From 84700202dd1da124bdc5a2f1d2f332fa99cd3e10 Mon Sep 17 00:00:00 2001 From: chainchad <96362174+chainchad@users.noreply.github.com> Date: Mon, 23 Dec 2024 17:57:44 -0500 Subject: [PATCH 01/10] Refactor to use composite action --- .github/actions/crib/action.yml | 148 ++++++++++++++++++++ .github/workflows/crib-integration-test.yml | 103 ++------------ 2 files changed, 161 insertions(+), 90 deletions(-) create mode 100644 .github/actions/crib/action.yml diff --git a/.github/actions/crib/action.yml b/.github/actions/crib/action.yml new file mode 100644 index 00000000000..7c45a95805a --- /dev/null +++ b/.github/actions/crib/action.yml @@ -0,0 +1,148 @@ +name: "CRIB Action" +description: "Spin up a CRIB environment. Optionally run tests and tear it down." + +inputs: + aws-role-duration-seconds: + description: "Duration in seconds for AWS role" + required: false + default: "3600" + aws-role-arn: + description: "AWS Role ARN for CRIB" + required: true + aws-region: + description: "AWS Region" + required: true + aws-account-id: + description: "AWS Account ID" + required: true + api-gw-host-crib: + description: "API Gateway Host for CRIB" + required: true + api-gw-host-k8s: + description: "API Gateway Host for K8s" + required: true + k8s-cluster-name: + description: "Kubernetes cluster name" + required: true + aws-token-issuer-role-arn: + description: "AWS Role ARN for token issuer" + required: true + aws-token-issuer-lambda-url: + description: "AWS Lambda URL for token issuer" + required: true + ingress-base-domain: + description: "Ingress base domain" + required: true + k8s-staging-ingress-suffix: + description: "K8S staging ingress suffix" + required: true + crib-alert-slack-webhook: + description: "CRIB alert Slack webhook" + required: true + crib-chainlink-docker-image-name: + description: "Docker image name" + required: true + crib-chainlink-docker-image-tag: + description: "Docker image tag" + required: true + crib-cleanup-ttl: + # See: https://kyverno.io/docs/writing-policies/cleanup/ + description: "Time to keep environment up for before destroying it. Examples: 15m, 1h, 3d" + required: false + default: "1h" + crib-destroy-environment: + description: "Whether to destroy the CRIB environment after testing" + required: false + default: "true" + integration-tests-run: + description: "Whether to run integration tests" + required: false + default: "true" + +runs: + using: "composite" + steps: + - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 + with: + nix_path: nixpkgs=channel:nixos-unstable + + - name: setup-gap crib + uses: smartcontractkit/.github/actions/setup-gap@7db14549894156db3c395e30b49f9d00754185ff # setup-gap@3.0.1 + with: + aws-role-duration-seconds: ${{ inputs.aws-role-duration-seconds }} + aws-role-arn: ${{ inputs.aws-role-arn }} + api-gateway-host: ${{ inputs.api-gw-host-crib }} + aws-region: ${{ inputs.aws-region }} + ecr-private-registry: ${{ inputs.aws-account-id }} + k8s-cluster-name: ${{ inputs.k8s-cluster-name }} + gap-name: crib + use-private-ecr-registry: true + use-tls: true + proxy-port: 8080 + + - name: setup-gap k8s + uses: smartcontractkit/.github/actions/setup-gap@7db14549894156db3c395e30b49f9d00754185ff # setup-gap@3.0.1 + with: + aws-role-duration-seconds: ${{ inputs.aws-role-duration-seconds }} + aws-role-arn: ${{ inputs.aws-role-arn }} + api-gateway-host: ${{ inputs.api-gw-host-k8s }} + aws-region: ${{ inputs.aws-region }} + ecr-private-registry: ${{ inputs.aws-account-id }} + k8s-cluster-name: ${{ inputs.k8s-cluster-name }} + gap-name: k8s + use-private-ecr-registry: true + use-k8s: true + proxy-port: 8443 + + - name: Setup GitHub token using GATI + id: token + uses: smartcontractkit/.github/actions/setup-github-token@c0b38e6c40d72d01b8d2f24f92623a2538b3dedb + with: + aws-role-arn: ${{ inputs.aws-token-issuer-role-arn }} + aws-lambda-url: ${{ inputs.aws-token-issuer-lambda-url }} + aws-region: ${{ inputs.aws-region }} + aws-role-duration-seconds: "1800" + + - name: Deploy and validate CRIB Environment for Core + uses: smartcontractkit/.github/actions/crib-deploy-environment@815e0d550527897746e889441407926d7e28169c + id: deploy-crib + with: + github-token: ${{ steps.token.outputs.access-token }} + aws-ecr-private-registry: ${{ inputs.aws-account-id }} + aws-region: ${{ inputs.aws-region }} + aws-role-arn: ${{ inputs.aws-role-arn }} + ingress-base-domain: ${{ inputs.ingress-base-domain }} + k8s-api-endpoint: ${{ inputs.api-gw-host-k8s }} + k8s-cluster-name: ${{ inputs.k8s-cluster-name }} + chainlink-team: releng + chainlink-product: crib + command: "core-dev-simulated-core-ocr1" + crib-alert-slack-webhook: ${{ inputs.crib-alert-slack-webhook }} + product-image: ${{ inputs.crib-chainlink-docker-image-name }} + product-image-tag: ${{ inputs.crib-chainlink-docker-image-tag }} + ns-ttl: ${{ inputs.crib-cleanup-ttl }} + + - name: Set up Go + uses: ./.github/actions/setup-go + with: + go-version-file: "go.mod" + + - name: Run CRIB integration test + if: integration-tests-run == 'true' + shell: bash + working-directory: integration-tests/crib + env: + K8S_STAGING_INGRESS_SUFFIX: ${{ inputs.k8s-staging-ingress-suffix }} + CRIB_NAMESPACE: ${{ steps.deploy-crib.outputs.devspace-namespace }} + CRIB_NETWORK: geth + CRIB_NODES: 5 + GAP_URL: ${{ inputs.api-gw-host-crib }} + SETH_LOG_LEVEL: info + TEST_PERSISTENCE: true + run: go test -v -run TestCRIBChaos + + - name: Destroy CRIB Environment + if: inputs.crib-destroy-environment == 'true' && always() && steps.deploy-crib.outputs.devspace-namespace != '' + uses: smartcontractkit/.github/actions/crib-purge-environment@c0b38e6c40d72d01b8d2f24f92623a2538b3dedb + with: + namespace: ${{ steps.deploy-crib.outputs.devspace-namespace }} diff --git a/.github/workflows/crib-integration-test.yml b/.github/workflows/crib-integration-test.yml index a6f995d57ba..6cbc0d2943c 100644 --- a/.github/workflows/crib-integration-test.yml +++ b/.github/workflows/crib-integration-test.yml @@ -6,9 +6,11 @@ on: schedule: - cron: "0 1 * * *" workflow_call: + concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true + jobs: test: runs-on: ubuntu-latest @@ -20,101 +22,22 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4.2.1 - - - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 with: - nix_path: nixpkgs=channel:nixos-unstable + persist-credentials: false - - name: setup-gap crib - uses: smartcontractkit/.github/actions/setup-gap@00b58566e0ee2761e56d9db0ea72b783fdb89b8d # setup-gap@0.4.0 + - name: Run CRIB Integration Tests + uses: ./.github/actions/crib with: - aws-role-duration-seconds: 3600 # 1 hour aws-role-arn: ${{ secrets.AWS_OIDC_CRIB_ROLE_ARN_STAGE }} - api-gateway-host: ${{ secrets.AWS_API_GW_HOST_CRIB_STAGE }} aws-region: ${{ secrets.AWS_REGION }} - ecr-private-registry: ${{ secrets.AWS_ACCOUNT_ID_PROD }} + aws-account-id: ${{ secrets.AWS_ACCOUNT_ID_PROD }} + api-gw-host-crib: ${{ secrets.AWS_API_GW_HOST_CRIB_STAGE }} + api-gw-host-k8s: ${{ secrets.AWS_API_GW_HOST_K8S_STAGE }} k8s-cluster-name: ${{ secrets.AWS_K8S_CLUSTER_NAME_STAGE }} - gap-name: crib - use-private-ecr-registry: true - use-tls: true - proxy-port: 8080 - metrics-job-name: "test" - gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }} - gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }} - gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }} - - - name: setup-gap k8s - uses: smartcontractkit/.github/actions/setup-gap@00b58566e0ee2761e56d9db0ea72b783fdb89b8d # setup-gap@0.4.0 - with: - aws-role-duration-seconds: 3600 # 1 hour - aws-role-arn: ${{ secrets.AWS_OIDC_CRIB_ROLE_ARN_STAGE }} - api-gateway-host: ${{ secrets.AWS_API_GW_HOST_K8S_STAGE }} - aws-region: ${{ secrets.AWS_REGION }} - ecr-private-registry: ${{ secrets.AWS_ACCOUNT_ID_PROD }} - k8s-cluster-name: ${{ secrets.AWS_K8S_CLUSTER_NAME_STAGE }} - gap-name: k8s - use-private-ecr-registry: true - use-k8s: true - proxy-port: 8443 - metrics-job-name: "test" - gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }} - gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }} - gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }} - - - name: Setup GitHub token using GATI - id: token - uses: smartcontractkit/.github/actions/setup-github-token@c0b38e6c40d72d01b8d2f24f92623a2538b3dedb # main - with: - aws-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }} - aws-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }} - aws-region: ${{ secrets.AWS_REGION }} - aws-role-duration-seconds: "1800" - - name: Debug workspace dir - shell: bash - run: | - echo ${{ github.workspace }} - echo $GITHUB_WORKSPACE - - - name: Deploy and validate CRIB Environment for Core - uses: smartcontractkit/.github/actions/crib-deploy-environment@815e0d550527897746e889441407926d7e28169c # crib-deploy-environment@7.4.0 - id: deploy-crib - with: - github-token: ${{ steps.token.outputs.access-token }} - aws-ecr-private-registry: ${{ secrets.AWS_ACCOUNT_ID_PROD }} - aws-region: ${{ secrets.AWS_REGION }} - aws-role-arn: ${{ secrets.AWS_OIDC_CRIB_ROLE_ARN_STAGE }} + aws-token-issuer-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }} + aws-token-issuer-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }} ingress-base-domain: ${{ secrets.INGRESS_BASE_DOMAIN_STAGE }} - k8s-api-endpoint: ${{ secrets.GAP_HOST_K8S_STAGE }} - k8s-cluster-name: ${{ secrets.AWS_K8S_CLUSTER_NAME_STAGE }} - chainlink-team: releng - chainlink-product: crib - command: "core-dev-simulated-core-ocr1" + k8s-staging-ingress-suffix: ${{ secrets.K8S_STAGING_INGRESS_SUFFIX }} crib-alert-slack-webhook: ${{ secrets.CRIB_ALERT_SLACK_WEBHOOK }} - product-image: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}/chainlink - product-image-tag: develop - - uses: actions/checkout@v4.2.1 - - name: Set up Go - uses: ./.github/actions/setup-go - with: - go-version-file: "go.mod" - - name: Run CRIB integration test - working-directory: integration-tests/crib - env: - K8S_STAGING_INGRESS_SUFFIX: ${{ secrets.K8S_STAGING_INGRESS_SUFFIX }} - CRIB_NAMESPACE: ${{ steps.deploy-crib.outputs.devspace-namespace }} - CRIB_NETWORK: geth - CRIB_NODES: 5 - GAP_URL: ${{ secrets.GAP_URL }} - SETH_LOG_LEVEL: info - # RESTY_DEBUG: true - TEST_PERSISTENCE: true - E2E_TEST_CHAINLINK_IMAGE: public.ecr.aws/chainlink/chainlink - E2E_TEST_CHAINLINK_VERSION: latest - run: |- - go test -v -run TestCRIBChaos - - name: Destroy CRIB Environment - id: destroy - if: always() && steps.deploy-crib.outputs.devspace-namespace != '' - uses: smartcontractkit/.github/actions/crib-purge-environment@c0b38e6c40d72d01b8d2f24f92623a2538b3dedb # crib-purge-environment@0.1.0 - with: - namespace: ${{ steps.deploy-crib.outputs.devspace-namespace }} + crib-chainlink-docker-image-name: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}/chainlink + crib-chainlink-docker-image-tag: develop From 1bc9c66fc6a62bac4f7c19e5ab38642c78b0a64f Mon Sep 17 00:00:00 2001 From: chainchad <96362174+chainchad@users.noreply.github.com> Date: Mon, 23 Dec 2024 17:58:00 -0500 Subject: [PATCH 02/10] Fix bug to get only tagged image --- .github/actions/build-sign-publish-chainlink/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/build-sign-publish-chainlink/action.yml b/.github/actions/build-sign-publish-chainlink/action.yml index b0e70b742d5..24d9884d7f7 100644 --- a/.github/actions/build-sign-publish-chainlink/action.yml +++ b/.github/actions/build-sign-publish-chainlink/action.yml @@ -210,12 +210,12 @@ runs: IMAGES_NAME_RAW=${{ fromJSON(steps.buildpush-nonroot.outputs.metadata)['image.name'] }} IMAGE_DIGEST=${{ fromJSON(steps.buildpush-nonroot.outputs.metadata)['containerimage.digest'] }} IMAGE_NAME=$(echo "$IMAGES_NAME_RAW" | cut -d"," -f1) - IMAGE_TAG=$(echo "$IMAGES_NAME_RAW" | cut -d":" -f2) + IMAGE_TAG=$(echo "$IMAGE_NAME" | cut -d":" -f2) echo "nonroot_image_name=${IMAGE_NAME}" >> $GITHUB_ENV echo "nonroot_image_digest=${IMAGE_DIGEST}" >> $GITHUB_ENV echo '### Docker Image' >> $GITHUB_STEP_SUMMARY - echo "Image Name: ${IMAGE_NAME}" >> $GITHUB_STEP_SUMMARY - echo "Image Digest: ${IMAGE_DIGEST}" >> $GITHUB_STEP_SUMMARY + echo "Image Name: ${IMAGE_NAME}" >> $GITHUB_STEP_SUMMARY + echo "Image Digest: ${IMAGE_DIGEST}" >> $GITHUB_STEP_SUMMARY echo "image-tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT echo "image-digest=${IMAGE_DIGEST}" >> $GITHUB_OUTPUT From e96c526b1b76bd9d5d2a34cae2ec2897a9ed1a3f Mon Sep 17 00:00:00 2001 From: chainchad <96362174+chainchad@users.noreply.github.com> Date: Mon, 23 Dec 2024 17:58:20 -0500 Subject: [PATCH 03/10] Launch CRIB on pre-release tags --- .github/workflows/build-publish.yml | 38 +++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml index 2889ee5e5ea..a5d381ca526 100644 --- a/.github/workflows/build-publish.yml +++ b/.github/workflows/build-publish.yml @@ -15,6 +15,8 @@ jobs: outputs: git-tag-type: ${{ steps.check-git-tag-type.outputs.git-tag-type }} ecr-image-name: ${{ steps.check-git-tag-type.outputs.ecr-image-name }} + is-release: ${{ steps.release-tag-check.outputs.is-release }} + is-pre-release: ${{ steps.release-tag-check.outputs.is-pre-release }} steps: - name: Checkout repository uses: actions/checkout@v4.2.1 @@ -36,6 +38,9 @@ jobs: echo "git-tag-type=core" | tee -a "$GITHUB_OUTPUT" echo "ecr-image-name=chainlink/chainlink" | tee -a "$GITHUB_OUTPUT" fi + - name: Check release tag + id: release-tag-check + uses: smartcontractkit/.github/actions/release-tag-check@re-2954/migrate-release-tag-check-action # TODO: set version/commit when released - name: Fail if CCIP release has wrong version if: ${{ steps.check-git-tag-type.outputs.git-tag-type == 'ccip' }} run: | @@ -130,3 +135,36 @@ jobs: github.ref_type == 'tag' && needs.build-sign-publish-chainlink.outputs.docker-image-digest || '' }} + crib: + needs: [checks, build-sign-publish-chainlink] + # Only spin up CRIB on pre-releases (beta, rc). + if: needs.checks.outputs.is-pre-release == 'true' + runs-on: ubuntu-latest + environment: integration + permissions: + id-token: write + contents: read + actions: read + steps: + - name: Checkout repository + uses: actions/checkout@v4.2.1 + with: + persist-credentials: false + + - name: Run Core CRIB Integration Tests + uses: ./.github/actions/crib + with: + aws-role-arn: ${{ secrets.AWS_OIDC_CRIB_ROLE_ARN_STAGE }} + aws-region: ${{ secrets.AWS_REGION }} + aws-account-id: ${{ secrets.AWS_ACCOUNT_ID_PROD }} + api-gw-host-crib: ${{ secrets.AWS_API_GW_HOST_CRIB_STAGE }} + api-gw-host-k8s: ${{ secrets.AWS_API_GW_HOST_K8S_STAGE }} + k8s-cluster-name: ${{ secrets.AWS_K8S_CLUSTER_NAME_STAGE }} + aws-token-issuer-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }} + aws-token-issuer-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }} + ingress-base-domain: ${{ secrets.INGRESS_BASE_DOMAIN_STAGE }} + k8s-staging-ingress-suffix: ${{ secrets.K8S_STAGING_INGRESS_SUFFIX }} + crib-alert-slack-webhook: ${{ secrets.CRIB_ALERT_SLACK_WEBHOOK }} + crib-chainlink-docker-image-name: ${{ format('{0}/{1}', env.ECR_HOSTNAME, needs.checks.outputs.ecr-image-name) }} + crib-chainlink-docker-image-tag: ${{ needs.build-sign-publish-chainlink.outputs.docker-image-tag}} + crib-cleanup-ttl: "3d" From ab2a32a40367effcb9e1f3f355b855a7ca70d142 Mon Sep 17 00:00:00 2001 From: chainchad <96362174+chainchad@users.noreply.github.com> Date: Tue, 24 Dec 2024 10:18:02 -0500 Subject: [PATCH 04/10] Use pinned sha versions for actions --- .github/actions/crib/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/crib/action.yml b/.github/actions/crib/action.yml index 7c45a95805a..4a84f7cc64c 100644 --- a/.github/actions/crib/action.yml +++ b/.github/actions/crib/action.yml @@ -96,7 +96,7 @@ runs: - name: Setup GitHub token using GATI id: token - uses: smartcontractkit/.github/actions/setup-github-token@c0b38e6c40d72d01b8d2f24f92623a2538b3dedb + uses: smartcontractkit/.github/actions/setup-github-token@ef78fa97bf3c77de6563db1175422703e9e6674f # setup-github-token@0.2.1 with: aws-role-arn: ${{ inputs.aws-token-issuer-role-arn }} aws-lambda-url: ${{ inputs.aws-token-issuer-lambda-url }} @@ -104,7 +104,7 @@ runs: aws-role-duration-seconds: "1800" - name: Deploy and validate CRIB Environment for Core - uses: smartcontractkit/.github/actions/crib-deploy-environment@815e0d550527897746e889441407926d7e28169c + uses: smartcontractkit/.github/actions/crib-deploy-environment@815e0d550527897746e889441407926d7e28169c # crib-deploy-environment@7.4.0 id: deploy-crib with: github-token: ${{ steps.token.outputs.access-token }} @@ -143,6 +143,6 @@ runs: - name: Destroy CRIB Environment if: inputs.crib-destroy-environment == 'true' && always() && steps.deploy-crib.outputs.devspace-namespace != '' - uses: smartcontractkit/.github/actions/crib-purge-environment@c0b38e6c40d72d01b8d2f24f92623a2538b3dedb + uses: smartcontractkit/.github/actions/crib-purge-environment@142671bc21953c8cc3edbd21848c50b5ec201c2a # crib-purge-environment@0.3.0 with: namespace: ${{ steps.deploy-crib.outputs.devspace-namespace }} From 5d280cb9c4d6658fa87bec38bc1d5348211a4002 Mon Sep 17 00:00:00 2001 From: chainchad <96362174+chainchad@users.noreply.github.com> Date: Tue, 24 Dec 2024 10:20:43 -0500 Subject: [PATCH 05/10] Use released version of action --- .github/workflows/build-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml index a5d381ca526..131ea2752ca 100644 --- a/.github/workflows/build-publish.yml +++ b/.github/workflows/build-publish.yml @@ -40,7 +40,7 @@ jobs: fi - name: Check release tag id: release-tag-check - uses: smartcontractkit/.github/actions/release-tag-check@re-2954/migrate-release-tag-check-action # TODO: set version/commit when released + uses: smartcontractkit/.github/actions/release-tag-check@c5c4a8186da4218cff6cac8184e47dd3dec69ba3 # release-tag-check@0.1.0 - name: Fail if CCIP release has wrong version if: ${{ steps.check-git-tag-type.outputs.git-tag-type == 'ccip' }} run: | From ca6323949365f8a089cce8e633ed48aefb4b8cd6 Mon Sep 17 00:00:00 2001 From: chainchad <96362174+chainchad@users.noreply.github.com> Date: Tue, 24 Dec 2024 15:03:22 -0500 Subject: [PATCH 06/10] Fix k8s api endpoint input for crib action --- .github/actions/crib/action.yml | 5 ++++- .github/workflows/build-publish.yml | 1 + .github/workflows/crib-integration-test.yml | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/actions/crib/action.yml b/.github/actions/crib/action.yml index 4a84f7cc64c..30421e5a681 100644 --- a/.github/actions/crib/action.yml +++ b/.github/actions/crib/action.yml @@ -21,6 +21,9 @@ inputs: api-gw-host-k8s: description: "API Gateway Host for K8s" required: true + k8s-api-endpoint: + description: "Kubernetes API endpoint" + required: true k8s-cluster-name: description: "Kubernetes cluster name" required: true @@ -112,7 +115,7 @@ runs: aws-region: ${{ inputs.aws-region }} aws-role-arn: ${{ inputs.aws-role-arn }} ingress-base-domain: ${{ inputs.ingress-base-domain }} - k8s-api-endpoint: ${{ inputs.api-gw-host-k8s }} + k8s-api-endpoint: ${{ inputs.k8s-api-endpoint }} k8s-cluster-name: ${{ inputs.k8s-cluster-name }} chainlink-team: releng chainlink-product: crib diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml index 383ebafa455..1161ce8c2b5 100644 --- a/.github/workflows/build-publish.yml +++ b/.github/workflows/build-publish.yml @@ -165,6 +165,7 @@ jobs: aws-account-id: ${{ secrets.AWS_ACCOUNT_ID_PROD }} api-gw-host-crib: ${{ secrets.AWS_API_GW_HOST_CRIB_STAGE }} api-gw-host-k8s: ${{ secrets.AWS_API_GW_HOST_K8S_STAGE }} + k8s-api-endpoint: ${{ secrets.GAP_HOST_K8S_STAGE }} k8s-cluster-name: ${{ secrets.AWS_K8S_CLUSTER_NAME_STAGE }} aws-token-issuer-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }} aws-token-issuer-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }} diff --git a/.github/workflows/crib-integration-test.yml b/.github/workflows/crib-integration-test.yml index 6cbc0d2943c..b1e400cb725 100644 --- a/.github/workflows/crib-integration-test.yml +++ b/.github/workflows/crib-integration-test.yml @@ -33,6 +33,7 @@ jobs: aws-account-id: ${{ secrets.AWS_ACCOUNT_ID_PROD }} api-gw-host-crib: ${{ secrets.AWS_API_GW_HOST_CRIB_STAGE }} api-gw-host-k8s: ${{ secrets.AWS_API_GW_HOST_K8S_STAGE }} + k8s-api-endpoint: ${{ secrets.GAP_HOST_K8S_STAGE }} k8s-cluster-name: ${{ secrets.AWS_K8S_CLUSTER_NAME_STAGE }} aws-token-issuer-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }} aws-token-issuer-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }} From e38e3b2b8cd614ef77e4b54ec16c0448ef363aeb Mon Sep 17 00:00:00 2001 From: chainchad <96362174+chainchad@users.noreply.github.com> Date: Fri, 27 Dec 2024 11:47:04 -0500 Subject: [PATCH 07/10] Fix conditional with input prefix --- .github/actions/crib/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/crib/action.yml b/.github/actions/crib/action.yml index 30421e5a681..bcc96bb0c16 100644 --- a/.github/actions/crib/action.yml +++ b/.github/actions/crib/action.yml @@ -131,7 +131,7 @@ runs: go-version-file: "go.mod" - name: Run CRIB integration test - if: integration-tests-run == 'true' + if: inputs.integration-tests-run == 'true' shell: bash working-directory: integration-tests/crib env: From 4c6d87f57ddb7851402ff97c318ed4d44fba6efb Mon Sep 17 00:00:00 2001 From: chainchad <96362174+chainchad@users.noreply.github.com> Date: Sat, 28 Dec 2024 10:10:56 -0500 Subject: [PATCH 08/10] Revert to previously working setup-gap actions --- .github/actions/crib/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/crib/action.yml b/.github/actions/crib/action.yml index bcc96bb0c16..609f2b28ded 100644 --- a/.github/actions/crib/action.yml +++ b/.github/actions/crib/action.yml @@ -70,7 +70,7 @@ runs: nix_path: nixpkgs=channel:nixos-unstable - name: setup-gap crib - uses: smartcontractkit/.github/actions/setup-gap@7db14549894156db3c395e30b49f9d00754185ff # setup-gap@3.0.1 + uses: smartcontractkit/.github/actions/setup-gap@00b58566e0ee2761e56d9db0ea72b783fdb89b8d # setup-gap@0.4.0 with: aws-role-duration-seconds: ${{ inputs.aws-role-duration-seconds }} aws-role-arn: ${{ inputs.aws-role-arn }} @@ -84,7 +84,7 @@ runs: proxy-port: 8080 - name: setup-gap k8s - uses: smartcontractkit/.github/actions/setup-gap@7db14549894156db3c395e30b49f9d00754185ff # setup-gap@3.0.1 + uses: smartcontractkit/.github/actions/setup-gap@00b58566e0ee2761e56d9db0ea72b783fdb89b8d # setup-gap@0.4.0 with: aws-role-duration-seconds: ${{ inputs.aws-role-duration-seconds }} aws-role-arn: ${{ inputs.aws-role-arn }} From 2dc612e5ce40c4096441a7d24ab5b5ad1b2ab9cc Mon Sep 17 00:00:00 2001 From: chainchad <96362174+chainchad@users.noreply.github.com> Date: Sat, 28 Dec 2024 10:20:37 -0500 Subject: [PATCH 09/10] Add required env vars back for integration tests --- .github/actions/crib/action.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/crib/action.yml b/.github/actions/crib/action.yml index 609f2b28ded..5e1f401d425 100644 --- a/.github/actions/crib/action.yml +++ b/.github/actions/crib/action.yml @@ -142,6 +142,8 @@ runs: GAP_URL: ${{ inputs.api-gw-host-crib }} SETH_LOG_LEVEL: info TEST_PERSISTENCE: true + E2E_TEST_CHAINLINK_IMAGE: public.ecr.aws/chainlink/chainlink + E2E_TEST_CHAINLINK_VERSION: latest run: go test -v -run TestCRIBChaos - name: Destroy CRIB Environment From a621f5064ff288b66bceac6bb967bb5443e2d72b Mon Sep 17 00:00:00 2001 From: chainchad <96362174+chainchad@users.noreply.github.com> Date: Sat, 28 Dec 2024 10:57:40 -0500 Subject: [PATCH 10/10] Add GAP URL for integration tests --- .github/actions/crib/action.yml | 5 ++++- .github/workflows/build-publish.yml | 1 + .github/workflows/crib-integration-test.yml | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/actions/crib/action.yml b/.github/actions/crib/action.yml index 5e1f401d425..79715cca0d2 100644 --- a/.github/actions/crib/action.yml +++ b/.github/actions/crib/action.yml @@ -39,6 +39,9 @@ inputs: k8s-staging-ingress-suffix: description: "K8S staging ingress suffix" required: true + gap-url-integration-tests: + description: "GAP URL for integration tests" + required: true crib-alert-slack-webhook: description: "CRIB alert Slack webhook" required: true @@ -139,7 +142,7 @@ runs: CRIB_NAMESPACE: ${{ steps.deploy-crib.outputs.devspace-namespace }} CRIB_NETWORK: geth CRIB_NODES: 5 - GAP_URL: ${{ inputs.api-gw-host-crib }} + GAP_URL: ${{ inputs.gap-url-integration-tests }} SETH_LOG_LEVEL: info TEST_PERSISTENCE: true E2E_TEST_CHAINLINK_IMAGE: public.ecr.aws/chainlink/chainlink diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml index 1161ce8c2b5..80efa0f3b71 100644 --- a/.github/workflows/build-publish.yml +++ b/.github/workflows/build-publish.yml @@ -171,6 +171,7 @@ jobs: aws-token-issuer-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }} ingress-base-domain: ${{ secrets.INGRESS_BASE_DOMAIN_STAGE }} k8s-staging-ingress-suffix: ${{ secrets.K8S_STAGING_INGRESS_SUFFIX }} + gap-url-integration-tests: ${{ secrets.GAP_URL }} crib-alert-slack-webhook: ${{ secrets.CRIB_ALERT_SLACK_WEBHOOK }} crib-chainlink-docker-image-name: ${{ format('{0}/{1}', env.ECR_HOSTNAME, needs.checks.outputs.ecr-image-name) }} crib-chainlink-docker-image-tag: ${{ needs.build-sign-publish-chainlink.outputs.docker-image-tag}} diff --git a/.github/workflows/crib-integration-test.yml b/.github/workflows/crib-integration-test.yml index b1e400cb725..df29b2e1b6a 100644 --- a/.github/workflows/crib-integration-test.yml +++ b/.github/workflows/crib-integration-test.yml @@ -39,6 +39,7 @@ jobs: aws-token-issuer-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }} ingress-base-domain: ${{ secrets.INGRESS_BASE_DOMAIN_STAGE }} k8s-staging-ingress-suffix: ${{ secrets.K8S_STAGING_INGRESS_SUFFIX }} + gap-url-integration-tests: ${{ secrets.GAP_URL }} crib-alert-slack-webhook: ${{ secrets.CRIB_ALERT_SLACK_WEBHOOK }} crib-chainlink-docker-image-name: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}/chainlink crib-chainlink-docker-image-tag: develop