Skip to content

Commit

Permalink
Notify slack on new (pre)release tags (#13914)
Browse files Browse the repository at this point in the history
* Notify slack on new release tags and release branches

* Add changelog url

* Use released version of action

* Only notify slack on tags
  • Loading branch information
chainchad authored Jul 23, 2024
1 parent 2b09956 commit 780d304
Show file tree
Hide file tree
Showing 2 changed files with 61 additions and 0 deletions.
10 changes: 10 additions & 0 deletions .github/actions/build-sign-publish-chainlink/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,13 @@ inputs:
description: When set to the string boolean value of "true", the resulting build image signature will be verified
default: "false"
required: false
outputs:
docker-image-tag:
description: The docker image tag that was built and pushed
value: ${{ steps.save-non-root-image-name-env.outputs.image-tag }}
docker-image-digest:
description: The docker image digest that was built and pushed
value: ${{ steps.save-non-root-image-name-env.outputs.image-digest }}

runs:
using: composite
Expand Down Expand Up @@ -208,10 +215,13 @@ runs:
IMAGES_NAME_RAW=${{ fromJSON(steps.buildpush-nonroot.outputs.metadata)['image.name'] }}
IMAGE_DIGEST=${{ fromJSON(steps.buildpush-nonroot.outputs.metadata)['containerimage.digest'] }}
IMAGE_NAME=$(echo "$IMAGES_NAME_RAW" | cut -d"," -f1)
IMAGE_TAG=$(echo "$IMAGES_NAME_RAW" | cut -d":" -f2)
echo "nonroot_image_name=${IMAGE_NAME}" >> $GITHUB_ENV
echo '### Docker Image' >> $GITHUB_STEP_SUMMARY
echo "Image Name: ${IMAGE_NAME}" >> $GITHUB_STEP_SUMMARY
echo "Image Digest: ${IMAGE_DIGEST}" >> $GITHUB_STEP_SUMMARY
echo "image-tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
echo "image-digest=${IMAGE_DIGEST}" >> $GITHUB_OUTPUT
- name: Check if non-root image runs as root
id: check-nonroot-runs-root
Expand Down
51 changes: 51 additions & 0 deletions .github/workflows/build-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ on:
branches:
- "release/**"

env:
ECR_HOSTNAME: public.ecr.aws
ECR_IMAGE_NAME: chainlink/chainlink

jobs:
checks:
name: "Checks"
Expand All @@ -30,17 +34,23 @@ jobs:
permissions:
id-token: write
contents: read
outputs:
docker-image-tag: ${{ steps.build-sign-publish.outputs.docker-image-tag }}
docker-image-digest: ${{ steps.build-sign-publish.outputs.docker-image-digest }}
steps:
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2

- name: Build, sign and publish chainlink image
id: build-sign-publish
uses: ./.github/actions/build-sign-publish-chainlink
with:
publish: true
aws-role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }}
aws-role-duration-seconds: ${{ secrets.AWS_ROLE_DURATION_SECONDS }}
aws-region: ${{ secrets.AWS_REGION }}
ecr-hostname: ${{ env.ECR_HOSTNAME }}
ecr-image-name: ${{ env.ECR_IMAGE_NAME }}
sign-images: true
sign-method: "keypair"
cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
Expand All @@ -60,3 +70,44 @@ jobs:
hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
this-job-name: build-sign-publish-chainlink
continue-on-error: true

# Notify Slack channel for new git tags.
slack-notify:
if: github.ref_type == 'tag'
needs: [build-sign-publish-chainlink]
runs-on: ubuntu-24.04
environment: build-publish
steps:
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Notify Slack
uses: smartcontractkit/.github/actions/slack-notify-git-ref@7fa90bbeff35aa6ce3a9054f542bcf10b7d47cec # slack-notify-git-ref@0.1.0
with:
slack-channel-id: ${{ secrets.SLACK_CHANNEL_RELEASE_NOTIFICATIONS }}
slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN_RELENG }} # Releng Bot
git-ref: ${{ github.ref_name }}
git-ref-type: ${{ github.ref_type }}
changelog-url: >-
${{
github.ref_type == 'tag' &&
format(
'https://github.com/{0}/blob/{1}/CHANGELOG.md',
github.repository,
github.ref_name,
) || ''
}}
docker-image-name: >-
${{
github.ref_type == 'tag' &&
format(
'{0}/{1}:{2}',
env.ECR_HOSTNAME,
env.ECR_IMAGE_NAME,
needs.build-sign-publish-chainlink.outputs.docker-image-tag
) || ''
}}
docker-image-digest: >-
${{
github.ref_type == 'tag' &&
needs.build-sign-publish-chainlink.outputs.docker-image-digest || ''
}}

0 comments on commit 780d304

Please sign in to comment.