Merge pull request #11887 from smartcontractkit/chore/release-2.8.0-t…

…o-master Chore/release 2.8.0 to master
smartcontractkit · Feb 5, 2024 · 8d415c1 · 8d415c1
2 parents 0a3cece + 3c1d028
commit 8d415c1
Show file tree

Hide file tree

Showing 1,473 changed files with 56,581 additions and 39,616 deletions.
diff --git a/.github/actions/build-chainlink-image/action.yml b/.github/actions/build-chainlink-image/action.yml
@@ -0,0 +1,48 @@
+name: Build Chainlink Image
+description: A composite action that allows building and publishing the Chainlink image for integration testing
+
+inputs:
+  tag_suffix:
+    description: The suffix to append to the image tag (usually blank or "-plugins")
+    default: ""
+  dockerfile:
+    description: The path to the Dockerfile to use (usually core/chainlink.Dockerfile or plugins/chainlink.Dockerfile)
+    default: core/chainlink.Dockerfile
+  git_commit_sha:
+    description: The git commit sha to use for the image tag
+    default: ${{ github.sha }}
+  GRAFANA_CLOUD_BASIC_AUTH:
+    description: "grafana cloud basic auth"
+  GRAFANA_CLOUD_HOST:
+    description: "grafana cloud hostname"
+  AWS_REGION:
+    description: "AWS region to use for ECR"
+  AWS_ROLE_TO_ASSUME:
+    description: "AWS role to assume for ECR"
+
+runs:
+  using: composite
+  steps:
+    - name: Check if image exists
+      id: check-image
+      uses: smartcontractkit/chainlink-github-actions/docker/image-exists@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
+      with:
+        repository: chainlink
+        tag: ${{ inputs.git_commit_sha }}${{ inputs.tag_suffix }}
+        AWS_REGION: ${{ inputs.AWS_REGION }}
+        AWS_ROLE_TO_ASSUME: ${{ inputs.AWS_ROLE_TO_ASSUME }}
+    - name: Build Image
+      if: steps.check-image.outputs.exists == 'false'
+      uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/build-image@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
+      with:
+        cl_repo: smartcontractkit/chainlink
+        cl_ref: ${{ inputs.git_commit_sha }}
+        cl_dockerfile: ${{ inputs.dockerfile }}
+        push_tag: ${{ env.CHAINLINK_IMAGE }}:${{ inputs.git_commit_sha }}${{ inputs.tag_suffix }}
+        QA_AWS_REGION: ${{ inputs.AWS_REGION }}
+        QA_AWS_ROLE_TO_ASSUME: ${{ inputs.AWS_ROLE_TO_ASSUME }}
+    - name: Print Chainlink Image Built
+      shell: sh
+      run: |
+        echo "### Chainlink node image tag used for this test run :link:" >>$GITHUB_STEP_SUMMARY
+        echo "\`${GITHUB_SHA}\`" >>$GITHUB_STEP_SUMMARY
diff --git a/.github/actions/build-sign-publish-chainlink/action.yml b/.github/actions/build-sign-publish-chainlink/action.yml
@@ -13,6 +13,12 @@ inputs:
     description: Path to the Dockerfile (relative to the repo root)
     default: core/chainlink.Dockerfile
     required: false
+  dockerhub_username:
+    description: Username for Docker Hub to avoid rate limits when pulling public images
+    required: false
+  dockerhub_password:
+    description: Password for Docker Hub to avoid rate limits when pulling public images
+    required: false
   ecr-hostname:
     description: The ECR registry scope
     default: public.ecr.aws
@@ -28,7 +34,7 @@ inputs:
     required: false
   git-commit-sha:
     description: Git commit SHA used as metadata when building the application (appears in logs)
-    default: ${{ github.sha }}
+    default: ${{ github.event.pull_request.head.sha || github.sha }}
     required: false
   aws-role-to-assume:
     description: The AWS role to assume as the CD user, if any. Used in configuring the docker/login-action
@@ -67,7 +73,7 @@ runs:
   using: composite
   steps:
     - name: Set shared variables
-      shell: sh
+      shell: bash
       # See https://docs.github.com/en/actions/learn-github-actions/workflow-commands-for-github-actions#multiline-strings
       run: |
         SHARED_IMAGES=${{ inputs.ecr-hostname }}/${{ inputs.ecr-image-name }}
@@ -99,7 +105,7 @@ runs:
     - if: inputs.publish == 'true'
       # Log in to AWS for publish to ECR
       name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
+      uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
       with:
         role-to-assume: ${{ inputs.aws-role-to-assume }}
         role-duration-seconds: ${{ inputs.aws-role-duration-seconds }}
@@ -112,11 +118,13 @@ runs:
         registry: ${{ inputs.ecr-hostname }}
 
     - name: Setup Docker Buildx
-      uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
+      uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
 
     - name: Generate docker metadata for root image
       id: meta-root
-      uses: docker/metadata-action@c4ee3adeed93b1fa6a762f209fb01608c1a22f1e # v4.4.4
+      uses: docker/metadata-action@2c0bd771b40637d97bf205cbccdd294a32112176 # v4.5.0
+      env:
+        DOCKER_METADATA_PR_HEAD_SHA: "true"
       with:
         # list of Docker images to use as base name for tags
         images: ${{ env.shared-images }}
@@ -126,9 +134,17 @@ runs:
           type=semver,pattern={{version}},suffix=${{ inputs.ecr-tag-suffix }}-root
           type=sha,format=short,suffix=${{ inputs.ecr-tag-suffix }}-root
 
+    # To avoid rate limiting from Docker Hub, we login with a paid user account.
+    - name: Login to Docker Hub
+      if: inputs.dockerhub_username && inputs.dockerhub_password
+      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+      with:
+        username: ${{ inputs.dockerhub_username }}
+        password: ${{ inputs.dockerhub_password }}
+
     - name: Build and push root docker image
       id: buildpush-root
-      uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
+      uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
       with:
         push: ${{ inputs.publish }}
         context: .
@@ -150,7 +166,9 @@ runs:
 
     - name: Generate docker metadata for non-root image
       id: meta-nonroot
-      uses: docker/metadata-action@c4ee3adeed93b1fa6a762f209fb01608c1a22f1e # v4.4.4
+      uses: docker/metadata-action@2c0bd771b40637d97bf205cbccdd294a32112176 # v4.5.0
+      env:
+        DOCKER_METADATA_PR_HEAD_SHA: "true"
       with:
         flavor: |
           latest=auto
@@ -159,9 +177,17 @@ runs:
         images: ${{ env.shared-images }}
         tags: ${{ env.shared-tag-list }}
 
+    # To avoid rate limiting from Docker Hub, we login with a paid user account.
+    - name: Login to Docker Hub
+      if: inputs.dockerhub_username && inputs.dockerhub_password
+      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+      with:
+        username: ${{ inputs.dockerhub_username }}
+        password: ${{ inputs.dockerhub_password }}
+
     - name: Build and push non-root docker image
       id: buildpush-nonroot
-      uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
+      uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
       with:
         push: ${{ inputs.publish }}
         context: .

diff --git a/.github/actions/build-test-image/action.yml b/.github/actions/build-test-image/action.yml
@@ -15,7 +15,7 @@ inputs:
     required: false
   suites:
     description: The test suites to build into the image
-    default: chaos migration performance reorg smoke soak benchmark
+    default: chaos migration performance reorg smoke soak benchmark load/automationv2_1
     required: false
   QA_AWS_ROLE_TO_ASSUME:
     description: The AWS role to assume as the CD user, if any. Used in configuring the docker/login-action
@@ -30,25 +30,85 @@ inputs:
 runs:
   using: composite
   steps:
+
+    # Base Test Image Logic
+    - name: Get CTF Version
+      id: version
+      uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/mod-version@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
+      with:
+        go-project-path: ./integration-tests
+        module-name: github.com/smartcontractkit/chainlink-testing-framework
+        enforce-semantic-tag: false
+    - name: Get CTF sha
+      if: steps.version.outputs.is_semantic == 'false'
+      id: short_sha
+      env:
+        VERSION: ${{ steps.version.outputs.version }}
+      shell: bash
+      run: |
+        short_sha="${VERSION##*-}"
+        echo "short sha is: ${short_sha}"
+        echo "short_sha=${short_sha}" >> "$GITHUB_OUTPUT"
+    - name: Checkout chainlink-testing-framework
+      if: steps.version.outputs.is_semantic == 'false'
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      with:
+        repository: smartcontractkit/chainlink-testing-framework
+        ref: main
+        fetch-depth: 0
+        path: ctf
+    - name: Get long sha
+      if: steps.version.outputs.is_semantic == 'false'
+      id: long_sha
+      env:
+        SHORT_SHA: ${{ steps.short_sha.outputs.short_sha }}
+      shell: bash
+      run: |
+        cd ctf
+        long_sha=$(git rev-parse ${SHORT_SHA})
+        echo "sha is: ${long_sha}"
+        echo "long_sha=${long_sha}" >> "$GITHUB_OUTPUT"
+    - name: Check if test base image exists
+      if: steps.version.outputs.is_semantic == 'false'
+      id: check-base-image
+      uses: smartcontractkit/chainlink-github-actions/docker/image-exists@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
+      with:
+        repository: ${{ inputs.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ inputs.QA_AWS_REGION }}.amazonaws.com/test-base-image
+        tag: ${{ steps.long_sha.outputs.long_sha }}
+        AWS_REGION: ${{ inputs.QA_AWS_REGION }}
+        AWS_ROLE_TO_ASSUME: ${{ inputs.QA_AWS_ROLE_TO_ASSUME }}
+    - name: Build Base Image
+      if: steps.version.outputs.is_semantic == 'false' && steps.check-base-image.outputs.exists == 'false'
+      uses: smartcontractkit/chainlink-github-actions/docker/build-push@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
+      env:
+        BASE_IMAGE_NAME: ${{ inputs.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ inputs.QA_AWS_REGION }}.amazonaws.com/test-base-image:${{ steps.long_sha.outputs.long_sha }}
+      with:
+        tags: ${{ env.BASE_IMAGE_NAME }}
+        file: ctf/k8s/Dockerfile.base
+        AWS_REGION: ${{ inputs.QA_AWS_REGION }}
+        AWS_ROLE_TO_ASSUME: ${{ inputs.QA_AWS_ROLE_TO_ASSUME }}
+    # End Base Image Logic
+
+    # Test Runner Logic
     - name: Check if image exists
       id: check-image
-      uses: smartcontractkit/chainlink-github-actions/docker/image-exists@00c6214deb10a3f374c6d3430c32c5202015d463 # v2.2.12
+      uses: smartcontractkit/chainlink-github-actions/docker/image-exists@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
       with:
         repository: ${{ inputs.repository }}
         tag: ${{ inputs.tag }}
         AWS_REGION: ${{ inputs.QA_AWS_REGION }}
         AWS_ROLE_TO_ASSUME: ${{ inputs.QA_AWS_ROLE_TO_ASSUME }}
     - name: Build and Publish Test Runner
       if: steps.check-image.outputs.exists == 'false'
-      uses: smartcontractkit/chainlink-github-actions/docker/build-push@00c6214deb10a3f374c6d3430c32c5202015d463 # v2.2.12
+      uses: smartcontractkit/chainlink-github-actions/docker/build-push@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
       with:
         tags: |
           ${{ inputs.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ inputs.QA_AWS_REGION }}.amazonaws.com/${{ inputs.repository }}:${{ inputs.tag }}
           ${{ inputs.other_tags }}
         file: ./integration-tests/test.Dockerfile
         build-args: |
           BASE_IMAGE=${{ inputs.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ inputs.QA_AWS_REGION }}.amazonaws.com/test-base-image
-          IMAGE_VERSION=v0.38.2
+          IMAGE_VERSION=${{ steps.long_sha.outputs.long_sha || steps.version.outputs.version }}
           SUITES="${{ inputs.suites }}"
         AWS_REGION: ${{ inputs.QA_AWS_REGION }}
         AWS_ROLE_TO_ASSUME: ${{ inputs.QA_AWS_ROLE_TO_ASSUME }}
@@ -60,3 +120,4 @@ runs:
       run: |
         echo "### ${INPUTS_REPOSITORY} image tag for this test run :ship:" >>$GITHUB_STEP_SUMMARY
         echo "\`${INPUTS_TAG}\`" >>$GITHUB_STEP_SUMMARY
+    # End Test Runner Logic
diff --git a/.github/actions/delete-deployments/action.yml b/.github/actions/delete-deployments/action.yml
@@ -29,11 +29,11 @@ inputs:
 runs:
   using: composite
   steps:
-    - uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd #v2.2.4
+    - uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4
       with:
         version: ^8.0.0
 
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
       with:
         node-version: "18"
         cache: "pnpm"

diff --git a/.github/actions/golangci-lint/action.yml b/.github/actions/golangci-lint/action.yml
@@ -30,7 +30,7 @@ inputs:
 runs:
   using: composite
   steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Setup Go
       uses: ./.github/actions/setup-go
       with:
@@ -53,12 +53,12 @@ runs:
     - name: golangci-lint
       uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
       with:
-        version: v1.55.0
+        version: v1.55.2
         # We already cache these directories in setup-go
         skip-pkg-cache: true
         skip-build-cache: true
         # only-new-issues is only applicable to PRs, otherwise it is always set to false
-        only-new-issues: true
+        only-new-issues: false # disabled for PRs due to unreliability
         args: --out-format colored-line-number,checkstyle:golangci-lint-report.xml
         working-directory: ${{ inputs.go-directory }}
     - name: Store lint report artifact
@@ -69,7 +69,7 @@ runs:
         path: ${{ inputs.go-directory }}/golangci-lint-report.xml
     - name: Collect Metrics
       if: always()
-      uses: smartcontractkit/push-gha-metrics-action@f4d2fcbe12e9e44921e0171d24085ab7d2a30bc9 # v2.0.1
+      uses: smartcontractkit/push-gha-metrics-action@d1618b772a97fd87e6505de97b872ee0b1f1729a # v2.0.2
       with:
         basic-auth: ${{ inputs.gc-basic-auth }}
         hostname: ${{ inputs.gc-host }}

diff --git a/.github/actions/goreleaser-build-sign-publish/README.md b/.github/actions/goreleaser-build-sign-publish/README.md
@@ -25,9 +25,9 @@ jobs:
       MACOS_SDK_VERSION: 12.3
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Configure aws credentials
-        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
+        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
         with:
           role-to-assume: ${{ secrets.aws-role-arn }}
           role-duration-seconds: ${{ secrets.aws-role-dur-sec }}

diff --git a/.github/actions/goreleaser-build-sign-publish/action.yml b/.github/actions/goreleaser-build-sign-publish/action.yml
@@ -65,7 +65,7 @@ runs:
   using: composite
   steps:
     - name: Setup docker buildx
-      uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
+      uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
     - name: Set up qemu
       uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
     - name: Setup go

diff --git a/.github/actions/setup-nodejs/action.yaml b/.github/actions/setup-nodejs/action.yaml
@@ -7,11 +7,11 @@ description: Setup pnpm for contracts
 runs:
   using: composite
   steps:
-    - uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd #v2.2.4
+    - uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4
       with:
         version: ^7.0.0
 
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
       with:
         node-version: "16"
         cache: "pnpm"

diff --git a/.github/actions/split-tests/action.yaml b/.github/actions/split-tests/action.yaml
@@ -15,7 +15,7 @@ runs:
       with:
         version: ^7.0.0
 
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
       with:
         node-version: "16"
         cache: "pnpm"

diff --git a/.github/actions/version-file-bump/action.yml b/.github/actions/version-file-bump/action.yml
@@ -31,7 +31,7 @@ runs:
         current_version=$(head -n1 ./VERSION)
         echo "current_version=${current_version}" | tee -a "$GITHUB_OUTPUT"
     - name: Compare semantic versions
-      uses: smartcontractkit/chainlink-github-actions/semver-compare@v2.2.0
+      uses: smartcontractkit/chainlink-github-actions/semver-compare@e865e376b8c2d594028c8d645dd6c47169b72974 # v2.2.16
       id: compare
       with:
         version1: ${{ steps.get-current-version.outputs.current_version }}