}
@@ -60,3 +120,4 @@ runs:
       run: |
         echo "### ${INPUTS_REPOSITORY} image tag for this test run :ship:" >>$GITHUB_STEP_SUMMARY
         echo "\`${INPUTS_TAG}\`" >>$GITHUB_STEP_SUMMARY
+    # End Test Runner Logic
diff --git a/.github/actions/delete-deployments/action.yml b/.github/actions/delete-deployments/action.yml
@@ -0,0 +1,59 @@
+name: Delete Deployments
+description: Delete deployments by env and ref
+inputs:
+  environment:
+    required: true
+    description: The Github environment to filter deployments by
+  ref:
+    required: true
+    description: The ref to filter deployments by
+  dry-run:
+    required: false
+    description: Whether to actually delete deployments or not
+  github-token:
+    description: "The Github token to use for authentication"
+    required: true
+    default: ${{ github.token }}
+  num-of-pages:
+    required: false
+    description: The number of pages (of 100 per page) to fetch deployments from, set to 'all' to fetch all deployments
+    default: "all"
+  starting-page:
+    required: false
+    description: The page to start fetching deployments from, only valid if num-of-pages is set to a number
+  repository:
+    required: false
+    description: The owner and repository name to delete deployments from, defaults to the current repository, ex. 'smartcontractkit/chainlink'
+    default: ${{ github.repository }}
+
+runs:
+  using: composite
+  steps:
+    - uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4
+      with:
+        version: ^8.0.0
+
+    - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+      with:
+        node-version: "18"
+        cache: "pnpm"
+        cache-dependency-path: "./.github/actions/delete-deployments/pnpm-lock.yaml"
+
+    - name: Install dependencies
+      shell: bash
+      run: pnpm i --prod
+      working-directory: "./.github/actions/delete-deployments"
+
+    - name: Run deployment deleter
+      shell: bash
+      run: pnpm start
+      env:
+        NUM_OF_PAGES: ${{ inputs.num-of-pages }}
+        STARTING_PAGE: ${{ inputs.starting-page }}
+        GITHUB_TOKEN: ${{ inputs.github-token }}
+        ENVIRONMENT: ${{ inputs.environment }}
+        REF: ${{ inputs.ref }}
+        DRY_RUN: ${{ inputs.dry-run }}
+        OWNER: ${{ inputs.owner }}
+        REPOSITORY: ${{ inputs.repository }}
+      working-directory: "./.github/actions/delete-deployments"