diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 03f44194af..9725b712f7 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -4,17 +4,12 @@ name: Deploy on: - push: + pull_request: branches: - main # The only commits that will contain changes to the masterlist will be releases - paths-ignore: + paths: - 'MASTERLIST.md' - - 'package.json' - - '.changeset/**' - - 'packages/**/CHANGELOG.md' - - 'packages/**/README.md' - - 'packages/**/package.json' workflow_dispatch: inputs: # For this workflow, BUILD_ALL will cause all adapters to have their image built and deployed @@ -39,82 +34,13 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 2 - - name: Set up and install dependencies - uses: ./.github/actions/setup - with: - skip-setup: true - name: Build list of changed packages and changed adapters id: changed-adapters env: UPSTREAM_BRANCH: HEAD~1 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - # The deployment will overwrite existing ones, so in order to calculate all adapters that have been changed, - # we can mock running the changesets version command to have them present in the diff. - # Additionally, running the changeset version will cause the images we publish here to have the proper increased version. - yarn changeset version - - # If there are changes, commit them and calculate the adapters. - # If there are no changes, we don't need to deploy anything :) - if [[ `git status --porcelain` ]]; then - git commit -am "Mock changesets" - fi - ./.github/scripts/changed-adapters.sh - # Since we want to publish with the versions updated, we need to store the changes we've made to a temporary branch - - name: Publish branch - id: push-branch - if: steps.changed-adapters.outputs.CHANGED_ADAPTERS != '[]' - run: | - export TMP_BRANCH="tmp-deploy-$(git rev-parse HEAD)" - git checkout -b tmp-deploy-$(git rev-parse HEAD) - git push origin tmp-deploy-$(git rev-parse HEAD) - echo "TMP_BRANCH=$TMP_BRANCH" >> $GITHUB_OUTPUT - - publish-adapter-images: - name: Build and publish ${{ matrix.adapter.shortName }} - runs-on: ubuntu-latest - needs: - - calculate-changes - if: needs.calculate-changes.outputs.adapter-list != '[]' - environment: release - permissions: # These are needed for the configure-aws-credentials action - id-token: write - contents: read - strategy: - max-parallel: 20 - matrix: ${{fromJson(needs.calculate-changes.outputs.adapter-list)}} - env: - ECR_URL: ${{ secrets.SDLC_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION_ECR_PRIVATE }}.amazonaws.com - ECR_REPO: adapters/${{ matrix.adapter.shortName }}-adapter - IMAGE_VERSION: ${{ matrix.adapter.version }} - steps: - - name: Check out code - uses: actions/checkout@v4 - with: - ref: ${{ needs.calculate-changes.outputs.tmp-branch }} - - name: Build the adapter image - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 - with: - context: . - push: false - tags: ${{ env.ECR_URL }}/${{ env.ECR_REPO }}:${{ matrix.adapter.version }} - build-args: | - package=${{ matrix.adapter.name }} - location=${{ matrix.adapter.location }} - - name: Debug - run: docker image ls - - name: Publish adapter image - uses: ./.github/actions/publish-image - with: - image-version: ${{ matrix.adapter.version }} - aws-ecr-url: ${{ env.ECR_URL }} - aws-ecr-repo: ${{ env.ECR_REPO }} - aws-region: ${{ secrets.AWS_REGION_ECR_PRIVATE }} - aws-role: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }} - aws-ecr-account-ids: ${{ secrets.AWS_PRIVATE_ECR_SECONDARY_ACCOUNT_ACCESS_IDS }} - aws-ecr-private: true - latest: true deploy: name: Trigger infra deployment @@ -124,7 +50,6 @@ jobs: runs-on: ubuntu-latest needs: - calculate-changes - - publish-adapter-images if: needs.calculate-changes.outputs.adapter-list != '[]' environment: InfraK8s env: @@ -139,28 +64,21 @@ jobs: aws-lambda-url: ${{ secrets.GATI_LAMBDA_DATA_FEEDS_URL }} aws-region: ${{ secrets.AWS_REGION }} aws-role-duration-seconds: '1800' # this is optional and defaults to 900 + - name: Determine branch name suffix + id: suffix + run: | + echo "github.event.pull_request.head.ref = ${{ github.event.pull_request.head.ref }}" + if [[ "${{ github.event.pull_request.head.ref }}" = "changeset-release/main" ]]; then + echo "SUFFIX=" >> $GITHUB_OUTPUT + else + echo "SUFFIX=-pr${{ github.event.number }}" >> $GITHUB_OUTPUT + fi - name: Trigger Image Dispatcher run: > gh workflow run --repo smartcontractkit/infra-k8s --ref main "Infra-k8s Image Dispatcher" -F imageRepos="$(echo $CHANGED_ADAPTERS | jq -r "\"$ECR_URL/adapters/\" + (.adapter | .[].shortName) + \"-adapter\"" | tr '\n' ' ')" - -F gitRepo=${{ github.event.repository.name }} + -F gitRepo="${{ github.event.repository.name }}${{ steps.suffix.outputs.SUFFIX }}" env: GITHUB_TOKEN: ${{ steps.setup-github-token.outputs.access-token }} - - cleanup: - name: Clean up ephemeral items - runs-on: ubuntu-latest - needs: - - calculate-changes - - deploy - if: always() && needs.calculate-changes.outputs.adapter-list != '[]' - steps: - - name: Check out code - uses: actions/checkout@v4 - with: - ref: ${{ needs.calculate-changes.outputs.tmp-branch }} - - name: Delete ephemeral branch - run: | - git push origin --delete ${{ needs.calculate-changes.outputs.tmp-branch }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000000..17bc6cb2c0 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,133 @@ +# This workflow publishes docker images to ECR. +name: Publish + +on: + push: + branches: + - main + # The only commits that will contain changes to the masterlist will be releases + paths-ignore: + - 'MASTERLIST.md' + - 'package.json' + - '.changeset/**' + - 'packages/**/CHANGELOG.md' + - 'packages/**/README.md' + - 'packages/**/package.json' + workflow_dispatch: + inputs: + # For this workflow, BUILD_ALL will cause all adapters to have their image built and deployed + build-all: + description: whether to run steps for all adapters, regardless of whether they were changed in this event + required: false + default: 'false' + +concurrency: + group: deploy-and-release + cancel-in-progress: false + +jobs: + calculate-changes: + name: Compute changed adapters + runs-on: [ubuntu-latest] + permissions: + contents: read + outputs: + adapter-list: ${{ steps.changed-adapters.outputs.CHANGED_ADAPTERS }} + tmp-branch: ${{ steps.push-branch.outputs.TMP_BRANCH }} + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + with: + fetch-depth: 2 + - name: Set up and install dependencies + uses: ./.github/actions/setup + with: + skip-setup: true + - name: Build list of changed packages and changed adapters + id: changed-adapters + env: + UPSTREAM_BRANCH: HEAD~1 + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + # The deployment will overwrite existing ones, so in order to calculate all adapters that have been changed, + # we can mock running the changesets version command to have them present in the diff. + # Additionally, running the changeset version will cause the images we publish here to have the proper increased version. + yarn changeset version + + # If there are changes, commit them and calculate the adapters. + # If there are no changes, we don't need to deploy anything :) + if [[ `git status --porcelain` ]]; then + git commit -am "Mock changesets" + fi + + ./.github/scripts/changed-adapters.sh + # Since we want to publish with the versions updated, we need to store the changes we've made to a temporary branch + - name: Publish branch + id: push-branch + if: steps.changed-adapters.outputs.CHANGED_ADAPTERS != '[]' + run: | + export TMP_BRANCH="tmp-deploy-$(git rev-parse HEAD)" + git checkout -b tmp-deploy-$(git rev-parse HEAD) + git push origin tmp-deploy-$(git rev-parse HEAD) + echo "TMP_BRANCH=$TMP_BRANCH" >> $GITHUB_OUTPUT + + publish-adapter-images: + name: Build and publish ${{ matrix.adapter.shortName }} + runs-on: ubuntu-latest + needs: + - calculate-changes + if: needs.calculate-changes.outputs.adapter-list != '[]' + environment: release + permissions: # These are needed for the configure-aws-credentials action + id-token: write + contents: read + strategy: + max-parallel: 20 + matrix: ${{fromJson(needs.calculate-changes.outputs.adapter-list)}} + env: + ECR_URL: ${{ secrets.SDLC_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION_ECR_PRIVATE }}.amazonaws.com + ECR_REPO: adapters/${{ matrix.adapter.shortName }}-adapter + IMAGE_VERSION: ${{ matrix.adapter.version }} + steps: + - name: Check out code + uses: actions/checkout@v4 + with: + ref: ${{ needs.calculate-changes.outputs.tmp-branch }} + - name: Build the adapter image + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + with: + context: . + push: false + tags: ${{ env.ECR_URL }}/${{ env.ECR_REPO }}:${{ matrix.adapter.version }} + build-args: | + package=${{ matrix.adapter.name }} + location=${{ matrix.adapter.location }} + - name: Debug + run: docker image ls + - name: Publish adapter image + uses: ./.github/actions/publish-image + with: + image-version: ${{ matrix.adapter.version }} + aws-ecr-url: ${{ env.ECR_URL }} + aws-ecr-repo: ${{ env.ECR_REPO }} + aws-region: ${{ secrets.AWS_REGION_ECR_PRIVATE }} + aws-role: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }} + aws-ecr-account-ids: ${{ secrets.AWS_PRIVATE_ECR_SECONDARY_ACCOUNT_ACCESS_IDS }} + aws-ecr-private: true + latest: true + + cleanup: + name: Clean up ephemeral items + runs-on: ubuntu-latest + needs: + - calculate-changes + - publish-adapter-images + if: always() && needs.calculate-changes.outputs.adapter-list != '[]' + steps: + - name: Check out code + uses: actions/checkout@v4 + with: + ref: ${{ needs.calculate-changes.outputs.tmp-branch }} + - name: Delete ephemeral branch + run: | + git push origin --delete ${{ needs.calculate-changes.outputs.tmp-branch }}