refactor: use only goreleaser to build unsigned chainlink images in one workflow

.github/actions/goreleaser-build-sign-publish/action.yml

@@ -29,10 +29,13 @@ inputs:
  description: The docker registry
  default: localhost:5001
  required: false
- # snapshot inputs
- enable-goreleaser-snapshot:
- description: Enable goreleaser build / release snapshot
- default: "false"
+ docker-image-name:
+ description: The docker image name
+ default: chainlink
+ required: false
+ docker-image-tag:
+ description: The docker image tag
+ default: develop
  required: false
  # goreleaser inputs
  goreleaser-exec:
@@ -43,6 +46,17 @@ inputs:
  description: "The goreleaser configuration yaml"
  default: ".goreleaser.yaml"
  required: false
+ enable-goreleaser-snapshot:
+ description: Enable goreleaser build / release snapshot
+ default: "false"
+ required: false
+ enable-goreleaser-split:
+ description: Enable goreleaser split and merge builds
+ default: "false"
+ required: false
+ goreleaser-split-arch:
+ description: The architecture to split the goreleaser build
+ required: false
  # signing inputs
  enable-cosign:
  description: Enable signing of docker images
@@ -57,13 +71,6 @@ inputs:
  cosign-password:
  description: The password to decrypt the cosign private key needed to sign the image
  required: false
-outputs:
- goreleaser-metadata:
- description: "Build result metadata"
- value: ${{ steps.goreleaser.outputs.metadata }}
- goreleaser-artifacts:
- description: "Build result artifacts"
- value: ${{ steps.goreleaser.outputs.artifacts }}
 runs:
  using: composite
  steps:
@@ -97,14 +104,22 @@ runs:
  uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
  with:
  registry: ${{ inputs.docker-registry }}
- - name: Goreleaser release
- id: goreleaser
+ - name: Set goreleaser split env
+ if: inputs.enable-goreleaser-split == 'true'
+ shell: bash
+ run: |
+ echo "GOOS=linux" | tee -a $GITHUB_ENV
+ echo "GOARCH=${{ inputs.goreleaser-split-arch }}" | tee -a $GITHUB_ENV
+ - name: Run goreleaser release
  shell: bash
  env:
  ENABLE_COSIGN: ${{ inputs.enable-cosign }}
  ENABLE_GORELEASER_SNAPSHOT: ${{ inputs.enable-goreleaser-snapshot }}
+ ENABLE_GORELEASER_SPLIT: ${{ inputs.enable-goreleaser-split }}
  ENABLE_DOCKER_PUBLISH: ${{ inputs.enable-docker-publish }}
  IMAGE_PREFIX: ${{ inputs.docker-registry }}
+ IMAGE_NAME: ${{ inputs.docker-image-name }}
+ IMAGE_TAG: ${{ inputs.docker-image-tag }}
  GORELEASER_EXEC: ${{ inputs.goreleaser-exec }}
  GORELEASER_CONFIG: ${{ inputs.goreleaser-config }}
  COSIGN_PASSWORD: ${{ inputs.cosign-password }}

.github/actions/goreleaser-build-sign-publish/action_utils

@@ -4,6 +4,7 @@ set -euo pipefail
 
 ENABLE_COSIGN=${ENABLE_COSIGN:-false}
 ENABLE_GORELEASER_SNAPSHOT=${ENABLE_GORELEASER_SNAPSHOT:-false}
+ENABLE_GORELEASER_SPLIT=${ENABLE_GORELEASER_SPLIT:-false}
 ENABLE_DOCKER_PUBLISH=${ENABLE_DOCKER_PUBLISH:-false}
 COSIGN_PASSWORD=${COSIGN_PASSWORD:-""}
 GORELEASER_EXEC=${GORELEASER_EXEC:-goreleaser}
@@ -27,8 +28,12 @@ _publish_snapshot_manifests() {
  local docker_manifest_extra_args=$DOCKER_MANIFEST_EXTRA_ARGS
  local full_sha=$(git rev-parse HEAD)
  local images=$(docker images --filter "label=org.opencontainers.image.revision=$full_sha" --format "{{.Repository}}:{{.Tag}}" | sort)
- local arches=(amd64 arm64)
  local raw_manifest_lists=""
+ if [[ $ENABLE_GORELEASER_SPLIT == "true" ]]; then
+ local arches=(${GOARCH:-""})
+ else
+ local arches=(amd64 arm64)
+ fi
  for image in $images; do
  for arch in "${arches[@]}"; do
  image=${image%"-$arch"}
@@ -51,22 +56,35 @@ _publish_snapshot_manifests() {
 
 # wrapper function to invoke goreleaser release
 goreleaser_release() {
+ goreleaser_flags=()
+
+ # set goreleaser flags
+ if [[ $ENABLE_GORELEASER_SNAPSHOT == "true" ]]; then
+ goreleaser_flags+=("--snapshot")
+ goreleaser_flags+=("--clean")
+ fi
+ if [[ $ENABLE_GORELEASER_SPLIT == "true" ]]; then
+ goreleaser_flags+=("--split")
+ fi
+ flags=$(printf "%s " "${goreleaser_flags[@]}")
+ flags=$(echo "$flags" | sed 's/ *$//')
+
  if [[ $ENABLE_COSIGN == "true" ]]; then
  echo "$COSIGN_PUBLIC_KEY" > cosign.pub
  echo "$COSIGN_PRIVATE_KEY" > cosign.key
  fi
+
  if [[ -n $MACOS_SDK_DIR ]]; then
  MACOS_SDK_DIR=$(echo "$(cd "$(dirname "$MACOS_SDK_DIR")" || exit; pwd)/$(basename "$MACOS_SDK_DIR")")
  fi
- if [[ $ENABLE_GORELEASER_SNAPSHOT == "true" ]]; then
- $GORELEASER_EXEC release --snapshot --clean --config "$GORELEASER_CONFIG" "$@"
- if [[ $ENABLE_DOCKER_PUBLISH == "true" ]]; then
+
+ $GORELEASER_EXEC release ${flags} --config "$GORELEASER_CONFIG" "$@"
+
+ if [[ $ENABLE_DOCKER_PUBLISH == "true" ]]; then
  _publish_snapshot_images
  _publish_snapshot_manifests
- fi
- else
- $GORELEASER_EXEC release --clean --config "$GORELEASER_CONFIG" "$@"
  fi
+
  if [[ $ENABLE_COSIGN == "true" ]]; then
  rm -rf cosign.pub
  rm -rf cosign.key

.github/workflows/build-publish-develop-pr.yml

@@ -0,0 +1,119 @@
+name: "Build and Publish Chainlink"
+
+on:
+ pull_request:
+ push:
+ branches:
+ - develop
+ - "release/**"
+ workflow_dispatch:
+ inputs:
+ git_ref:
+ description: "The git ref to check out"
+ required: true
+ build-publish:
+ description: "Whether to build and publish - defaults to just build"
+ required: false
+ default: "false"
+
+env:
+ GIT_REF: ${{ github.event.inputs.git_ref || github.ref }}
+
+jobs:
+ goreleaser-build-publish-chainlink:
+ runs-on: ubuntu-20.04
+ permissions:
+ id-token: write
+ contents: read
+ strategy:
+ matrix:
+ goarch: [amd64, arm64]
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+ with:
+ ref: ${{ env.GIT_REF }}
+
+ # This gets the image tag and whether to publish the image based on the event type
+ # PR builds: pr-<pr_number>-<short_sha> (if label 'build-publish' is present publishes the image)
+ # develop builds: develop-<short_sha>
+ # release builds: release-<short_sha>
+ # manual builds: <short_sha> (if build-publish is true publishes the image)
+ - name: Get image tag
+ id: get-image-tag
+ run: |
+ short_sha=$(git rev-parse --short HEAD)
+ echo "build-publish=false" | tee -a $GITHUB_OUTPUT
+ if [[ ${{ github.event_name }} == 'push' ]]; then
+ if [[ ${{ github.ref_name }} == 'release/'* ]]; then
+ echo "image-tag=release-${short_sha}" | tee -a $GITHUB_OUTPUT
+ echo "build-publish=true" | tee -a $GITHUB_OUTPUT
+ else
+ echo "image-tag=develop-${short_sha}" | tee -a $GITHUB_OUTPUT
+ echo "build-publish=true" | tee -a $GITHUB_OUTPUT
+ fi
+ elif [[ ${{ github.event_name }} == 'workflow_dispatch' ]]; then
+ echo "image-tag=${short_sha}" | tee -a $GITHUB_OUTPUT
+ echo "build-publish=${{ github.event.inputs.build-publish }}" | tee -a $GITHUB_OUTPUT
+ else
+ if [[ ${{ github.event_name }} == "pull_request" ]]; then
+ echo "image-tag=pr-${{ github.event.number }}-${short_sha}" | tee -a $GITHUB_OUTPUT
+ if [[ ${{ contains(github.event.pull_request.labels.*.name, 'build-publish') }} == "true" ]]; then
+ echo "build-publish=true" | tee -a $GITHUB_OUTPUT
+ fi
+ fi
+ fi
+
+ - name: Configure aws credentials
+ if: steps.get-image-tag.outputs.build-publish == 'true'
+ uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+ with:
+ role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_BUILD_PUBLISH_DEVELOP_PR }}
+ aws-region: ${{ secrets.AWS_REGION }}
+ mask-aws-account-id: true
+ role-session-name: goreleaser-build-publish-chainlink
+
+ - name: Build and publish images
+ uses: ./.github/actions/goreleaser-build-sign-publish
+ with:
+ enable-docker-publish: ${{ steps.get-image-tag.outputs.build-publish }}
+ docker-registry: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
+ docker-image-name: chainlink
+ docker-image-tag: ${{ steps.get-image-tag.outputs.image-tag }}
+ enable-goreleaser-snapshot: "true"
+ enable-goreleaser-split: "true"
+ goreleaser-split-arch: ${{ matrix.goarch }}
+ goreleaser-exec: ./tools/bin/goreleaser_wrapper
+ goreleaser-config: .goreleaser.develop.yaml
+ goreleaser-key: ${{ secrets.GORELEASER_KEY }}
+ zig-version: 0.11.0
+
+ - name: Output image name and digest
+ if: steps.get-image-tag.outputs.build-publish == 'true'
+ shell: bash
+ run: |
+ # need to check if artifacts.json exists because goreleaser splits the build
+ if [[ -f dist/artifacts.json ]]; then
+ artifact_path="dist/artifacts.json"
+ else
+ artifact_path="dist/linux_${{ matrix.goarch }}/artifacts.json"
+ cat dist/linux_${{ matrix.goarch }}/artifacts.json
+ fi
+ echo "### Docker Images" | tee -a "$GITHUB_STEP_SUMMARY"
+ jq -r '.[] | select(.type == "Docker Image") | "`\(.goarch)-image`: \(.name)"' ${artifact_path} >> output.txt
+ jq -r '.[] | select(.type == "Archive") | "`\(.goarch)-digest`: \(.extra.Checksum)"' ${artifact_path} >> output.txt
+ while read -r line; do
+ echo "$line" | tee -a "$GITHUB_STEP_SUMMARY"
+ done < output.txt
+
+ - name: Collect Metrics
+ if: always()
+ id: collect-gha-metrics
+ uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1
+ with:
+ id: goreleaser-build-publish
+ org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
+ basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
+ hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
+ this-job-name: goreleaser-build-publish-chainlink (${{ matrix.goarch }})
+ continue-on-error: true