VRF zero confirmation delay #3377

Workflow file for this run

.github/workflows/build-publish-pr.yml at e480161

	name: "Build and Publish from PR"

	##
	# This workflow builds and publishes a Docker image for Chainlink from a PR.
	# It has its own special IAM role, does not sign the image, and publishes to
	# a special ECR repo.
	##

	on:
	pull_request:

	jobs:
	build-publish-untrusted:
	if: ${{ ! startsWith(github.ref_name, 'release/') }}
	runs-on: ubuntu-20.04
	environment: sdlc
	permissions:
	id-token: write
	contents: read
	env:
	ECR_IMAGE_NAME: crib-chainlink-untrusted
	steps:
	- name: Checkout repository
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	- name: Git Short SHA
	shell: bash
	env:
	GIT_PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
	run: \|
	echo "GIT_SHORT_SHA=${GIT_PR_HEAD_SHA:0:7}" \| tee -a "$GITHUB_ENV"

	- name: Check if image exists
	id: check-image
	uses: smartcontractkit/chainlink-github-actions/docker/image-exists@92e0f299a87522c2a37bfc4686c4d8a96dc9d28b # v2.3.5
	with:
	repository: ${{ env.ECR_IMAGE_NAME}}
	tag: sha-${{ env.GIT_SHORT_SHA }}
	AWS_REGION: ${{ secrets.AWS_REGION }}
	AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_OIDC_IAM_ROLE_PUBLISH_PR_ARN }}

	- name: Build and publish chainlink image
	if: steps.check-image.outputs.exists == 'false'
	uses: ./.github/actions/build-sign-publish-chainlink
	with:
	publish: true
	aws-role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_PUBLISH_PR_ARN }}
	aws-role-duration-seconds: ${{ secrets.AWS_ROLE_DURATION_SECONDS_DEFAULT }}
	aws-region: ${{ secrets.AWS_REGION }}
	sign-images: false
	ecr-hostname: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
	ecr-image-name: ${{ env.ECR_IMAGE_NAME }}
	dockerhub_username: ${{ secrets.DOCKERHUB_READONLY_USERNAME }}
	dockerhub_password: ${{ secrets.DOCKERHUB_READONLY_PASSWORD }}

	- name: Get PR labels
	id: pr-labels
	env:
	GH_TOKEN: ${{ github.token }}
	PR_NUMBER: ${{ github.event.number }}
	run: \|
	RESPONSE=$(gh pr view ${PR_NUMBER} --json labels)
	# Check if the labels command was successful
	if [[ $? -ne 0 ]]; then
	echo "Error fetching labels"
	exit 1
	fi
	echo "RESPONSE=${RESPONSE}"
	LABELS=$(echo "$RESPONSE" \| jq -r '.labels \| map(.name) \| join(", ")')
	# Check if any labels were found
	if [[ -z "${LABELS:-}" ]]; then
	echo "No labels found"
	else
	echo "labels=${LABELS}" \| tee -a "${GITHUB_OUTPUT}"
	fi

	- name: Setup GAP
	if: contains(steps.pr-labels.outputs.labels, 'crib')
	uses: smartcontractkit/.github/actions/setup-gap@main
	with:
	aws-region: ${{ secrets.AWS_REGION }}
	aws-role-arn: ${{ secrets.AWS_OIDC_IAM_ROLE_PUBLISH_PR_ARN }}
	api-gateway-host: ${{ secrets.AWS_API_GW_HOST_ARGO_SAND }}
	use-argocd: "true"
	argocd-user: ${{ secrets.ARGOCD_USER_SAND }}
	argocd-pass: ${{ secrets.ARGOCD_PASS_SAND }}

	# Run an Argo CD sync after the image is built.
	- name: Argo CD App Sync
	if: contains(steps.pr-labels.outputs.labels, 'crib')
	shell: bash
	env:
	PR_NUMBER: ${{ github.event.number }}
	run: \|
	argocd app sync \
	--plaintext \
	--grpc-web \
	--async \
	"crib-chainlink-${PR_NUMBER}"

	- name: Collect Metrics
	if: always()
	id: collect-gha-metrics
	uses: smartcontractkit/push-gha-metrics-action@0281b09807758be1dcc41651e44e62b353808c47 # v2.1.0
	with:
	org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
	basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
	hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
	this-job-name: build-publish-untrusted
	continue-on-error: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

VRF zero confirmation delay #3377

Workflow file

VRF zero confirmation delay #3377

Jobs

Run details

Workflow file for this run