Skip to content

Audit Fixes

Audit Fixes #2465

name: Integration Tests - Smoke
on:
pull_request:
workflow_dispatch:
inputs:
cl_branch_ref:
description: Chainlink repo branch to integrate with
required: true
default: develop
type: string
team:
description: Team to run the tests for (e.g. BIX, CCIP)
required: true
type: string
# Only run 1 of this workflow at a time per PR
concurrency:
group: integration-tests-starknet-${{ github.ref }}
cancel-in-progress: true
env:
TEST_LOG_LEVEL: debug
CL_ECR: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.QA_AWS_REGION }}.amazonaws.com/chainlink
ENV_JOB_IMAGE: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.QA_AWS_REGION }}.amazonaws.com/chainlink-starknet-tests:${{ github.sha }}
jobs:
build_chainlink_image:
name: Build Chainlink Image ${{matrix.image.name}}
runs-on: ubuntu-latest
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
environment: integration
permissions:
id-token: write
contents: read
strategy:
matrix:
image:
- name: ""
dockerfile: core/chainlink.Dockerfile
tag-suffix: ""
- name: (plugins)
dockerfile: plugins/chainlink.Dockerfile
tag-suffix: -plugins
steps:
- name: Collect Metrics
id: collect-gha-metrics
uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1
with:
id: starknet-e2e-build${{ matrix.image.tag-suffix }}
org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
this-job-name: Build Chainlink Image${{matrix.image.name}}
continue-on-error: true
- name: Check if chainlink-starknet image exists
id: check-image
uses: smartcontractkit/chainlink-github-actions/docker/image-exists@fc3e0df622521019f50d772726d6bf8dc919dd38 # v2.3.19
with:
repository: chainlink
tag: starknet.${{ github.sha }}${{ matrix.image.tag-suffix }}
AWS_REGION: ${{ secrets.QA_AWS_REGION }}
AWS_ROLE_TO_ASSUME: ${{ secrets.QA_AWS_ROLE_TO_ASSUME }}
- name: Get core ref from PR body
if: steps.check-image.outputs.exists == 'false' && github.event_name == 'pull_request'
run: |
comment=$(gh pr view https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }} --json body -q '.body')
core_ref=$(echo $comment | grep -oP 'core ref: \K\S+' || true)
if [ ! -z "$core_ref" ]; then
echo "CUSTOM_CORE_REF=${core_ref}" >> "${GITHUB_ENV}"
else
echo "CUSTOM_CORE_REF=develop" >> "${GITHUB_ENV}"
fi
- name: Set core reference if workflow dispatch
if: steps.check-image.outputs.exists == 'false' && github.event_name == 'workflow_dispatch'
run: |
echo "CUSTOM_CORE_REF=${{ github.event.inputs.cl_branch_ref }}" >> "${GITHUB_ENV}"
- name: Build Image ${{ matrix.image.name }}
if: steps.check-image.outputs.exists == 'false'
uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/build-image@fc3e0df622521019f50d772726d6bf8dc919dd38 # v2.3.19
with:
cl_repo: smartcontractkit/chainlink
cl_ref: ${{ env.CUSTOM_CORE_REF }}
should_checkout: true
cl_dockerfile: ${{ matrix.image.dockerfile }}
# commit of the caller branch
dep_starknet_sha: ${{ github.event.pull_request.head.sha || github.sha }}
push_tag: ${{ env.CL_ECR }}:starknet.${{ github.sha }}${{ matrix.image.tag-suffix }}
QA_AWS_REGION: ${{ secrets.QA_AWS_REGION }}
QA_AWS_ROLE_TO_ASSUME: ${{ secrets.QA_AWS_ROLE_TO_ASSUME }}
QA_PRIVATE_GHA_PULL: ${{ secrets.QA_PRIVATE_GHA_PULL }}
- name: Print Chainlink Image Built
run: |
echo "### chainlink image tag used for this test run :link:" >> $GITHUB_STEP_SUMMARY
echo "\`starknet.${{ github.sha }}${{ matrix.image.tag-suffix }}\`" >> $GITHUB_STEP_SUMMARY
build_test_image:
environment: integration
permissions:
id-token: write
contents: read
name: Build Test Image
runs-on: ubuntu20.04-32cores-128GB
steps:
- name: Collect Metrics
id: collect-gha-metrics
uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1
with:
id: starknet-e2e-build-test-image
org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
this-job-name: Build Test Image
continue-on-error: true
- name: Setup GitHub Token
id: setup-github-token
uses: smartcontractkit/.github/actions/setup-github-token@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # setup-github-token@0.1.2
with:
aws-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }}
aws-lambda-url: ${{ secrets.GATI_RELENG_LAMBDA_URL }}
aws-region: ${{ secrets.QA_AWS_REGION }}
- name: Checkout the repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ github.sha }}
- name: Build Image
uses: ./.github/actions/build-test-image
with:
QA_AWS_ROLE_TO_ASSUME: ${{ secrets.QA_AWS_ROLE_TO_ASSUME }}
QA_AWS_REGION: ${{ secrets.QA_AWS_REGION }}
QA_AWS_ACCOUNT_NUMBER: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}
GITHUB_TOKEN: ${{ steps.setup-github-token.outputs.access-token }}
run_tests:
name: Run Smoke Tests ${{matrix.image.name}}
runs-on: ubuntu20.04-16cores-64GB
needs: [ build_chainlink_image, build_test_image ]
environment: integration
# these values need to match those used to build the chainlink image
strategy:
matrix:
image:
- name: ""
tag-suffix: ""
test-name: embedded
- name: plugins
tag-suffix: -plugins
test-name: plugins
env:
INTERNAL_DOCKER_REPO: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.QA_AWS_REGION }}.amazonaws.com
permissions:
checks: write
pull-requests: write
id-token: write
contents: read
steps:
- name: Collect Metrics
id: collect-gha-metrics
uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1
with:
id: starknet-e2e-smoke${{ matrix.image.name }}
org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
this-job-name: Run Smoke Tests ${{ matrix.image.name }}
test-results-file: '{"testType":"go","filePath":"/tmp/gotest.log"}'
continue-on-error: true
- name: Checkout the repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install Nix
uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # nix:v2.24.6
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Install Cairo
uses: ./.github/actions/install-cairo
- name: Setup GitHub Token
id: setup-github-token
uses: smartcontractkit/.github/actions/setup-github-token@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # setup-github-token@0.1.2
with:
aws-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }}
aws-lambda-url: ${{ secrets.GATI_RELENG_LAMBDA_URL }}
aws-region: ${{ secrets.QA_AWS_REGION }}
- name: Build contracts
run: |
cd contracts && scarb --profile release build
- name: Build gauntlet
run: |
yarn install && yarn build
- name: Generate config overrides
run: | # https://github.com/smartcontractkit/chainlink-testing-framework/blob/main/config/README.md
cat << EOF > config.toml
[Network]
selected_networks=["SIMULATED"]
[Common]
internal_docker_repo = "${{ env.INTERNAL_DOCKER_REPO }}"
stateful_db = false
EOF
# shellcheck disable=SC2002
BASE64_CONFIG_OVERRIDE=$(cat config.toml | base64 -w 0)
# shellcheck disable=SC2086
echo ::add-mask::$BASE64_CONFIG_OVERRIDE
# shellcheck disable=SC2086
echo "BASE64_CONFIG_OVERRIDE=$BASE64_CONFIG_OVERRIDE" >> $GITHUB_ENV
- name: Run Tests ${{ matrix.image.name }}
uses: smartcontractkit/.github/actions/ctf-run-tests@002596f65dc8eb807f5c8729dc1080921f7d0b24 # 0.2.1
with:
aws_registries: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}
test_command_to_run: nix develop -c sh -c "make test=${{ matrix.image.test-name }} test-integration-smoke-ci"
test_download_vendor_packages_command: cd integration-tests && nix develop -c go mod download
cl_repo: ${{ env.CL_ECR }}
cl_image_tag: starknet.${{ github.sha }}${{ matrix.image.tag-suffix }}
token: ${{ secrets.GITHUB_TOKEN }}
go_mod_path: ./integration-tests/go.mod
QA_AWS_REGION: ${{ secrets.QA_AWS_REGION }}
QA_AWS_ROLE_TO_ASSUME: ${{ secrets.QA_AWS_ROLE_TO_ASSUME }}
QA_KUBECONFIG: ${{ secrets.QA_KUBECONFIG }}
artifacts_location: /home/runner/work/chainlink-starknet/chainlink-starknet/integration-tests/smoke/logs
gati_token: ${{ steps.setup-github-token.outputs.access-token }}
env:
KILLGRAVE_INTERNAL_IMAGE: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.QA_AWS_REGION }}.amazonaws.com/friendsofgo/killgrave
CHAINLINK_IMAGE: ${{ env.CL_ECR }}
CHAINLINK_VERSION: starknet.${{ github.sha }}${{ matrix.image.tag-suffix }}
CHAINLINK_USER_TEAM: ${{ github.event.inputs.team || 'BIX' }}