push-tag-release #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: push-tag-release | |
on: | |
# This is _ONLY_ for manually creating an image | |
# for a tag that already exists. You would do this if | |
# for some reason CD fails, and you need to try to | |
# manually rebuild and publish the image. | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: "Tag to build and publish" | |
required: true | |
type: string | |
# This trigger is called from "push-main", and is _ONLY_ for | |
# creating docker images for newly tagged releases. | |
workflow_call: | |
inputs: | |
tag: | |
required: true | |
type: string | |
# This trigger is _ONLY_ for helm chart publishing and deployment. | |
# See jobs ci-lint-charts, cicd-build-publish-charts, cd-deploy-testnet | |
push: | |
tags: | |
# Root tag versions (e.g. v1.0.0) to kick off the helm chart publish and deploy. | |
- "v*.*.*" | |
jobs: | |
check-tags: | |
name: Parse and validate ${{ inputs.tag || github.ref_name }} tag | |
runs-on: ubuntu-latest | |
outputs: | |
tag-name: ${{ steps.tag-parse.outputs.name }} | |
tag-version: ${{ steps.tag-parse.outputs.version }} | |
release: ${{ steps.tag-parse.outputs.release }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
ref: ${{ inputs.tag }} # This will evaluate to "" in the case of a tag push | |
# which is what we want. Since the tag will exist on the default branch. | |
# - name: Fail if git tag is not from allowed branches | |
# if: startsWith(github.ref, 'refs/tags/') | |
# uses: smartcontractkit/.github/actions/guard-tag-from-branch@main | |
# with: | |
# tag: ${{ github.ref_name }} | |
# branch-regex: '^(main|release\/.*)' | |
- name: Validate and Parse Tag | |
id: tag-parse | |
uses: smartcontractkit/.github/actions/check-git-tag-for-monorepo@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # check-git-tag-for-monorepo@0.1.0 | |
with: | |
tag-ref: ${{ inputs.tag || github.ref_name }} | |
cicd-build-publish-artifacts-release: | |
name: Publish ${{ needs.check-tags.outputs.tag-name }}:${{ needs.check-tags.outputs.tag-version }} Image | |
runs-on: ubuntu-latest | |
needs: [check-tags] | |
if: needs.check-tags.outputs.release == 'true' | |
permissions: | |
id-token: write | |
contents: write | |
actions: read | |
steps: | |
- name: cicd-build-publish-artifacts-release | |
uses: smartcontractkit/.github/actions/cicd-build-publish-artifacts-go@25645c21796ebb5554693fcc0d312dc88330fbe0 # cicd-build-publish-artifacts-go@0.2.0 | |
with: | |
# general inputs | |
app-name: chainlink-feeds-${{ needs.check-tags.outputs.tag-name }} | |
publish: "true" | |
# if ref is empty do to a tag push, it will be an empty string that will checkout the HEAD | |
checkout-ref: ${{ inputs.tag }} | |
# grafana inputs | |
metrics-job-name: cicd-build-publish-artifacts-release | |
gc-basic-auth: ${{ secrets.GRAFANA_CLOUD_BASIC_AUTH }} | |
gc-host: ${{ secrets.GRAFANA_CLOUD_HOST }} | |
# aws inputs | |
aws-region: ${{ secrets.AWS_REGION }} | |
aws-role-arn: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }} | |
aws-account-number: ${{ secrets.AWS_ACCOUNT_NUMBER_PROD }} | |
# gati inputs | |
use-gati: "true" | |
aws-role-arn-gati: ${{ secrets.AWS_OIDC_CHAINLINK_FEEDS_CI_CHANGESET_TOKEN_ISSUER_ROLE_ARN }} | |
aws-lambda-url-gati: ${{ secrets.AWS_LAMBDA_URL_GATI }} | |
# golang inputs | |
go-version-file: go.work | |
# goreleaser inputs | |
goreleaser-args: "--config ./${{ needs.check-tags.outputs.tag-name }}/.goreleaser.ci.yaml" | |
goreleaser-dist: goreleaser-pro | |
goreleaser-key: ${{ secrets.GORELEASER_KEY }} | |
# zig inputs | |
use-zig: "true" | |
zig-version: "0.11.0" | |
# docker inputs | |
docker-registry: aws | |
docker-image-tag: devel |