Skip to content

Initial implementation of Configurator for LLO #267

Initial implementation of Configurator for LLO

Initial implementation of Configurator for LLO #267

# This workflow handles the enforcement of code Traceability via changesets and jira issue linking for our Solidity codebase.
name: Solidity Tracability
on:
merge_group:
pull_request:
defaults:
run:
shell: bash
jobs:
files-changed:
# The job skips on merge_group events, and any release branches, and forks
# Since we only want to enforce Jira issues on pull requests related to feature branches
if: ${{ github.event_name != 'merge_group' && !startsWith(github.head_ref, 'release/') && github.event.pull_request.head.repo.full_name == 'smartcontractkit/chainlink' }}
name: Detect Changes
runs-on: ubuntu-latest
outputs:
source: ${{ steps.files-changed.outputs.source }}
changesets: ${{ steps.files-changed.outputs.changesets }}
changesets_files: ${{ steps.files-changed.outputs.changesets_files }}
steps:
- name: Checkout the repo
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Filter paths
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: files-changed
with:
list-files: "json"
# This is a valid input, see https://github.com/dorny/paths-filter/pull/226
predicate-quantifier: "every"
filters: |
source:
- contracts/**/*.sol
- '!contracts/**/*.t.sol'
changesets:
- 'contracts/.changeset/**'
enforce-traceability:
# Note: A job that is skipped will report its status as "Success".
# It will not prevent a pull request from merging, even if it is a required check.
needs: [files-changed]
# We only want to run this job if the source files have changed
if: ${{ needs.files-changed.outputs.source == 'true' }}
name: Enforce Traceability
runs-on: ubuntu-latest
permissions:
actions: read
id-token: write
contents: read
pull-requests: write
steps:
# https://github.com/planetscale/ghcommit-action/blob/c7915d6c18d5ce4eb42b0eff3f10a29fe0766e4c/README.md?plain=1#L41
#
# Include the pull request ref in the checkout action to prevent merge commit
# https://github.com/actions/checkout?tab=readme-ov-file#checkout-pull-request-head-commit-instead-of-merge-commit
- name: Checkout the repo
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Assume role capable of dispatching action
uses: smartcontractkit/.github/actions/setup-github-token@ef78fa97bf3c77de6563db1175422703e9e6674f # [email protected]
id: get-gh-token
with:
aws-role-arn: ${{ secrets.AWS_OIDC_CHAINLINK_CI_AUTO_PR_TOKEN_ISSUER_ROLE_ARN }}
aws-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Make a comment
uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0
with:
message: |
I see you updated files related to `contracts`. Please run `pnpm changeset` in the `contracts` directory to add a changeset.
reactions: eyes
comment_tag: changeset-contracts
# If the changeset is added, then we delete the comment, otherwise we add it.
mode: ${{ needs.files-changed.outputs.changesets == 'true' && 'delete' || 'upsert' }}
# We only create the comment if the changeset is not added
create_if_not_exists: ${{ needs.files-changed.outputs.changesets == 'true' && 'false' || 'true' }}
- name: Check for new changeset for contracts
if: ${{ needs.files-changed.outputs.changesets == 'false' }}
shell: bash
run: |
echo "Please run pnpm changeset to add a changeset for contracts."
exit 1
- name: Setup NodeJS
uses: ./.github/actions/setup-nodejs
- name: Setup Jira
working-directory: ./.github/scripts/jira
run: pnpm i
# Because of our earlier checks, we know that both the source and changeset files have changed
- name: Enforce Traceability
working-directory: ./.github/scripts/jira
run: |
echo "COMMIT_MESSAGE=$(git log -1 --pretty=format:'%s')" >> $GITHUB_ENV
pnpm issue:enforce
env:
CHANGESET_FILES: ${{ needs.files-changed.outputs.changesets_files }}
PR_TITLE: ${{ github.event.pull_request.title }}
BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
JIRA_HOST: ${{ vars.JIRA_HOST }}
JIRA_USERNAME: ${{ secrets.JIRA_USERNAME }}
JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Commit appended changeset file back to repo
- uses: planetscale/ghcommit-action@13a844326508cdefc72235201bb0446d6d10a85f # v0.1.6
with:
commit_message: "[Bot] Update changeset file with jira issue"
repo: ${{ github.repository }}
branch: ${{ github.head_ref }}
file_pattern: "contracts/.changeset/*"
env:
GITHUB_TOKEN: ${{ steps.get-gh-token.outputs.access-token }}
- name: Collect Metrics
id: collect-gha-metrics
if: always()
uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1
with:
id: soldity-traceability
org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
this-job-name: Enforce Traceability
continue-on-error: true