add ccip goreleaser build (#14439)

* CCIP configs * Better directory structure * Fixes * Fixes * Fixes * add ccip goreleaser build * remove matrix.build and fix dockerfile for copy ccip/config dir * try again with [g] * another try * update build-publish for ccip prod * comment test * revert comment * remove ccip.Dockerfile --------- Co-authored-by: Mateusz Sekara <mateusz.sekara@gmail.com> Co-authored-by: Mateusz Sekara <mateusz.sekara@smartcontract.com>
smartcontractkit · Sep 20, 2024 · 4f9ed64 · 4f9ed64
1 parent d2d9568
commit 4f9ed64
Show file tree

Hide file tree

Showing 56 changed files with 1,596 additions and 21 deletions.
diff --git a/.github/workflows/build-publish-develop-pr.yml b/.github/workflows/build-publish-develop-pr.yml
@@ -21,6 +21,15 @@ env:
 
 jobs:
   goreleaser-build-publish-chainlink:
+    name: "goreleaser-build-publish-${{ matrix.image-name }}"
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - image-name: chainlink
+            goreleaser-config: .goreleaser.develop.yaml
+          - image-name: ccip
+            goreleaser-config: .goreleaser.ccip.develop.yaml
     runs-on: ubuntu-20.04
     permissions:
       id-token: write
@@ -68,32 +77,25 @@ jobs:
           role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_BUILD_PUBLISH_DEVELOP_PR }}
           aws-region: ${{ secrets.AWS_REGION }}
           mask-aws-account-id: true
-          role-session-name: goreleaser-build-publish-chainlink
+          role-session-name: goreleaser-build-publish-${{ matrix.image-name }}
 
       - name: Build and publish images
         uses: ./.github/actions/goreleaser-build-sign-publish
         with:
           enable-docker-publish: ${{ steps.get-image-tag.outputs.build-publish }}
           docker-registry: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
-          docker-image-name: chainlink
+          docker-image-name: ${{ matrix.image-name }}
           docker-image-tag: ${{ steps.get-image-tag.outputs.image-tag }}
           enable-goreleaser-snapshot: "true"
           goreleaser-exec: ./tools/bin/goreleaser_wrapper
-          goreleaser-config: .goreleaser.develop.yaml
+          goreleaser-config: ${{ matrix.goreleaser-config }}
           goreleaser-key: ${{ secrets.GORELEASER_KEY }}
           zig-version: 0.11.0
 
       - name: Output image name and digest
         if: steps.get-image-tag.outputs.build-publish == 'true'
         shell: bash
         run: |
-          # need to check if artifacts.json exists because goreleaser could split the build
-          if [[ -f dist/artifacts.json ]]; then
-            artifact_path="dist/artifacts.json"
-          else
-            artifact_path="dist/linux_${{ matrix.goarch }}/artifacts.json"
-            cat dist/linux_${{ matrix.goarch }}/artifacts.json
-          fi
           echo "### Docker Images" | tee -a "$GITHUB_STEP_SUMMARY"
           jq -r '.[] | select(.type == "Docker Image") | "\(.name)"' ${artifact_path} >> output.txt
           while read -r line; do
@@ -109,5 +111,5 @@ jobs:
           org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
           basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
           hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
-          this-job-name: goreleaser-build-publish-chainlink
+          this-job-name: goreleaser-build-publish-${{ matrix.image-name }}
         continue-on-error: true
diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
@@ -98,15 +98,27 @@ jobs:
           mask-aws-account-id: true
           role-session-name: goreleaser-build-sign-publish-chainlink
 
+      - name: Set build configs
+        shell: bash
+        id: set-build-configs
+        run: |
+          if [[ ${{ github.ref_name }} =~ "-ccip" ]]; then
+            echo "ECR_IMAGE_NAME=chainlink/ccip" | tee -a $GITHUB_OUTPUT
+            echo "GORELEASER_CONFIG=.goreleaser.ccip.production.yaml" | tee -a $GITHUB_OUTPUT
+          else
+            echo "ECR_IMAGE_NAME=chainlink/chainlink" | tee -a $GITHUB_OUTPUT
+            echo "GORELEASER_CONFIG=.goreleaser.production.yaml" | tee -a $GITHUB_OUTPUT
+          fi
+
       - name: Build, sign, and publish image
         id: goreleaser-build-sign-publish
         uses: ./.github/actions/goreleaser-build-sign-publish
         with:
           docker-registry: ${{ env.ECR_HOSTNAME}}
-          docker-image-name: ${{ env.ECR_IMAGE_NAME }}
+          docker-image-name: ${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}
           docker-image-tag: ${{ github.ref_name }}
           goreleaser-exec: ./tools/bin/goreleaser_wrapper
-          goreleaser-config: .goreleaser.production.yaml
+          goreleaser-config: ${{ steps.set-build-configs.outputs.GORELEASER_CONFIG }}
           goreleaser-key: ${{ secrets.GORELEASER_KEY }}
           zig-version: 0.11.0
           enable-cosign: true
@@ -124,10 +136,10 @@ jobs:
             echo "$line" | tee -a "$GITHUB_STEP_SUMMARY"
           done < output.txt
 
-          core_amd64_name="${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}:${{ github.ref_name }}-amd64"
-          plugins_amd64_name="${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}:${{ github.ref_name }}-plugins-amd64"
-          core_arm64_name="${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}:${{ github.ref_name }}-arm64"
-          plugins_arm64_name="${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}:${{ github.ref_name }}-plugins-arm64"
+          core_amd64_name="${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}:${{ github.ref_name }}-amd64"
+          plugins_amd64_name="${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}:${{ github.ref_name }}-plugins-amd64"
+          core_arm64_name="${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}:${{ github.ref_name }}-arm64"
+          plugins_arm64_name="${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}:${{ github.ref_name }}-plugins-arm64"
 
           echo "core_amd64_digest=$(jq -r --arg name "$core_amd64_name" '.[]|select(.type=="Published Docker Image" and .name==$name)|.extra.Digest' ${artifact_path})" | tee -a "$GITHUB_OUTPUT" "$GITHUB_STEP_SUMMARY"
           echo "plugins_amd64_digest=$(jq -r --arg name "$plugins_amd64_name" '.[]|select(.type=="Published Docker Image" and .name==$name)|.extra.Digest' ${artifact_path})" | tee -a "$GITHUB_OUTPUT" "$GITHUB_STEP_SUMMARY"
@@ -143,28 +155,28 @@ jobs:
         uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
         with:
           subject-digest: ${{ steps.get-image-name-digest.outputs.core_amd64_digest }}
-          subject-name: ${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}
+          subject-name: ${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}
           push-to-registry: true
 
       - name: Attest Docker image (plugins-amd64)
         uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
         with:
           subject-digest: ${{ steps.get-image-name-digest.outputs.plugins_amd64_digest }}
-          subject-name: ${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}
+          subject-name: ${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}
           push-to-registry: true
 
       - name: Attest Docker image (core-arm64)
         uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
         with:
           subject-digest: ${{ steps.get-image-name-digest.outputs.core_arm64_digest }}
-          subject-name: ${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}
+          subject-name: ${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}
           push-to-registry: true
 
       - name: Attest Docker image (plugins-arm64)
         uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
         with:
           subject-digest: ${{ steps.get-image-name-digest.outputs.plugins_arm64_digest }}
-          subject-name: ${{ env.ECR_HOSTNAME }}/${{ env.ECR_IMAGE_NAME }}
+          subject-name: ${{ env.ECR_HOSTNAME }}/${{ steps.set-build-configs.outputs.ECR_IMAGE_NAME }}
           push-to-registry: true
 
       - name: Upload SBOMs

diff --git a/.goreleaser.ccip.develop.yaml b/.goreleaser.ccip.develop.yaml
@@ -0,0 +1,229 @@
+project_name: chainlink
+
+version: 2
+
+env:
+  - ZIG_EXEC={{ if index .Env "ZIG_EXEC"  }}{{ .Env.ZIG_EXEC }}{{ else }}zig{{ end }}
+  - IMAGE_PREFIX={{ if index .Env "IMAGE_PREFIX"  }}{{ .Env.IMAGE_PREFIX }}{{ else }}localhost:5001{{ end }}
+  - IMAGE_NAME={{ if index .Env "IMAGE_NAME" }}{{ .Env.IMAGE_NAME }}{{ else }}chainlink{{ end }}
+  - IMAGE_TAG={{ if index .Env "IMAGE_TAG" }}{{ .Env.IMAGE_TAG }}{{ else }}develop{{ end }}
+  - IMAGE_LABEL_DESCRIPTION="node of the decentralized oracle network, bridging on and off-chain computation"
+  - IMAGE_LABEL_LICENSES="MIT"
+  - IMAGE_LABEL_SOURCE="https://github.com/smartcontractkit/{{ .ProjectName }}"
+
+before:
+  hooks:
+    - go mod tidy
+    - ./tools/bin/goreleaser_utils before_hook
+
+# See https://goreleaser.com/customization/build/
+builds:
+  - binary: chainlink
+    id: linux-arm64
+    goos:
+      - linux
+    goarch:
+      - arm64
+    hooks:
+      post: ./tools/bin/goreleaser_utils build_post_hook {{ dir .Path }} {{ .Os }} {{ .Arch }}
+    env:
+      - CGO_ENABLED=1
+      - CC=$ZIG_EXEC cc -target aarch64-linux-gnu
+      - CCX=$ZIG_EXEC c++ -target aarch64-linux-gnu
+    flags:
+      - -trimpath
+      - -buildmode=pie
+    ldflags:
+      - -s -w -r=$ORIGIN/libs
+      - -X github.com/smartcontractkit/chainlink/v2/core/static.Version={{ .Env.CHAINLINK_VERSION }}
+      - -X github.com/smartcontractkit/chainlink/v2/core/static.Sha={{ .FullCommit }}
+  - binary: chainlink
+    id: linux-amd64
+    goos:
+      - linux
+    goarch:
+      - amd64
+    hooks:
+      post: ./tools/bin/goreleaser_utils build_post_hook {{ dir .Path }} {{ .Os }} {{ .Arch }}
+    env:
+      - CGO_ENABLED=1
+      - CC=$ZIG_EXEC cc -target x86_64-linux-gnu
+      - CCX=$ZIG_EXEC c++ -target x86_64-linux-gnu
+    flags:
+      - -trimpath
+      - -buildmode=pie
+    ldflags:
+      - -s -w -r=$ORIGIN/libs
+      - -X github.com/smartcontractkit/chainlink/v2/core/static.Version={{ .Env.CHAINLINK_VERSION }}
+      - -X github.com/smartcontractkit/chainlink/v2/core/static.Sha={{ .FullCommit }}
+
+# See https://goreleaser.com/customization/docker/
+dockers:
+  - id: linux-amd64
+    dockerfile: core/chainlink.goreleaser.Dockerfile
+    use: buildx
+    goos: linux
+    goarch: amd64
+    extra_files:
+      - tmp/linux_amd64/libs
+      - tools/bin/ldd_fix
+      - ccip/config
+    build_flag_templates:
+      - "--platform=linux/amd64"
+      - "--pull"
+      - "--build-arg=CHAINLINK_USER=chainlink"
+      - "--build-arg=COMMIT_SHA={{ .FullCommit }}"
+      - "--build-arg=CL_CHAIN_DEFAULTS=/chainlink/ccip-config"
+      - "--label=org.opencontainers.image.created={{ .Date }}"
+      - "--label=org.opencontainers.image.description={{ .Env.IMAGE_LABEL_DESCRIPTION }}"
+      - "--label=org.opencontainers.image.licenses={{ .Env.IMAGE_LABEL_LICENSES }}"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.source={{ .Env.IMAGE_LABEL_SOURCE }}"
+      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
+      - "--label=org.opencontainers.image.version={{ .Env.CHAINLINK_VERSION }}"
+      - "--label=org.opencontainers.image.url={{ .Env.IMAGE_LABEL_SOURCE }}"
+    image_templates:
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}"
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-amd64"
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-amd64"
+  - id: linux-arm64
+    dockerfile: core/chainlink.goreleaser.Dockerfile
+    use: buildx
+    goos: linux
+    goarch: arm64
+    extra_files:
+      - tmp/linux_arm64/libs
+      - tools/bin/ldd_fix
+      - ccip/config
+    build_flag_templates:
+      - "--platform=linux/arm64"
+      - "--pull"
+      - "--build-arg=CHAINLINK_USER=chainlink"
+      - "--build-arg=COMMIT_SHA={{ .FullCommit }}"
+      - "--build-arg=CL_CHAIN_DEFAULTS=/chainlink/ccip-config"
+      - "--label=org.opencontainers.image.created={{ .Date }}"
+      - "--label=org.opencontainers.image.description={{ .Env.IMAGE_LABEL_DESCRIPTION }}"
+      - "--label=org.opencontainers.image.licenses={{ .Env.IMAGE_LABEL_LICENSES }}"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.source={{ .Env.IMAGE_LABEL_SOURCE }}"
+      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
+      - "--label=org.opencontainers.image.version={{ .Env.CHAINLINK_VERSION }}"
+      - "--label=org.opencontainers.image.url={{ .Env.IMAGE_LABEL_SOURCE }}"
+    image_templates:
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-arm64"
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-arm64"
+  - id: linux-amd64-plugins
+    dockerfile: core/chainlink.goreleaser.Dockerfile
+    use: buildx
+    goos: linux
+    goarch: amd64
+    extra_files:
+      - tmp/linux_amd64/libs
+      - tmp/linux_amd64/plugins
+      - tools/bin/ldd_fix
+      - ccip/config
+    build_flag_templates:
+      - "--platform=linux/amd64"
+      - "--pull"
+      - "--build-arg=CHAINLINK_USER=chainlink"
+      - "--build-arg=COMMIT_SHA={{ .FullCommit }}"
+      - "--build-arg=CL_MEDIAN_CMD=chainlink-feeds"
+      - "--build-arg=CL_MERCURY_CMD=chainlink-mercury"
+      - "--build-arg=CL_SOLANA_CMD=chainlink-solana"
+      - "--build-arg=CL_STARKNET_CMD=chainlink-starknet"
+      - "--build-arg=CL_CHAIN_DEFAULTS=/chainlink/ccip-config"
+      - "--label=org.opencontainers.image.created={{ .Date }}"
+      - "--label=org.opencontainers.image.description={{ .Env.IMAGE_LABEL_DESCRIPTION }}"
+      - "--label=org.opencontainers.image.licenses={{ .Env.IMAGE_LABEL_LICENSES }}"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.source={{ .Env.IMAGE_LABEL_SOURCE }}"
+      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
+      - "--label=org.opencontainers.image.version={{ .Env.CHAINLINK_VERSION }}"
+      - "--label=org.opencontainers.image.url={{ .Env.IMAGE_LABEL_SOURCE }}"
+    image_templates:
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-plugins"
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-plugins-amd64"
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-plugins-amd64"
+  - id: linux-arm64-plugins
+    dockerfile: core/chainlink.goreleaser.Dockerfile
+    use: buildx
+    goos: linux
+    goarch: arm64
+    extra_files:
+      - tmp/linux_arm64/libs
+      - tmp/linux_arm64/plugins
+      - tools/bin/ldd_fix
+      - ccip/config
+    build_flag_templates:
+      - "--platform=linux/arm64"
+      - "--pull"
+      - "--build-arg=CHAINLINK_USER=chainlink"
+      - "--build-arg=COMMIT_SHA={{ .FullCommit }}"
+      - "--build-arg=CL_MEDIAN_CMD=chainlink-feeds"
+      - "--build-arg=CL_MERCURY_CMD=chainlink-mercury"
+      - "--build-arg=CL_SOLANA_CMD=chainlink-solana"
+      - "--build-arg=CL_STARKNET_CMD=chainlink-starknet"
+      - "--build-arg=CL_CHAIN_DEFAULTS=/chainlink/ccip-config"
+      - "--label=org.opencontainers.image.created={{ .Date }}"
+      - "--label=org.opencontainers.image.description={{ .Env.IMAGE_LABEL_DESCRIPTION }}"
+      - "--label=org.opencontainers.image.licenses={{ .Env.IMAGE_LABEL_LICENSES }}"
+      - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+      - "--label=org.opencontainers.image.source={{ .Env.IMAGE_LABEL_SOURCE }}"
+      - "--label=org.opencontainers.image.title={{ .ProjectName }}"
+      - "--label=org.opencontainers.image.version={{ .Env.CHAINLINK_VERSION }}"
+      - "--label=org.opencontainers.image.url={{ .Env.IMAGE_LABEL_SOURCE }}"
+    image_templates:
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-plugins-arm64"
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-plugins-arm64"
+
+# See https://goreleaser.com/customization/docker_manifest/
+docker_manifests:
+  - name_template: "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}"
+    image_templates:
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}"
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-amd64"
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-arm64"
+  - name_template: "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}"
+    image_templates:
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-amd64"
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-arm64"
+  - name_template: "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-plugins"
+    image_templates:
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-plugins"
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-plugins-amd64"
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:{{ .Env.IMAGE_TAG }}-plugins-arm64"
+  - name_template: "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-plugins"
+    image_templates:
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-plugins-amd64"
+      - "{{ .Env.IMAGE_PREFIX }}/{{ .Env.IMAGE_NAME }}:sha-{{ .ShortCommit }}-plugins-arm64"
+
+# See https://goreleaser.com/customization/docker_sign/
+docker_signs:
+  - artifacts: all
+    args:
+      - "sign"
+      - "${artifact}"
+      - "--yes"
+
+checksum:
+  name_template: "checksums.txt"
+
+snapshot:
+  version_template: "{{ .Env.CHAINLINK_VERSION }}-{{ .ShortCommit }}"
+
+partial:
+  by: target
+
+# See https://goreleaser.com/customization/release/
+release:
+  disable: true
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"
+# modelines, feel free to remove those if you don't want/use them:
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj