From fcc6d6b77d99d040c5f12b76763eaef28320a6f3 Mon Sep 17 00:00:00 2001 From: Rafael Felix Correa Date: Wed, 13 Nov 2024 13:49:27 +0100 Subject: [PATCH 1/5] CRIB-542: crib-integration-tests GH workflow running on push to develop Because our crib-integration-tests runs only on schedule, the PR issuer never really gets the feedback that their change broke CRIB when/after merging to develop, and the CRIB team gets notified at most once a day if `develop` is broken. That + timezone differences between team mates can prolong the resolution of the problem. This PR embeds the crib-integration-tests.yml workflow into the already existing build-publish-develop-pr.yml, since `workflow_run` doesn't provide feedback in the context of a PR/push as well (see https://stackoverflow.com/questions/63343937/how-to-use-the-github-actions-workflow-run-event#comment134992476_65081720) we'd have a check running per PR/push to develop but completely detached from the commit ref, which defeats the purpose of establishing a feedback loop. Keeping these workflows splitted would incur in potential race conditions, such as running tests by pulling a docker tag that doesn't yet exist, or worse: exists but with a different content than the one from the actual commit ref. --- .../workflows/build-publish-develop-pr.yml | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.github/workflows/build-publish-develop-pr.yml b/.github/workflows/build-publish-develop-pr.yml index 92d9e0445a6..8b10d03a607 100644 --- a/.github/workflows/build-publish-develop-pr.yml +++ b/.github/workflows/build-publish-develop-pr.yml @@ -154,3 +154,26 @@ jobs: goreleaser-release-type: "merge" goreleaser-config: .goreleaser.develop.yaml goreleaser-key: ${{ secrets.GORELEASER_KEY }} + + crib-integration-test: + if: ${{ github.event.inputs.git_ref || github.ref }} == 'refs/heads/develop' + runs-on: ubuntu-latest + needs: [split, image-tag] + permissions: + id-token: write + steps: + - name: Assume role capable of dispatching action + uses: smartcontractkit/.github/actions/setup-github-token@ef78fa97bf3c77de6563db1175422703e9e6674f # setup-github-token@0.2.1 + id: get-gh-token + with: + aws-role-arn: ${{ secrets.AWS_OIDC_CHAINLINK_CI_AUTO_PR_TOKEN_ISSUER_ROLE_ARN }} + aws-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }} + aws-region: ${{ secrets.AWS_REGION }} + + - uses: convictional/trigger-workflow-and-wait@f69fa9eedd3c62a599220f4d5745230e237904be #v1.6.5 + with: + owner: smartcontractkit + repo: chainlink + github_token: ${{ steps.get-gh-token.outputs.access-token }} + workflow_file_name: crib-integration-test.yml + client_payload: '{"git_ref": "${{ env.GIT_REF }}", "image-tag": "${{ needs.image-tag.outputs.image-tag }}"}' From 099f2afc94941e2f5fc541761857b179f762b351 Mon Sep 17 00:00:00 2001 From: Rafael Felix Correa Date: Wed, 13 Nov 2024 16:08:36 +0100 Subject: [PATCH 2/5] crib-integration-test only runs on push to develop running on every commit to every PR would increase our GH runner costs too much --- .github/workflows/build-publish-develop-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-publish-develop-pr.yml b/.github/workflows/build-publish-develop-pr.yml index 8b10d03a607..3764d5058e5 100644 --- a/.github/workflows/build-publish-develop-pr.yml +++ b/.github/workflows/build-publish-develop-pr.yml @@ -176,4 +176,4 @@ jobs: repo: chainlink github_token: ${{ steps.get-gh-token.outputs.access-token }} workflow_file_name: crib-integration-test.yml - client_payload: '{"git_ref": "${{ env.GIT_REF }}", "image-tag": "${{ needs.image-tag.outputs.image-tag }}"}' + client_payload: '{"git_ref": "${{ env.GIT_REF }}", "image-tag": "${{ needs.image-tag.outputs.image-tag }}"}' \ No newline at end of file From b63e15d64b38da38e1b42c65c2dba0d4f6a05ba0 Mon Sep 17 00:00:00 2001 From: Rafael Felix Correa Date: Thu, 14 Nov 2024 09:20:53 +0100 Subject: [PATCH 3/5] triggering crib-integration-test from build-publish-develop-pr (thanks @HenryNguyen5) --- .../workflows/build-publish-develop-pr.yml | 20 +++++++------------ .github/workflows/crib-integration-test.yml | 12 +++++------ 2 files changed, 13 insertions(+), 19 deletions(-) diff --git a/.github/workflows/build-publish-develop-pr.yml b/.github/workflows/build-publish-develop-pr.yml index 3764d5058e5..9c3ffc344f3 100644 --- a/.github/workflows/build-publish-develop-pr.yml +++ b/.github/workflows/build-publish-develop-pr.yml @@ -160,20 +160,14 @@ jobs: runs-on: ubuntu-latest needs: [split, image-tag] permissions: - id-token: write + contents: read steps: - - name: Assume role capable of dispatching action - uses: smartcontractkit/.github/actions/setup-github-token@ef78fa97bf3c77de6563db1175422703e9e6674f # setup-github-token@0.2.1 - id: get-gh-token + - name: Checkout repository + uses: actions/checkout@v4.2.1 with: - aws-role-arn: ${{ secrets.AWS_OIDC_CHAINLINK_CI_AUTO_PR_TOKEN_ISSUER_ROLE_ARN }} - aws-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }} - aws-region: ${{ secrets.AWS_REGION }} + ref: ${{ env.CHECKOUT_REF }} - - uses: convictional/trigger-workflow-and-wait@f69fa9eedd3c62a599220f4d5745230e237904be #v1.6.5 + - name: Call crib-integration-test workflow + uses: ./.github/workflows/crib-integration-test.yml with: - owner: smartcontractkit - repo: chainlink - github_token: ${{ steps.get-gh-token.outputs.access-token }} - workflow_file_name: crib-integration-test.yml - client_payload: '{"git_ref": "${{ env.GIT_REF }}", "image-tag": "${{ needs.image-tag.outputs.image-tag }}"}' \ No newline at end of file + image-tag: ${{ needs.image-tag.outputs.image-tag }} diff --git a/.github/workflows/crib-integration-test.yml b/.github/workflows/crib-integration-test.yml index 5dd24167ab0..ebce6a5955d 100644 --- a/.github/workflows/crib-integration-test.yml +++ b/.github/workflows/crib-integration-test.yml @@ -1,11 +1,11 @@ name: CRIB Integration Tests on: - pull_request: - paths: - - ".github/workflows/crib-integration-test.yml" - schedule: - - cron: "0 1 * * *" workflow_call: + workflow_dispatch: + inputs: + image-tag: + required: true + description: The chainlink docker image tag to test against concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -89,7 +89,7 @@ jobs: command: "core-dev-simulated-core-ocr1" crib-alert-slack-webhook: ${{ secrets.CRIB_ALERT_SLACK_WEBHOOK }} product-image: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}/chainlink - product-image-tag: develop + product-image-tag: ${{ inputs.image-tag }} - uses: actions/checkout@v4.2.1 - name: Set up Go uses: ./.github/actions/setup-go From 21ed52c11c08337b8ccd1fe3e8df31e9e36cb436 Mon Sep 17 00:00:00 2001 From: Rafael Felix Correa Date: Fri, 13 Dec 2024 16:39:34 +0100 Subject: [PATCH 4/5] running crib-integration-test.yml as a reusable workflow --- .github/workflows/build-publish-develop-pr.yml | 18 ++++-------------- .github/workflows/crib-integration-test.yml | 8 ++++++-- 2 files changed, 10 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build-publish-develop-pr.yml b/.github/workflows/build-publish-develop-pr.yml index 9c3ffc344f3..15731f52485 100644 --- a/.github/workflows/build-publish-develop-pr.yml +++ b/.github/workflows/build-publish-develop-pr.yml @@ -156,18 +156,8 @@ jobs: goreleaser-key: ${{ secrets.GORELEASER_KEY }} crib-integration-test: - if: ${{ github.event.inputs.git_ref || github.ref }} == 'refs/heads/develop' - runs-on: ubuntu-latest needs: [split, image-tag] - permissions: - contents: read - steps: - - name: Checkout repository - uses: actions/checkout@v4.2.1 - with: - ref: ${{ env.CHECKOUT_REF }} - - - name: Call crib-integration-test workflow - uses: ./.github/workflows/crib-integration-test.yml - with: - image-tag: ${{ needs.image-tag.outputs.image-tag }} + uses: ./.github/workflows/crib-integration-test.yml + with: + image-tag: ${{ needs.image-tag.outputs.image-tag }} + secrets: inherit diff --git a/.github/workflows/crib-integration-test.yml b/.github/workflows/crib-integration-test.yml index ebce6a5955d..61e1cd0ac97 100644 --- a/.github/workflows/crib-integration-test.yml +++ b/.github/workflows/crib-integration-test.yml @@ -1,11 +1,15 @@ name: CRIB Integration Tests on: + pull_request: + paths: + - ".github/workflows/crib-integration-test.yml" workflow_call: - workflow_dispatch: inputs: image-tag: - required: true + default: develop + required: false description: The chainlink docker image tag to test against + type: string concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true From f90aeb7d64c81e996cf34b2f7c83767d4315aa4c Mon Sep 17 00:00:00 2001 From: Rafael Felix Correa Date: Mon, 16 Dec 2024 10:31:48 +0100 Subject: [PATCH 5/5] limiting crib-integration-test to the develop branch --- .github/workflows/build-publish-develop-pr.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-publish-develop-pr.yml b/.github/workflows/build-publish-develop-pr.yml index 15731f52485..bad72a1549f 100644 --- a/.github/workflows/build-publish-develop-pr.yml +++ b/.github/workflows/build-publish-develop-pr.yml @@ -157,6 +157,7 @@ jobs: crib-integration-test: needs: [split, image-tag] + if: ${{ github.ref == 'refs/heads/develop' }} uses: ./.github/workflows/crib-integration-test.yml with: image-tag: ${{ needs.image-tag.outputs.image-tag }}