Skip to content

Merge pull request #11392 from smartcontractkit/auto-7523-ocrk2keeper… #792

Merge pull request #11392 from smartcontractkit/auto-7523-ocrk2keeper…

Merge pull request #11392 from smartcontractkit/auto-7523-ocrk2keeper… #792

Workflow file for this run

name: 'Build Chainlink and Publish'
on:
# Mimics old circleci behaviour
push:
tags:
- 'v*'
branches:
- master
- 'release/**'
jobs:
checks:
name: 'Checks'
runs-on: ubuntu-20.04
steps:
- name: Checkout repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Check for VERSION file bump on tags
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
uses: ./.github/actions/version-file-bump
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
build-sign-publish-chainlink:
needs: [checks]
if: ${{ ! startsWith(github.ref_name, 'release/') }}
runs-on: ubuntu-20.04
environment: build-publish
permissions:
id-token: write
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Build, sign and publish chainlink image
uses: ./.github/actions/build-sign-publish-chainlink
with:
publish: true
aws-role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }}
aws-role-duration-seconds: ${{ secrets.AWS_ROLE_DURATION_SECONDS }}
aws-region: ${{ secrets.AWS_REGION }}
sign-images: true
sign-method: 'keypair'
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosign-public-key: ${{ secrets.COSIGN_PUBLIC_KEY }}
cosign-password: ${{ secrets.COSIGN_PASSWORD }}
verify-signature: true
- name: Collect Metrics
if: always()
id: collect-gha-metrics
uses: smartcontractkit/push-gha-metrics-action@f4d2fcbe12e9e44921e0171d24085ab7d2a30bc9 # v2.0.1
with:
basic-auth: ${{ secrets.GRAFANA_CLOUD_BASIC_AUTH }}
hostname: ${{ secrets.GRAFANA_CLOUD_HOST }}
this-job-name: build-sign-publish-chainlink
continue-on-error: true