Merge branch 'develop' into feat/validate-changesets

.changeset/afraid-houses-learn.md

@@ -0,0 +1,5 @@
+---
+"chainlink": patch
+---
+
+#updated use real contracts in ccipreader_tests where possible

.changeset/cool-penguins-raise.md

@@ -0,0 +1,5 @@
+---
+"chainlink": minor
+---
+
+#updated Remove custom ed25519 private to public key conversion.

.changeset/popular-rules-live.md

@@ -0,0 +1,5 @@
+---
+"chainlink": patch
+---
+
+Fixes a race condition with the Finalizer when clearing txs #bugfix

.changeset/tricky-clouds-move.md

@@ -0,0 +1,5 @@
+---
+"chainlink": patch
+---
+
+Updated Solana TXM to store prebroadcast transaction errors caught upfront by simulation. Refactored error parsing to more easily introduce new error cases. Optimized storing finalized and errored transaction to minimize memory usage. #updated

.github/actions/version-file-bump/action.yml

@@ -1,5 +1,5 @@
 name: version-file-bump
-description: "Ensure that the VERSION file has been bumped since the last release."
+description: "Ensure that the package.json version field has been bumped since the last release."
 inputs:
   github-token:
     description: "Github access token"

.github/e2e-tests.yml

@@ -987,6 +987,45 @@ runner-test-matrix:
       E2E_TEST_SELECTED_NETWORK: SIMULATED_1,SIMULATED_2,SIMULATED_3
       E2E_JD_VERSION: 0.6.0
 
+  - id: smoke/ccip/ccip_message_limitations_test.go:*
+    path: integration-tests/smoke/ccip/ccip_message_limitations_test.go
+    test_env_type: docker
+    runs_on: ubuntu-latest
+    triggers:
+      - PR E2E Core Tests
+      - Nightly E2E Tests
+    test_cmd: cd integration-tests/smoke/ccip && go test -run '^Test_CCIPMessageLimitations' -timeout 18m -test.parallel=1 -count=1 -json ./...
+    pyroscope_env: ci-smoke-ccipv1_6-evm-simulated
+    test_env_vars:
+      E2E_TEST_SELECTED_NETWORK: SIMULATED_1,SIMULATED_2
+      E2E_JD_VERSION: 0.6.0
+
+  - id: smoke/ccip/ccip_token_price_updates_test.go:*
+    path: integration-tests/smoke/ccip/ccip_token_price_updates_test.go
+    test_env_type: docker
+    runs_on: ubuntu-latest
+    triggers:
+      - PR E2E Core Tests
+      - Nightly E2E Tests
+    test_cmd: cd integration-tests/smoke/ccip && go test ccip_token_price_updates_test.go -timeout 18m -test.parallel=1 -count=1 -json
+    pyroscope_env: ci-smoke-ccipv1_6-evm-simulated
+    test_env_vars:
+      E2E_TEST_SELECTED_NETWORK: SIMULATED_1,SIMULATED_2
+      E2E_JD_VERSION: 0.6.0
+
+  - id: smoke/ccip/ccip_gas_price_updates_test.go:*
+    path: integration-tests/smoke/ccip/ccip_gas_price_updates_test.go
+    test_env_type: docker
+    runs_on: ubuntu-latest
+    triggers:
+      - PR E2E Core Tests
+      - Nightly E2E Tests
+    test_cmd: cd integration-tests/smoke/ccip && go test ccip_gas_price_updates_test.go -timeout 18m -test.parallel=1 -count=1 -json
+    pyroscope_env: ci-smoke-ccipv1_6-evm-simulated
+    test_env_vars:
+      E2E_TEST_SELECTED_NETWORK: SIMULATED_1,SIMULATED_2
+      E2E_JD_VERSION: 0.6.0
+
   - id: smoke/ccip/ccip_rmn_test.go:^TestRMN_TwoMessagesOnTwoLanesIncludingBatching$
     path: integration-tests/smoke/ccip/ccip_rmn_test.go
     test_env_type: docker

.github/integration-in-memory-tests.yml

@@ -31,4 +31,13 @@ runner-test-matrix:
     triggers:
       - PR Integration CCIP Tests
     test_cmd: cd integration-tests/smoke/ccip && go test ccip_fee_boosting_test.go -timeout 12m -test.parallel=2 -count=1 -json
+
+  - id: contracts/ccipreader_test.go:*
+    path: integration-tests/contracts/ccipreader_test.go
+    test_env_type: in-memory
+    runs_on: ubuntu-latest
+    triggers:
+      - PR Integration CCIP Tests
+    test_cmd: cd integration-tests/contracts && go test ccipreader_test.go -timeout 5m -test.parallel=1 -count=1 -json
+
   # END: CCIP tests

.github/workflows/build-publish-develop-pr.yml

@@ -2,9 +2,9 @@ name: "Build and Publish GoReleaser"
 
 on:
   pull_request:
-  # The default types are opened, synchronize, and reopened
-  # See https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request
-  # We add a label trigger too, since when the build-publish label is added to a PR, we want to build and publish
+    # The default types are opened, synchronize, and reopened
+    # See https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request
+    # We add a label trigger too, since when the build-publish label is added to a PR, we want to build and publish
     types:
       - opened
       - synchronize
@@ -28,49 +28,41 @@ env:
   # a commit is pushed to develop before merge is run.
   CHECKOUT_REF: ${{ github.event.inputs.git_ref || github.sha }}
 
-
 jobs:
-  merge:
+  image-tag:
     runs-on: ubuntu-latest
-    needs: [split, image-tag]
-    if: ${{ needs.image-tag.outputs.release-type == 'nightly' }}
-    permissions:
-      id-token: write
-      contents: read
+    outputs:
+      image-tag: ${{ steps.get-image-tag.outputs.image-tag }}
+      release-type: ${{ steps.get-image-tag.outputs.release-type }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4.2.1
         with:
           ref: ${{ env.CHECKOUT_REF }}
 
-      - name: Configure aws credentials
-        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
-        with:
-          role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_BUILD_PUBLISH_DEVELOP_PR }}
-          aws-region: ${{ secrets.AWS_REGION }}
-          mask-aws-account-id: true
-          role-session-name: "merge"
-
-      - uses: actions/cache/restore@v4.1.1
-        with:
-          path: dist/linux_amd64_v1
-          key: chainlink-amd64-${{ github.sha }}
-          fail-on-cache-miss: true
-
-      - uses: actions/cache/restore@v4.1.1
-        with:
-          path: dist/linux_arm64_v8.0
-          key: chainlink-arm64-${{ github.sha }}
-          fail-on-cache-miss: true
-
-      - name: Merge images for both architectures
-        uses: ./.github/actions/goreleaser-build-sign-publish
-        with:
-          docker-registry: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
-          docker-image-tag: ${{ needs.image-tag.outputs.image-tag }}
-          goreleaser-release-type: "merge"
-          goreleaser-config: .goreleaser.develop.yaml
-          goreleaser-key: ${{ secrets.GORELEASER_KEY }}
+      - name: Get image tag
+        id: get-image-tag
+        run: |
+          short_sha=$(git rev-parse --short HEAD)
+          echo "release-type=snapshot" | tee -a $GITHUB_OUTPUT
+          if [[ ${{ github.event_name }} == 'push' ]]; then
+            echo "image-tag=develop" | tee -a $GITHUB_OUTPUT
+            echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
+          elif [[ ${{ github.event_name }} == 'workflow_dispatch' ]]; then
+            echo "image-tag=${short_sha}" | tee -a $GITHUB_OUTPUT
+              if [[ "${{ inputs.build-publish }}" == 'false' ]]; then
+                echo "release-type=snapshot" | tee -a $GITHUB_OUTPUT
+              else
+                echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
+            fi
+          else
+            if [[ ${{ github.event_name }} == "pull_request" ]]; then
+              echo "image-tag=pr-${{ github.event.number }}-${short_sha}" | tee -a $GITHUB_OUTPUT
+              if [[ ${{ contains(github.event.pull_request.labels.*.name, 'build-publish') }} == "true" ]]; then
+                echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
+              fi
+            fi
+          fi
 
   split:
     name: "split-${{ matrix.goarch }}"
@@ -113,45 +105,52 @@ jobs:
 
       - name: Build images for ${{ matrix.goarch }}
         uses: ./.github/actions/goreleaser-build-sign-publish
-        if: steps.cache.outputs.cache-hit != 'true'
+        if: github.event_name == 'workflow_dispatch' || steps.cache.outputs.cache-hit != 'true'
         with:
           docker-registry: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
           docker-image-tag: ${{ needs.image-tag.outputs.image-tag }}
           goreleaser-release-type: ${{ needs.image-tag.outputs.release-type }}
           goreleaser-config: .goreleaser.develop.yaml
           goreleaser-key: ${{ secrets.GORELEASER_KEY }}
 
-  image-tag:
+  merge:
     runs-on: ubuntu-latest
-    outputs:
-      image-tag: ${{ steps.get-image-tag.outputs.image-tag }}
-      release-type: ${{ steps.get-image-tag.outputs.release-type }}
+    needs: [split, image-tag]
+    if: ${{ needs.image-tag.outputs.release-type == 'nightly' }}
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4.2.1
         with:
           ref: ${{ env.CHECKOUT_REF }}
 
-      - name: Get image tag
-        id: get-image-tag
-        run: |
-          short_sha=$(git rev-parse --short HEAD)
-          echo "release-type=snapshot" | tee -a $GITHUB_OUTPUT
-          if [[ ${{ github.event_name }} == 'push' ]]; then
-            echo "image-tag=develop" | tee -a $GITHUB_OUTPUT
-            echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
-          elif [[ ${{ github.event_name }} == 'workflow_dispatch' ]]; then
-            echo "image-tag=${short_sha}" | tee -a $GITHUB_OUTPUT
-              if [[ "${{ inputs.build-publish }}" == 'false' ]]; then
-                echo "release-type=snapshot" | tee -a $GITHUB_OUTPUT
-              else
-                echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
-            fi
-          else
-            if [[ ${{ github.event_name }} == "pull_request" ]]; then
-              echo "image-tag=pr-${{ github.event.number }}-${short_sha}" | tee -a $GITHUB_OUTPUT
-              if [[ ${{ contains(github.event.pull_request.labels.*.name, 'build-publish') }} == "true" ]]; then
-                echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
-              fi
-            fi
-          fi
+      - name: Configure aws credentials
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+        with:
+          role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_BUILD_PUBLISH_DEVELOP_PR }}
+          aws-region: ${{ secrets.AWS_REGION }}
+          mask-aws-account-id: true
+          role-session-name: "merge"
+
+      - uses: actions/cache/restore@v4.1.1
+        with:
+          path: dist/linux_amd64_v1
+          key: chainlink-amd64-${{ github.sha }}
+          fail-on-cache-miss: true
+
+      - uses: actions/cache/restore@v4.1.1
+        with:
+          path: dist/linux_arm64_v8.0
+          key: chainlink-arm64-${{ github.sha }}
+          fail-on-cache-miss: true
+
+      - name: Merge images for both architectures
+        uses: ./.github/actions/goreleaser-build-sign-publish
+        with:
+          docker-registry: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
+          docker-image-tag: ${{ needs.image-tag.outputs.image-tag }}
+          goreleaser-release-type: "merge"
+          goreleaser-config: .goreleaser.develop.yaml
+          goreleaser-key: ${{ secrets.GORELEASER_KEY }}

.github/workflows/build-publish.yml

@@ -7,18 +7,48 @@ on:
 
 env:
   ECR_HOSTNAME: public.ecr.aws
-  ECR_IMAGE_NAME: chainlink/chainlink
 
 jobs:
   checks:
     name: "Checks"
     runs-on: ubuntu-20.04
+    outputs:
+      git-tag-type: ${{ steps.check-git-tag-type.outputs.git-tag-type }}
+      ecr-image-name: ${{ steps.check-git-tag-type.outputs.ecr-image-name }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4.2.1
+      - name: Check git tag type
+        id: check-git-tag-type
+        shell: bash
+        env:
+          GIT_TAG: ${{ github.ref_name}}
+        run: |
+          # Check if git tag is related to CCIP
+          # Should match:
+          #   v1.0.0-ccip1.0.0-beta.1
+          #   v1.0.0-ccip1.0.0-rc.0
+          #   v1.0.0-ccip1.0.0
+          if [[ $GIT_TAG =~ ^v[0-9]+\.[0-9]+\.[0-9]+-ccip[0-9]+\.[0-9]+\.[0-9]+(-((beta|rc)\.[0-9]+))?$ ]]; then
+            echo "git-tag-type=ccip" | tee -a "$GITHUB_OUTPUT"
+            echo "ecr-image-name=chainlink/ccip" | tee -a "$GITHUB_OUTPUT"
+          else
+            echo "git-tag-type=core" | tee -a "$GITHUB_OUTPUT"
+            echo "ecr-image-name=chainlink/chainlink" | tee -a "$GITHUB_OUTPUT"
+          fi
+      - name: Fail if CCIP release has wrong version
+        if: ${{ steps.check-git-tag-type.outputs.git-tag-type == 'ccip' }}
+        run: |
+          version=$(jq -r '.version' ./package.json)
+          echo "Package version: $version"
+          echo "Git tag type: ${{ steps.check-git-tag-type.outputs.git-tag-type }}"
+          if [[ $version != *"-ccip"* ]]; then
+            echo "Error: Version '$version' does not match required CCIP format."
+            exit 1
+          fi
       - name: Check for VERSION file bump on tags
-        # Avoids checking VERSION file bump on forks.
-        if: ${{ github.repository == 'smartcontractkit/chainlink' }}
+        # Avoids checking VERSION file bump on forks or from CCIP releases.
+        if: ${{ github.repository == 'smartcontractkit/chainlink' && steps.check-git-tag-type.outputs.git-tag-type == 'core' }}
         uses: ./.github/actions/version-file-bump
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -47,7 +77,7 @@ jobs:
           aws-role-duration-seconds: ${{ secrets.AWS_ROLE_DURATION_SECONDS }}
           aws-region: ${{ secrets.AWS_REGION }}
           ecr-hostname: ${{ env.ECR_HOSTNAME }}
-          ecr-image-name: ${{ env.ECR_IMAGE_NAME }}
+          ecr-image-name: ${{ needs.checks.outputs.ecr-image-name }}
           dockerhub_username: ${{ secrets.DOCKERHUB_READONLY_USERNAME }}
           dockerhub_password: ${{ secrets.DOCKERHUB_READONLY_PASSWORD }}
           sign-images: true
@@ -57,13 +87,13 @@ jobs:
         uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
         with:
           subject-digest: ${{ steps.build-sign-publish.outputs.docker-image-digest }}
-          subject-name: ${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}
+          subject-name: ${{ env.ECR_HOSTNAME }}/${{ needs.checks.outputs.ecr-image-name }}
           push-to-registry: true
 
   # Notify Slack channel for new git tags.
   slack-notify:
     if: github.ref_type == 'tag'
-    needs: [build-sign-publish-chainlink]
+    needs: [checks, build-sign-publish-chainlink]
     runs-on: ubuntu-24.04
     environment: build-publish
     steps:
@@ -91,7 +121,7 @@ jobs:
               format(
                 '{0}/{1}:{2}', 
                 env.ECR_HOSTNAME, 
-                env.ECR_IMAGE_NAME, 
+                needs.checks.outputs.ecr-image-name,
                 needs.build-sign-publish-chainlink.outputs.docker-image-tag
               ) || ''
             }}

.github/workflows/flakeguard-nightly.yml

@@ -0,0 +1,22 @@
+name: Flakeguard Nightly
+
+on:
+  schedule:
+    # Run every night at 3:00 AM UTC
+    - cron: '0 3 * * *'
+  workflow_dispatch:
+
+jobs:
+  trigger-flaky-test-detection:
+    name: Find Flaky Tests
+    uses: ./.github/workflows/flakeguard.yml
+    with:
+      repoUrl: 'https://github.com/smartcontractkit/chainlink'
+      baseRef: 'origin/develop'
+      projectPath: '.'
+      maxPassRatio: '1.0'
+      runAllTests: true
+      extraArgs: '{ "skipped_tests": "TestChainComponents", "test_repeat_count": "5", "all_tests_runner": "ubuntu22.04-32cores-128GB", "all_tests_runner_count": "3", "run_with_race": "false" }'
+      slackNotificationAfterTestsChannelId: 'C07TRF65CNS' #flaky-test-detector-notifications
+    secrets:
+      SLACK_BOT_TOKEN: ${{ secrets.QA_SLACK_API_KEY }}

.github/workflows/flakeguard-on-demand.yml

@@ -1,9 +1,6 @@
 name: Flakeguard On Demand
 
 on:
-  schedule:
-    # Run every night at 3:00 AM UTC
-    - cron: '0 3 * * *'
   workflow_dispatch:
     inputs:
       repoUrl:
@@ -52,7 +49,7 @@ on:
       extraArgs:
         required: false
         type: string
-        default: '{ "skipped_tests": "TestChainComponents", "test_repeat_count": "5", "all_tests_runner": "ubuntu22.04-32cores-128GB", "all_tests_runner_count": "3", "min_pass_ratio": "0", "run_with_race": "false" }'
+        default: '{ "skipped_tests": "TestChainComponents", "test_repeat_count": "5", "all_tests_runner": "ubuntu22.04-32cores-128GB", "all_tests_runner_count": "3", "run_with_race": "false" }'
         description: 'JSON of extra arguments for the workflow.'    
 
 jobs: