Skip to content

Merge pull request #9880 from smartcontractkit/base-hotfix-2.3.0 #672

Merge pull request #9880 from smartcontractkit/base-hotfix-2.3.0

Merge pull request #9880 from smartcontractkit/base-hotfix-2.3.0 #672

Workflow file for this run

name: 'Build Chainlink and Publish'
on:
# Mimics old circleci behaviour
push:
tags:
- 'v*'
branches:
- master
- 'release/**'
jobs:
checks:
name: 'Checks'
runs-on: ubuntu-20.04
steps:
- name: Checkout repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Check for VERSION file bump on tags
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
uses: ./.github/actions/version-file-bump
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
build-sign-publish-chainlink:
needs: [checks]
if: ${{ ! startsWith(github.ref_name, 'release/') }}
runs-on: ubuntu-20.04
environment: build-publish
permissions:
id-token: write
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Build, sign and publish chainlink image
uses: ./.github/actions/build-sign-publish-chainlink
with:
publish: true
aws-role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }}
aws-role-duration-seconds: ${{ secrets.AWS_ROLE_DURATION_SECONDS }}
aws-region: ${{ secrets.AWS_REGION }}
sign-images: true
sign-method: 'keypair'
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosign-public-key: ${{ secrets.COSIGN_PUBLIC_KEY }}
cosign-password: ${{ secrets.COSIGN_PASSWORD }}
verify-signature: true
- name: Collect Metrics
if: always()
id: collect-gha-metrics
uses: smartcontractkit/push-gha-metrics-action@90fcbaac8ebf86da9c4d55dba24f6fe3029f0e0b
with:
basic-auth: ${{ secrets.GRAFANA_CLOUD_BASIC_AUTH }}
hostname: ${{ secrets.GRAFANA_CLOUD_HOST }}
this-job-name: build-sign-publish-chainlink
continue-on-error: true