Skip to content

Commit

Permalink
Launch CRIBs on pre-release tags (#15805)
Browse files Browse the repository at this point in the history
* Refactor to use composite action

* Fix bug to get only tagged image

* Launch CRIB on pre-release tags

* Use pinned sha versions for actions

* Use released version of action

* Fix k8s api endpoint input for crib action

* Fix conditional with input prefix

* Revert to previously working setup-gap actions

* Add required env vars back for integration tests

* Add GAP URL for integration tests
  • Loading branch information
chainchad authored Dec 28, 2024
1 parent 498b0b8 commit b5c671e
Show file tree
Hide file tree
Showing 4 changed files with 213 additions and 96 deletions.
6 changes: 3 additions & 3 deletions .github/actions/build-sign-publish-chainlink/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -210,12 +210,12 @@ runs:
IMAGES_NAME_RAW=${{ fromJSON(steps.buildpush-nonroot.outputs.metadata)['image.name'] }}
IMAGE_DIGEST=${{ fromJSON(steps.buildpush-nonroot.outputs.metadata)['containerimage.digest'] }}
IMAGE_NAME=$(echo "$IMAGES_NAME_RAW" | cut -d"," -f1)
IMAGE_TAG=$(echo "$IMAGES_NAME_RAW" | cut -d":" -f2)
IMAGE_TAG=$(echo "$IMAGE_NAME" | cut -d":" -f2)
echo "nonroot_image_name=${IMAGE_NAME}" >> $GITHUB_ENV
echo "nonroot_image_digest=${IMAGE_DIGEST}" >> $GITHUB_ENV
echo '### Docker Image' >> $GITHUB_STEP_SUMMARY
echo "Image Name: ${IMAGE_NAME}" >> $GITHUB_STEP_SUMMARY
echo "Image Digest: ${IMAGE_DIGEST}" >> $GITHUB_STEP_SUMMARY
echo "Image Name: ${IMAGE_NAME}" >> $GITHUB_STEP_SUMMARY
echo "Image Digest: ${IMAGE_DIGEST}" >> $GITHUB_STEP_SUMMARY
echo "image-tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
echo "image-digest=${IMAGE_DIGEST}" >> $GITHUB_OUTPUT
Expand Down
156 changes: 156 additions & 0 deletions .github/actions/crib/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,156 @@
name: "CRIB Action"
description: "Spin up a CRIB environment. Optionally run tests and tear it down."

inputs:
aws-role-duration-seconds:
description: "Duration in seconds for AWS role"
required: false
default: "3600"
aws-role-arn:
description: "AWS Role ARN for CRIB"
required: true
aws-region:
description: "AWS Region"
required: true
aws-account-id:
description: "AWS Account ID"
required: true
api-gw-host-crib:
description: "API Gateway Host for CRIB"
required: true
api-gw-host-k8s:
description: "API Gateway Host for K8s"
required: true
k8s-api-endpoint:
description: "Kubernetes API endpoint"
required: true
k8s-cluster-name:
description: "Kubernetes cluster name"
required: true
aws-token-issuer-role-arn:
description: "AWS Role ARN for token issuer"
required: true
aws-token-issuer-lambda-url:
description: "AWS Lambda URL for token issuer"
required: true
ingress-base-domain:
description: "Ingress base domain"
required: true
k8s-staging-ingress-suffix:
description: "K8S staging ingress suffix"
required: true
gap-url-integration-tests:
description: "GAP URL for integration tests"
required: true
crib-alert-slack-webhook:
description: "CRIB alert Slack webhook"
required: true
crib-chainlink-docker-image-name:
description: "Docker image name"
required: true
crib-chainlink-docker-image-tag:
description: "Docker image tag"
required: true
crib-cleanup-ttl:
# See: https://kyverno.io/docs/writing-policies/cleanup/
description: "Time to keep environment up for before destroying it. Examples: 15m, 1h, 3d"
required: false
default: "1h"
crib-destroy-environment:
description: "Whether to destroy the CRIB environment after testing"
required: false
default: "true"
integration-tests-run:
description: "Whether to run integration tests"
required: false
default: "true"

runs:
using: "composite"
steps:
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
with:
nix_path: nixpkgs=channel:nixos-unstable

- name: setup-gap crib
uses: smartcontractkit/.github/actions/setup-gap@00b58566e0ee2761e56d9db0ea72b783fdb89b8d # setup-gap@0.4.0
with:
aws-role-duration-seconds: ${{ inputs.aws-role-duration-seconds }}
aws-role-arn: ${{ inputs.aws-role-arn }}
api-gateway-host: ${{ inputs.api-gw-host-crib }}
aws-region: ${{ inputs.aws-region }}
ecr-private-registry: ${{ inputs.aws-account-id }}
k8s-cluster-name: ${{ inputs.k8s-cluster-name }}
gap-name: crib
use-private-ecr-registry: true
use-tls: true
proxy-port: 8080

- name: setup-gap k8s
uses: smartcontractkit/.github/actions/setup-gap@00b58566e0ee2761e56d9db0ea72b783fdb89b8d # setup-gap@0.4.0
with:
aws-role-duration-seconds: ${{ inputs.aws-role-duration-seconds }}
aws-role-arn: ${{ inputs.aws-role-arn }}
api-gateway-host: ${{ inputs.api-gw-host-k8s }}
aws-region: ${{ inputs.aws-region }}
ecr-private-registry: ${{ inputs.aws-account-id }}
k8s-cluster-name: ${{ inputs.k8s-cluster-name }}
gap-name: k8s
use-private-ecr-registry: true
use-k8s: true
proxy-port: 8443

- name: Setup GitHub token using GATI
id: token
uses: smartcontractkit/.github/actions/setup-github-token@ef78fa97bf3c77de6563db1175422703e9e6674f # setup-github-token@0.2.1
with:
aws-role-arn: ${{ inputs.aws-token-issuer-role-arn }}
aws-lambda-url: ${{ inputs.aws-token-issuer-lambda-url }}
aws-region: ${{ inputs.aws-region }}
aws-role-duration-seconds: "1800"

- name: Deploy and validate CRIB Environment for Core
uses: smartcontractkit/.github/actions/crib-deploy-environment@815e0d550527897746e889441407926d7e28169c # crib-deploy-environment@7.4.0
id: deploy-crib
with:
github-token: ${{ steps.token.outputs.access-token }}
aws-ecr-private-registry: ${{ inputs.aws-account-id }}
aws-region: ${{ inputs.aws-region }}
aws-role-arn: ${{ inputs.aws-role-arn }}
ingress-base-domain: ${{ inputs.ingress-base-domain }}
k8s-api-endpoint: ${{ inputs.k8s-api-endpoint }}
k8s-cluster-name: ${{ inputs.k8s-cluster-name }}
chainlink-team: releng
chainlink-product: crib
command: "core-dev-simulated-core-ocr1"
crib-alert-slack-webhook: ${{ inputs.crib-alert-slack-webhook }}
product-image: ${{ inputs.crib-chainlink-docker-image-name }}
product-image-tag: ${{ inputs.crib-chainlink-docker-image-tag }}
ns-ttl: ${{ inputs.crib-cleanup-ttl }}

- name: Set up Go
uses: ./.github/actions/setup-go
with:
go-version-file: "go.mod"

- name: Run CRIB integration test
if: inputs.integration-tests-run == 'true'
shell: bash
working-directory: integration-tests/crib
env:
K8S_STAGING_INGRESS_SUFFIX: ${{ inputs.k8s-staging-ingress-suffix }}
CRIB_NAMESPACE: ${{ steps.deploy-crib.outputs.devspace-namespace }}
CRIB_NETWORK: geth
CRIB_NODES: 5
GAP_URL: ${{ inputs.gap-url-integration-tests }}
SETH_LOG_LEVEL: info
TEST_PERSISTENCE: true
E2E_TEST_CHAINLINK_IMAGE: public.ecr.aws/chainlink/chainlink
E2E_TEST_CHAINLINK_VERSION: latest
run: go test -v -run TestCRIBChaos

- name: Destroy CRIB Environment
if: inputs.crib-destroy-environment == 'true' && always() && steps.deploy-crib.outputs.devspace-namespace != ''
uses: smartcontractkit/.github/actions/crib-purge-environment@142671bc21953c8cc3edbd21848c50b5ec201c2a # crib-purge-environment@0.3.0
with:
namespace: ${{ steps.deploy-crib.outputs.devspace-namespace }}
40 changes: 40 additions & 0 deletions .github/workflows/build-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ jobs:
outputs:
git-tag-type: ${{ steps.check-git-tag-type.outputs.git-tag-type }}
ecr-image-name: ${{ steps.check-git-tag-type.outputs.ecr-image-name }}
is-release: ${{ steps.release-tag-check.outputs.is-release }}
is-pre-release: ${{ steps.release-tag-check.outputs.is-pre-release }}
steps:
- name: Checkout repository
uses: actions/checkout@v4.2.1
Expand All @@ -38,6 +40,9 @@ jobs:
echo "git-tag-type=core" | tee -a "$GITHUB_OUTPUT"
echo "ecr-image-name=chainlink/chainlink" | tee -a "$GITHUB_OUTPUT"
fi
- name: Check release tag
id: release-tag-check
uses: smartcontractkit/.github/actions/release-tag-check@c5c4a8186da4218cff6cac8184e47dd3dec69ba3 # release-tag-check@0.1.0
- name: Fail if CCIP release has wrong version
if: ${{ steps.check-git-tag-type.outputs.git-tag-type == 'ccip' }}
run: |
Expand Down Expand Up @@ -136,3 +141,38 @@ jobs:
github.ref_type == 'tag' &&
needs.build-sign-publish-chainlink.outputs.docker-image-digest || ''
}}
crib:
needs: [checks, build-sign-publish-chainlink]
# Only spin up CRIB on pre-releases (beta, rc).
if: needs.checks.outputs.is-pre-release == 'true'
runs-on: ubuntu-latest
environment: integration
permissions:
id-token: write
contents: read
actions: read
steps:
- name: Checkout repository
uses: actions/checkout@v4.2.1
with:
persist-credentials: false

- name: Run Core CRIB Integration Tests
uses: ./.github/actions/crib
with:
aws-role-arn: ${{ secrets.AWS_OIDC_CRIB_ROLE_ARN_STAGE }}
aws-region: ${{ secrets.AWS_REGION }}
aws-account-id: ${{ secrets.AWS_ACCOUNT_ID_PROD }}
api-gw-host-crib: ${{ secrets.AWS_API_GW_HOST_CRIB_STAGE }}
api-gw-host-k8s: ${{ secrets.AWS_API_GW_HOST_K8S_STAGE }}
k8s-api-endpoint: ${{ secrets.GAP_HOST_K8S_STAGE }}
k8s-cluster-name: ${{ secrets.AWS_K8S_CLUSTER_NAME_STAGE }}
aws-token-issuer-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }}
aws-token-issuer-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }}
ingress-base-domain: ${{ secrets.INGRESS_BASE_DOMAIN_STAGE }}
k8s-staging-ingress-suffix: ${{ secrets.K8S_STAGING_INGRESS_SUFFIX }}
gap-url-integration-tests: ${{ secrets.GAP_URL }}
crib-alert-slack-webhook: ${{ secrets.CRIB_ALERT_SLACK_WEBHOOK }}
crib-chainlink-docker-image-name: ${{ format('{0}/{1}', env.ECR_HOSTNAME, needs.checks.outputs.ecr-image-name) }}
crib-chainlink-docker-image-tag: ${{ needs.build-sign-publish-chainlink.outputs.docker-image-tag}}
crib-cleanup-ttl: "3d"
107 changes: 14 additions & 93 deletions .github/workflows/crib-integration-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,11 @@ on:
schedule:
- cron: "0 1 * * *"
workflow_call:

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
test:
runs-on: ubuntu-latest
Expand All @@ -23,102 +25,21 @@ jobs:
with:
persist-credentials: false

- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
with:
nix_path: nixpkgs=channel:nixos-unstable

- name: setup-gap crib
uses: smartcontractkit/.github/actions/setup-gap@00b58566e0ee2761e56d9db0ea72b783fdb89b8d # setup-gap@0.4.0
with:
aws-role-duration-seconds: 3600 # 1 hour
aws-role-arn: ${{ secrets.AWS_OIDC_CRIB_ROLE_ARN_STAGE }}
api-gateway-host: ${{ secrets.AWS_API_GW_HOST_CRIB_STAGE }}
aws-region: ${{ secrets.AWS_REGION }}
ecr-private-registry: ${{ secrets.AWS_ACCOUNT_ID_PROD }}
k8s-cluster-name: ${{ secrets.AWS_K8S_CLUSTER_NAME_STAGE }}
gap-name: crib
use-private-ecr-registry: true
use-tls: true
proxy-port: 8080
metrics-job-name: "test"
gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }}
gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}

- name: setup-gap k8s
uses: smartcontractkit/.github/actions/setup-gap@00b58566e0ee2761e56d9db0ea72b783fdb89b8d # setup-gap@0.4.0
- name: Run CRIB Integration Tests
uses: ./.github/actions/crib
with:
aws-role-duration-seconds: 3600 # 1 hour
aws-role-arn: ${{ secrets.AWS_OIDC_CRIB_ROLE_ARN_STAGE }}
api-gateway-host: ${{ secrets.AWS_API_GW_HOST_K8S_STAGE }}
aws-region: ${{ secrets.AWS_REGION }}
ecr-private-registry: ${{ secrets.AWS_ACCOUNT_ID_PROD }}
k8s-cluster-name: ${{ secrets.AWS_K8S_CLUSTER_NAME_STAGE }}
gap-name: k8s
use-private-ecr-registry: true
use-k8s: true
proxy-port: 8443
metrics-job-name: "test"
gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }}
gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}

- name: Setup GitHub token using GATI
id: token
uses: smartcontractkit/.github/actions/setup-github-token@c0b38e6c40d72d01b8d2f24f92623a2538b3dedb # main
with:
aws-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }}
aws-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }}
aws-region: ${{ secrets.AWS_REGION }}
aws-role-duration-seconds: "1800"
- name: Debug workspace dir
shell: bash
run: |
echo ${{ github.workspace }}
echo $GITHUB_WORKSPACE
- name: Deploy and validate CRIB Environment for Core
uses: smartcontractkit/.github/actions/crib-deploy-environment@815e0d550527897746e889441407926d7e28169c # crib-deploy-environment@7.4.0
id: deploy-crib
with:
github-token: ${{ steps.token.outputs.access-token }}
aws-ecr-private-registry: ${{ secrets.AWS_ACCOUNT_ID_PROD }}
aws-region: ${{ secrets.AWS_REGION }}
aws-role-arn: ${{ secrets.AWS_OIDC_CRIB_ROLE_ARN_STAGE }}
ingress-base-domain: ${{ secrets.INGRESS_BASE_DOMAIN_STAGE }}
aws-account-id: ${{ secrets.AWS_ACCOUNT_ID_PROD }}
api-gw-host-crib: ${{ secrets.AWS_API_GW_HOST_CRIB_STAGE }}
api-gw-host-k8s: ${{ secrets.AWS_API_GW_HOST_K8S_STAGE }}
k8s-api-endpoint: ${{ secrets.GAP_HOST_K8S_STAGE }}
k8s-cluster-name: ${{ secrets.AWS_K8S_CLUSTER_NAME_STAGE }}
chainlink-team: releng
chainlink-product: crib
command: "core-dev-simulated-core-ocr1"
aws-token-issuer-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }}
aws-token-issuer-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }}
ingress-base-domain: ${{ secrets.INGRESS_BASE_DOMAIN_STAGE }}
k8s-staging-ingress-suffix: ${{ secrets.K8S_STAGING_INGRESS_SUFFIX }}
gap-url-integration-tests: ${{ secrets.GAP_URL }}
crib-alert-slack-webhook: ${{ secrets.CRIB_ALERT_SLACK_WEBHOOK }}
product-image: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}/chainlink
product-image-tag: develop
- uses: actions/checkout@v4.2.1
with:
persist-credentials: false
- name: Set up Go
uses: ./.github/actions/setup-go
with:
go-version-file: "go.mod"
- name: Run CRIB integration test
working-directory: integration-tests/crib
env:
K8S_STAGING_INGRESS_SUFFIX: ${{ secrets.K8S_STAGING_INGRESS_SUFFIX }}
CRIB_NAMESPACE: ${{ steps.deploy-crib.outputs.devspace-namespace }}
CRIB_NETWORK: geth
CRIB_NODES: 5
GAP_URL: ${{ secrets.GAP_URL }}
SETH_LOG_LEVEL: info
# RESTY_DEBUG: true
TEST_PERSISTENCE: true
E2E_TEST_CHAINLINK_IMAGE: public.ecr.aws/chainlink/chainlink
E2E_TEST_CHAINLINK_VERSION: latest
run: |-
go test -v -run TestCRIBChaos
- name: Destroy CRIB Environment
id: destroy
if: always() && steps.deploy-crib.outputs.devspace-namespace != ''
uses: smartcontractkit/.github/actions/crib-purge-environment@c0b38e6c40d72d01b8d2f24f92623a2538b3dedb # crib-purge-environment@0.1.0
with:
namespace: ${{ steps.deploy-crib.outputs.devspace-namespace }}
crib-chainlink-docker-image-name: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}/chainlink
crib-chainlink-docker-image-tag: develop

0 comments on commit b5c671e

Please sign in to comment.