Skip to content

Commit

Permalink
feature: gha commit signing (#594)
Browse files Browse the repository at this point in the history 
* commit signing for solana image bump

* commit signing for e2e test dep bump

* add changes check

* testing shared logic

* shared logic for testing deps

* disable on push
  • Loading branch information
@aalu1418
aalu1418 authored Feb 21, 2024
1 parent c586953 commit 96d73a7
Show file tree
Hide file tree
Showing 2 changed files with 116 additions and 96 deletions.
138 changes: 42 additions & 96 deletions .github/workflows/dependency-updates.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,102 +6,48 @@ on:

jobs:
E2E-Solana-Image:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3 # checkout branch that it is called from
- name: Check for solana image updates
id: solImage
run: |
make upgrade-e2e-solana-image
image=$(curl https://api.github.com/repos/solana-labs/solana/releases/latest | jq -r '.tag_name')
echo "image=$image" >> "$GITHUB_OUTPUT"
- name: Check if PR exists
id: check
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
prs=$(gh pr list \
--repo "$GITHUB_REPOSITORY" \
--head "bump/solana-${{ steps.solImage.outputs.image }}" \
--json title \
--jq 'length')
if ((prs > 0)); then
echo "skip=true" >> "$GITHUB_OUTPUT"
fi
- name: Create pull request
if: '!steps.check.outputs.skip'
uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
with:
title: "[automated] bump solana image to ${{ steps.solImage.outputs.image }}"
branch: bump/solana-${{ steps.solImage.outputs.image }}
author: "github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>"
reviewers: aalu1418
commit-message: "[automated] bump solana dependencies"
body: |
Latest Solana mainnet release is [\"${{ steps.solImage.outputs.image }}\"](https://github.com/solana-labs/solana/releases/latest)
(run CI by closing + reopening PR)
uses: ./.github/workflows/open-pr.yml
with:
reviewers: aalu1418
run: |
make upgrade-e2e-solana-image
image=$(curl https://api.github.com/repos/solana-labs/solana/releases/latest | jq -r '.tag_name')
# outputs
echo "name=bump/solana-$image" >> "$GITHUB_OUTPUT"
echo "prTitle=[automated] bump solana image to $image" >> "$GITHUB_OUTPUT"
echo "prBody=(run CI by closing + reopening PR) Latest Solana mainnet release is [$image](https://github.com/solana-labs/solana/releases/latest)" >> "$GITHUB_OUTPUT"
echo "commitString=[automated] bump solana dependencies" >> "$GITHUB_OUTPUT"
secrets: inherit
E2E-Testing-Dependencies:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup go
uses: actions/setup-go@v3
with:
go-version-file: "go.mod"
check-latest: true
cache: true
# ------ Get CTF version from core ------------
- uses: actions/checkout@v3
with:
repository: smartcontractkit/chainlink
ref: develop
path: ./chainlink
- name: Check CTF version in core
id: coreCTF
working-directory: ./chainlink
run: |
cd integration-tests
version=$(go list -m github.com/smartcontractkit/chainlink-testing-framework | awk '{print $NF}')
echo "chainlink/integration-tests CTF: $version"
echo "version=$version" >> "$GITHUB_OUTPUT"
cd ../../
rm -rf chainlink
# -------- Compare to chainlink-solana/integration-tests --------------
- name: Check CTF version in chainlink-solana
id: solanaCTF
run: |
cd integration-tests
version=$(go list -m github.com/smartcontractkit/chainlink-testing-framework | awk '{print $NF}')
echo "chainlink-solana/integrationt-tests CTF: $version"
echo "version=$version" >> "$GITHUB_OUTPUT"
- name: Update integration test dependencies
if: ${{ steps.coreCTF.outputs.version != steps.solanaCTF.outputs.version }}
run: |
uses: ./.github/workflows/open-pr.yml
with:
reviewers: aalu1418
run: |
# get CTF version in core
git clone https://github.com/smartcontractkit/chainlink.git temp-chainlink
cd temp-chainlink/integration-tests
coreVersion=$(go list -m github.com/smartcontractkit/chainlink-testing-framework | awk '{print $NF}')
cd ../../
rm -rf temp-chainlink
echo "chainlink/integration-tests CTF: $coreVersion"
# get CTF version in solana
cd integration-tests
solVersion=$(go list -m github.com/smartcontractkit/chainlink-testing-framework | awk '{print $NF}')
echo "chainlink-solana/integration-tests CTF: $solVersion"
cd ../
# compare versions
if [[ $coreVersion != $solVersion ]]; then
make upgrade-e2e-core-deps
make gomodtidy
# --------- Build PR if necessary --------------------
- name: Check if PR exists
id: check
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
prs=$(gh pr list \
--repo "$GITHUB_REPOSITORY" \
--head "bump/e2e-test-deps-${{ steps.coreCTF.outputs.version }}" \
--json title \
--jq 'length')
if ((prs > 0)); then
echo "skip=true" >> "$GITHUB_OUTPUT"
fi
- name: Create pull request
if: '!steps.check.outputs.skip'
uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
with:
title: "[automated] bump e2e test deps to match chainlink/integration-tests"
branch: bump/e2e-test-deps-${{ steps.coreCTF.outputs.version }}
author: "github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>"
reviewers: aalu1418
commit-message: "[automated] bump e2e <> core/integration-tests dependencies"
body: |
chainlink/integration-tests uses chainlink-testing-framework@${{ steps.coreCTF.outputs.version }}
(run CI by closing + reopening PR)
fi
# outputs
echo "name=bump/e2e-deps-$coreVersion" >> "$GITHUB_OUTPUT"
echo "prTitle=[automated] bump e2e test deps to match chainlink/integration-tests" >> "$GITHUB_OUTPUT"
echo "prBody=(run CI by closing + reopening PR) chainlink/integration-tests uses chainlink-testing-framework@$coreVersion" >> "$GITHUB_OUTPUT"
echo "commitString=[automated] bump e2e <> core/integration-tests dependencies" >> "$GITHUB_OUTPUT"
secrets: inherit
74 changes: 74 additions & 0 deletions .github/workflows/open-pr.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
name: Open PR With Signed Commit

on:
workflow_call:
inputs:
run:
required: true
type: string
reviewers:
required: false
type: string

jobs:
create-commits-and-pr:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3 # checkout branch that it is called from
- uses: actions/setup-go@v3
with:
go-version-file: "go.mod"
check-latest: true
cache: true
- name: Run changes
id: run
run: ${{ inputs.run }}
- run: |
echo "must have branch name output set"
exit 1
if: '!steps.run.outputs.name'
- name: Check if changes + PR exists
id: check
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
prs=$(gh pr list \
--repo "$GITHUB_REPOSITORY" \
--head "${{ steps.run.outputs.name }}" \
--json title \
--jq 'length')
if ((prs > 0)) || [ -z "$(git status --porcelain)" ]; then
echo "skip=true" >> "$GITHUB_OUTPUT"
fi
- name: "Create new branch if needed"
id: branch
if: '!steps.check.outputs.skip'
env:
SHA: ${{ github.head_ref || github.ref_name }}
run: |
echo "original=$SHA" >> "$GITHUB_OUTPUT"
git branch "${{ steps.run.outputs.name }}"
git push origin "${{ steps.run.outputs.name }}"
- uses: planetscale/[email protected]
if: '!steps.check.outputs.skip'
with:
commit_message: ${{ steps.run.outputs.commitString }}
repo: ${{ github.repository }}
branch: "${{ steps.run.outputs.name }}"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Cleanup branch"
if: '!steps.check.outputs.skip'
run: |
git reset --hard
git branch --set-upstream-to=origin/${{ steps.run.outputs.name }}
git pull
- name: Create pull request
if: '!steps.check.outputs.skip'
uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
with:
title: ${{ steps.run.outputs.prTitle }}
base: ${{ steps.branch.outputs.original }}
branch: ${{ steps.run.outputs.name }}
reviewers: ${{ inputs.reviewers }}
body: ${{ steps.run.outputs.prBody }}

0 comments on commit 96d73a7

Please sign in to comment.