Skip to content

Add gha to register workflows schemas for cre and platform domains #739

Add gha to register workflows schemas for cre and platform domains

Add gha to register workflows schemas for cre and platform domains #739

name: Regenerate Protobuf Files
on:
pull_request:
types: [opened, reopened, synchronize]
permissions:
id-token: write
contents: read
pull-requests: write
jobs:
changes:
runs-on: ubuntu-latest
outputs:
relevant: ${{ steps.filter.outputs.relevant }}
steps:
- uses: actions/checkout@v4
- id: filter
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
with:
filters: |
# "relevant" means *any* change outside cre/**
relevant:
- '**'
- '!cre/**'
buf:
runs-on: ubuntu-latest
needs: changes
steps:
- name: No-op when only cre/** changed
if: ${{ needs.changes.outputs.relevant != 'true' }}
run: echo "Only cre/** changed; skipping."
- uses: actions/checkout@v4
if: ${{ needs.changes.outputs.relevant == 'true' }}
- uses: smartcontractkit/tool-versions-to-env-action@aabd5efbaf28005284e846c5cf3a02f2cba2f4c2 # v1.0.8
if: ${{ needs.changes.outputs.relevant == 'true' }}
id: tool-versions
- uses: bufbuild/buf-action@c231a1aa9281e5db706c970f468f0744a37561fd # v1
if: ${{ needs.changes.outputs.relevant == 'true' }}
with:
breaking: false
version: ${{ steps.tool-versions.outputs.buf_version }}
exclude_paths: node_modules
- name: Buf breaking per module (skip new modules)
if: ${{ needs.changes.outputs.relevant == 'true' }}
continue-on-error: true
run: |
set -euo pipefail
BASE_REF="${{ github.base_ref || 'main' }}"
echo "Base ref: ${BASE_REF}"
git fetch --depth=1 origin "${BASE_REF}:${BASE_REF}"
if ! git show-ref --verify --quiet "refs/heads/${BASE_REF}"; then
echo "::error::Local branch ${BASE_REF} not found after fetch"
git branch -a | cat
exit 1
fi
modules=$(buf config ls-modules --format path)
echo "Modules detected:"
echo "$modules"
failures=0
failed_list=""
while IFS= read -r module; do
# Skip empty lines
[ -z "${module}" ] && continue
# Check if the module directory exists on the base branch
if git ls-tree --name-only "${BASE_REF}" "${module}" | grep -q .; then
echo "::group::buf breaking ${module}"
if ! buf breaking "${module}" --against ".git#branch=${BASE_REF},subdir=${module}" --exclude-path node_modules --error-format github-actions; then
failures=$((failures+1))
failed_list="${failed_list} ${module}"
fi
echo "::endgroup::"
else
echo "::notice::Skipping breaking for new module '${module}' (not present on ${BASE_REF})."
fi
done <<< "${modules}"
if [ "${failures}" -gt 0 ]; then
echo "::warning::buf breaking failed for modules:${failed_list}"
echo "Continuing despite breaking changes..."
fi
regenerate-protobuf:
runs-on: ubuntu-latest
needs: [buf, changes]
if: ${{ needs.changes.outputs.relevant == 'true' && always() && needs.buf.result != 'cancelled' }}
steps:
- name: Assume aws gati role
if: github.actor != 'app-token-issuer-engops[bot]'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE_ARN_GATI }}
role-duration-seconds: 900
aws-region: ${{ secrets.AWS_REGION }}
mask-aws-account-id: true
- name: Get github token from gati
id: get-gh-token
if: github.actor != 'app-token-issuer-engops[bot]'
uses: smartcontractkit/chainlink-github-actions/github-app-token-issuer@main
with:
url: ${{ secrets.AWS_LAMBDA_URL_GATI }}
- name: Checkout repo
if: github.actor != 'app-token-issuer-engops[bot]'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
# Include the pull request ref in the checkout action to prevent merge commit
# https://github.com/actions/checkout?tab=readme-ov-file#checkout-pull-request-head-commit-instead-of-merge-commit
ref: ${{ github.event.pull_request.head.sha }}
token: ${{ steps.get-gh-token.outputs.access-token }}
fetch-depth: 1
- name: Set tool versions to env vars
id: tool-versions
if: github.actor != 'app-token-issuer-engops[bot]'
uses: smartcontractkit/tool-versions-to-env-action@aabd5efbaf28005284e846c5cf3a02f2cba2f4c2 # v1.0.8
- name: Install asdf and Plugins
if: github.actor != 'app-token-issuer-engops[bot]' && steps.cache-deps.outputs.cache-hit != 'true'
uses: asdf-vm/actions/plugins-add@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
with:
asdf_branch: v0.16.7
- name: Set up Go
if: github.actor != 'app-token-issuer-engops[bot]'
uses: actions/setup-go@v5
with:
go-version: ${{ steps.tool-versions.outputs.golang_version }}
- name: Cache Dependencies
if: github.actor != 'app-token-issuer-engops[bot]'
id: cache-deps
uses: actions/cache@v4
with:
path: |
/usr/local/bin/task
~/go/bin
key: ${{ runner.os }}-cache-regenerate-protobuf
- name: Install task CLI
if: github.actor != 'app-token-issuer-engops[bot]'
run: |
asdf install task
- name: Install grpc and wsrpc
if: github.actor != 'app-token-issuer-engops[bot]' && steps.cache-deps.outputs.cache-hit != 'true'
run: |
go install google.golang.org/protobuf/cmd/protoc-gen-go@v${{ steps.tool-versions.outputs.protoc-gen-go_version }}
go install google.golang.org/grpc/cmd/[email protected]
go install github.com/smartcontractkit/wsrpc/cmd/[email protected]
- name: Install protoc
if: github.actor != 'app-token-issuer-engops[bot]'
run: |
asdf install protoc
- name: Regenerate protobuf files
if: github.actor != 'app-token-issuer-engops[bot]'
run: |
task proto:all
- uses: planetscale/[email protected]
if: github.actor != 'app-token-issuer-engops[bot]'
with:
commit_message: "bot: regenerate protobuf files"
repo: ${{ github.repository }}
branch: ${{ github.head_ref || github.ref_name }}
file_pattern: "*.pb.go"
env:
GITHUB_TOKEN: ${{ steps.get-gh-token.outputs.access-token }}