-
Notifications
You must be signed in to change notification settings - Fork 1.7k
164 lines (150 loc) · 5.78 KB
/
build-publish-develop-pr.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
name: "Build and Publish GoReleaser"
on:
pull_request:
# The default types are opened, synchronize, and reopened
# See https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request
# We add a label trigger too, since when the build-publish label is added to a PR, we want to build and publish
types:
- opened
- synchronize
- reopened
- labeled
push:
branches:
- develop
workflow_dispatch:
inputs:
git_ref:
description: "The git ref to check out"
required: true
build-publish:
description: "Whether to build and publish - defaults to just build"
required: false
default: "false"
env:
# Use github.sha here otherwise a race condition exists if
# a commit is pushed to develop before merge is run.
CHECKOUT_REF: ${{ github.event.inputs.git_ref || github.sha }}
jobs:
image-tag:
runs-on: ubuntu-latest
outputs:
image-tag: ${{ steps.get-image-tag.outputs.image-tag }}
release-type: ${{ steps.get-image-tag.outputs.release-type }}
steps:
- name: Checkout repository
uses: actions/[email protected]
with:
persist-credentials: false
ref: ${{ env.CHECKOUT_REF }}
- name: Get image tag
id: get-image-tag
env:
GH_EVENT_NAME: ${{ github.event_name }}
GH_EVENT_NUMBER: ${{ github.event.number }}
GH_INPUTS_BUILD_PUBLISH: ${{ inputs.build-publish }}
LABEL_HAS_BUILD_PUBLISH: ${{ contains(github.event.pull_request.labels.*.name, 'build-publish') }}
run: |
short_sha=$(git rev-parse --short HEAD)
echo "release-type=snapshot" | tee -a $GITHUB_OUTPUT
if [[ $GH_EVENT_NAME == 'push' ]]; then
echo "image-tag=develop" | tee -a $GITHUB_OUTPUT
echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
elif [[ $GH_EVENT_NAME == 'workflow_dispatch' ]]; then
echo "image-tag=${short_sha}" | tee -a $GITHUB_OUTPUT
if [[ "$GH_INPUTS_BUILD_PUBLISH" == 'false' ]]; then
echo "release-type=snapshot" | tee -a $GITHUB_OUTPUT
else
echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
fi
else
if [[ $GH_EVENT_NAME == "pull_request" ]]; then
echo "image-tag=pr-${GH_EVENT_NUMBER}-${short_sha}" | tee -a $GITHUB_OUTPUT
if [[ $LABEL_HAS_BUILD_PUBLISH == "true" ]]; then
echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
fi
fi
fi
split:
name: "split-${{ matrix.goarch }}"
needs: image-tag
runs-on: ${{ matrix.runner }}
permissions:
id-token: write
contents: read
strategy:
fail-fast: false
matrix:
include:
- runner: ubuntu-latest
goarch: amd64
dist_name: linux_amd64_v1
- runner: ubuntu-24.04-4cores-16GB-ARM
goarch: arm64
dist_name: linux_arm64_v8.0
steps:
- name: Checkout repository
uses: actions/[email protected]
with:
persist-credentials: false
ref: ${{ env.CHECKOUT_REF }}
fetch-depth: 0
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_BUILD_PUBLISH_DEVELOP_PR }}
aws-region: ${{ secrets.AWS_REGION }}
mask-aws-account-id: true
role-session-name: "split-${{ matrix.goarch }}"
- id: cache
uses: actions/[email protected]
with:
path: dist/${{ matrix.dist_name }}
key: chainlink-${{ matrix.goarch }}-${{ github.sha }}
- name: Build images for ${{ matrix.goarch }}
uses: ./.github/actions/goreleaser-build-sign-publish
if: github.event_name == 'workflow_dispatch' || steps.cache.outputs.cache-hit != 'true'
with:
docker-registry: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
docker-image-tag: ${{ needs.image-tag.outputs.image-tag }}
goreleaser-release-type: ${{ needs.image-tag.outputs.release-type }}
goreleaser-config: .goreleaser.develop.yaml
goreleaser-key: ${{ secrets.GORELEASER_KEY }}
merge:
runs-on: ubuntu-latest
needs: [split, image-tag]
if: ${{ needs.image-tag.outputs.release-type == 'nightly' }}
permissions:
id-token: write
contents: read
steps:
- name: Checkout repository
uses: actions/[email protected]
with:
persist-credentials: false
ref: ${{ env.CHECKOUT_REF }}
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_BUILD_PUBLISH_DEVELOP_PR }}
aws-region: ${{ secrets.AWS_REGION }}
mask-aws-account-id: true
role-session-name: "merge"
- uses: actions/cache/[email protected]
with:
path: dist/linux_amd64_v1
key: chainlink-amd64-${{ github.sha }}
fail-on-cache-miss: true
- uses: actions/cache/[email protected]
with:
path: dist/linux_arm64_v8.0
key: chainlink-arm64-${{ github.sha }}
fail-on-cache-miss: true
- name: Merge images for both architectures
uses: ./.github/actions/goreleaser-build-sign-publish
with:
docker-registry: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
docker-image-tag: ${{ needs.image-tag.outputs.image-tag }}
goreleaser-release-type: "merge"
goreleaser-config: .goreleaser.develop.yaml
goreleaser-key: ${{ secrets.GORELEASER_KEY }}