Audit Fixes #2465
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Integration Tests - Smoke | |
on: | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
cl_branch_ref: | |
description: Chainlink repo branch to integrate with | |
required: true | |
default: develop | |
type: string | |
team: | |
description: Team to run the tests for (e.g. BIX, CCIP) | |
required: true | |
type: string | |
# Only run 1 of this workflow at a time per PR | |
concurrency: | |
group: integration-tests-starknet-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
TEST_LOG_LEVEL: debug | |
CL_ECR: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.QA_AWS_REGION }}.amazonaws.com/chainlink | |
ENV_JOB_IMAGE: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.QA_AWS_REGION }}.amazonaws.com/chainlink-starknet-tests:${{ github.sha }} | |
jobs: | |
build_chainlink_image: | |
name: Build Chainlink Image ${{matrix.image.name}} | |
runs-on: ubuntu-latest | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
environment: integration | |
permissions: | |
id-token: write | |
contents: read | |
strategy: | |
matrix: | |
image: | |
- name: "" | |
dockerfile: core/chainlink.Dockerfile | |
tag-suffix: "" | |
- name: (plugins) | |
dockerfile: plugins/chainlink.Dockerfile | |
tag-suffix: -plugins | |
steps: | |
- name: Collect Metrics | |
id: collect-gha-metrics | |
uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1 | |
with: | |
id: starknet-e2e-build${{ matrix.image.tag-suffix }} | |
org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }} | |
basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }} | |
hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }} | |
this-job-name: Build Chainlink Image${{matrix.image.name}} | |
continue-on-error: true | |
- name: Check if chainlink-starknet image exists | |
id: check-image | |
uses: smartcontractkit/chainlink-github-actions/docker/image-exists@fc3e0df622521019f50d772726d6bf8dc919dd38 # v2.3.19 | |
with: | |
repository: chainlink | |
tag: starknet.${{ github.sha }}${{ matrix.image.tag-suffix }} | |
AWS_REGION: ${{ secrets.QA_AWS_REGION }} | |
AWS_ROLE_TO_ASSUME: ${{ secrets.QA_AWS_ROLE_TO_ASSUME }} | |
- name: Get core ref from PR body | |
if: steps.check-image.outputs.exists == 'false' && github.event_name == 'pull_request' | |
run: | | |
comment=$(gh pr view https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }} --json body -q '.body') | |
core_ref=$(echo $comment | grep -oP 'core ref: \K\S+' || true) | |
if [ ! -z "$core_ref" ]; then | |
echo "CUSTOM_CORE_REF=${core_ref}" >> "${GITHUB_ENV}" | |
else | |
echo "CUSTOM_CORE_REF=develop" >> "${GITHUB_ENV}" | |
fi | |
- name: Set core reference if workflow dispatch | |
if: steps.check-image.outputs.exists == 'false' && github.event_name == 'workflow_dispatch' | |
run: | | |
echo "CUSTOM_CORE_REF=${{ github.event.inputs.cl_branch_ref }}" >> "${GITHUB_ENV}" | |
- name: Build Image ${{ matrix.image.name }} | |
if: steps.check-image.outputs.exists == 'false' | |
uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/build-image@fc3e0df622521019f50d772726d6bf8dc919dd38 # v2.3.19 | |
with: | |
cl_repo: smartcontractkit/chainlink | |
cl_ref: ${{ env.CUSTOM_CORE_REF }} | |
should_checkout: true | |
cl_dockerfile: ${{ matrix.image.dockerfile }} | |
# commit of the caller branch | |
dep_starknet_sha: ${{ github.event.pull_request.head.sha || github.sha }} | |
push_tag: ${{ env.CL_ECR }}:starknet.${{ github.sha }}${{ matrix.image.tag-suffix }} | |
QA_AWS_REGION: ${{ secrets.QA_AWS_REGION }} | |
QA_AWS_ROLE_TO_ASSUME: ${{ secrets.QA_AWS_ROLE_TO_ASSUME }} | |
QA_PRIVATE_GHA_PULL: ${{ secrets.QA_PRIVATE_GHA_PULL }} | |
- name: Print Chainlink Image Built | |
run: | | |
echo "### chainlink image tag used for this test run :link:" >> $GITHUB_STEP_SUMMARY | |
echo "\`starknet.${{ github.sha }}${{ matrix.image.tag-suffix }}\`" >> $GITHUB_STEP_SUMMARY | |
build_test_image: | |
environment: integration | |
permissions: | |
id-token: write | |
contents: read | |
name: Build Test Image | |
runs-on: ubuntu20.04-32cores-128GB | |
steps: | |
- name: Collect Metrics | |
id: collect-gha-metrics | |
uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1 | |
with: | |
id: starknet-e2e-build-test-image | |
org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }} | |
basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }} | |
hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }} | |
this-job-name: Build Test Image | |
continue-on-error: true | |
- name: Setup GitHub Token | |
id: setup-github-token | |
uses: smartcontractkit/.github/actions/setup-github-token@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # setup-github-token@0.1.2 | |
with: | |
aws-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }} | |
aws-lambda-url: ${{ secrets.GATI_RELENG_LAMBDA_URL }} | |
aws-region: ${{ secrets.QA_AWS_REGION }} | |
- name: Checkout the repo | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
ref: ${{ github.sha }} | |
- name: Build Image | |
uses: ./.github/actions/build-test-image | |
with: | |
QA_AWS_ROLE_TO_ASSUME: ${{ secrets.QA_AWS_ROLE_TO_ASSUME }} | |
QA_AWS_REGION: ${{ secrets.QA_AWS_REGION }} | |
QA_AWS_ACCOUNT_NUMBER: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }} | |
GITHUB_TOKEN: ${{ steps.setup-github-token.outputs.access-token }} | |
run_tests: | |
name: Run Smoke Tests ${{matrix.image.name}} | |
runs-on: ubuntu20.04-16cores-64GB | |
needs: [ build_chainlink_image, build_test_image ] | |
environment: integration | |
# these values need to match those used to build the chainlink image | |
strategy: | |
matrix: | |
image: | |
- name: "" | |
tag-suffix: "" | |
test-name: embedded | |
- name: plugins | |
tag-suffix: -plugins | |
test-name: plugins | |
env: | |
INTERNAL_DOCKER_REPO: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.QA_AWS_REGION }}.amazonaws.com | |
permissions: | |
checks: write | |
pull-requests: write | |
id-token: write | |
contents: read | |
steps: | |
- name: Collect Metrics | |
id: collect-gha-metrics | |
uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1 | |
with: | |
id: starknet-e2e-smoke${{ matrix.image.name }} | |
org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }} | |
basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }} | |
hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }} | |
this-job-name: Run Smoke Tests ${{ matrix.image.name }} | |
test-results-file: '{"testType":"go","filePath":"/tmp/gotest.log"}' | |
continue-on-error: true | |
- name: Checkout the repo | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Install Nix | |
uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # nix:v2.24.6 | |
with: | |
nix_path: nixpkgs=channel:nixos-unstable | |
- name: Install Cairo | |
uses: ./.github/actions/install-cairo | |
- name: Setup GitHub Token | |
id: setup-github-token | |
uses: smartcontractkit/.github/actions/setup-github-token@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # setup-github-token@0.1.2 | |
with: | |
aws-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }} | |
aws-lambda-url: ${{ secrets.GATI_RELENG_LAMBDA_URL }} | |
aws-region: ${{ secrets.QA_AWS_REGION }} | |
- name: Build contracts | |
run: | | |
cd contracts && scarb --profile release build | |
- name: Build gauntlet | |
run: | | |
yarn install && yarn build | |
- name: Generate config overrides | |
run: | # https://github.com/smartcontractkit/chainlink-testing-framework/blob/main/config/README.md | |
cat << EOF > config.toml | |
[Network] | |
selected_networks=["SIMULATED"] | |
[Common] | |
internal_docker_repo = "${{ env.INTERNAL_DOCKER_REPO }}" | |
stateful_db = false | |
EOF | |
# shellcheck disable=SC2002 | |
BASE64_CONFIG_OVERRIDE=$(cat config.toml | base64 -w 0) | |
# shellcheck disable=SC2086 | |
echo ::add-mask::$BASE64_CONFIG_OVERRIDE | |
# shellcheck disable=SC2086 | |
echo "BASE64_CONFIG_OVERRIDE=$BASE64_CONFIG_OVERRIDE" >> $GITHUB_ENV | |
- name: Run Tests ${{ matrix.image.name }} | |
uses: smartcontractkit/.github/actions/ctf-run-tests@002596f65dc8eb807f5c8729dc1080921f7d0b24 # 0.2.1 | |
with: | |
aws_registries: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }} | |
test_command_to_run: nix develop -c sh -c "make test=${{ matrix.image.test-name }} test-integration-smoke-ci" | |
test_download_vendor_packages_command: cd integration-tests && nix develop -c go mod download | |
cl_repo: ${{ env.CL_ECR }} | |
cl_image_tag: starknet.${{ github.sha }}${{ matrix.image.tag-suffix }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
go_mod_path: ./integration-tests/go.mod | |
QA_AWS_REGION: ${{ secrets.QA_AWS_REGION }} | |
QA_AWS_ROLE_TO_ASSUME: ${{ secrets.QA_AWS_ROLE_TO_ASSUME }} | |
QA_KUBECONFIG: ${{ secrets.QA_KUBECONFIG }} | |
artifacts_location: /home/runner/work/chainlink-starknet/chainlink-starknet/integration-tests/smoke/logs | |
gati_token: ${{ steps.setup-github-token.outputs.access-token }} | |
env: | |
KILLGRAVE_INTERNAL_IMAGE: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.QA_AWS_REGION }}.amazonaws.com/friendsofgo/killgrave | |
CHAINLINK_IMAGE: ${{ env.CL_ECR }} | |
CHAINLINK_VERSION: starknet.${{ github.sha }}${{ matrix.image.tag-suffix }} | |
CHAINLINK_USER_TEAM: ${{ github.event.inputs.team || 'BIX' }} |