Jtw/initial in memory work confirmer #1513
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Build and Publish from PR" | |
## | |
# This workflow builds and publishes a Docker image for Chainlink from a PR. | |
# It doesn't use an environment, has its own special IAM role, does not sign | |
# the image, and publishes to a special ECR repo. | |
## | |
on: | |
pull_request: | |
jobs: | |
build-publish-untrusted: | |
if: ${{ ! startsWith(github.ref_name, 'release/') }} | |
runs-on: ubuntu-20.04 | |
permissions: | |
id-token: write | |
contents: read | |
env: | |
ECR_IMAGE_NAME: crib-chainlink-untrusted | |
steps: | |
- name: Git Short SHA | |
shell: bash | |
env: | |
GIT_PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }} | |
run: | | |
echo "GIT_SHORT_SHA=${GIT_PR_HEAD_SHA:0:7}" | tee -a "$GITHUB_ENV" | |
- name: Check if image exists | |
id: check-image | |
uses: smartcontractkit/chainlink-github-actions/docker/image-exists@912bed7e07a1df4d06ea53a031e9773bb65dc7bd # v2.3.0 | |
with: | |
repository: ${{ env.ECR_IMAGE_NAME}} | |
tag: sha-${{ env.GIT_SHORT_SHA }} | |
AWS_REGION: ${{ secrets.AWS_REGION }} | |
AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_OIDC_IAM_ROLE_PUBLISH_PR_ARN }} | |
- name: Checkout repository | |
if: steps.check-image.outputs.exists == 'false' | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Build and publish chainlink image | |
if: steps.check-image.outputs.exists == 'false' | |
uses: ./.github/actions/build-sign-publish-chainlink | |
with: | |
publish: true | |
aws-role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_PUBLISH_PR_ARN }} | |
aws-role-duration-seconds: ${{ secrets.AWS_ROLE_DURATION_SECONDS_DEFAULT }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
sign-images: false | |
ecr-hostname: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }} | |
ecr-image-name: ${{ env.ECR_IMAGE_NAME }} | |
dockerhub_username: ${{ secrets.DOCKERHUB_READONLY_USERNAME }} | |
dockerhub_password: ${{ secrets.DOCKERHUB_READONLY_PASSWORD }} | |
- name: Collect Metrics | |
if: always() | |
id: collect-gha-metrics | |
uses: smartcontractkit/push-gha-metrics-action@d1618b772a97fd87e6505de97b872ee0b1f1729a # v2.0.2 | |
with: | |
basic-auth: ${{ secrets.GRAFANA_CLOUD_BASIC_AUTH }} | |
hostname: ${{ secrets.GRAFANA_CLOUD_HOST }} | |
this-job-name: build-publish-untrusted | |
continue-on-error: true |