Deploy #1040
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This action acts as a signal dispatcher that fires whenever the release process has | |
| # successfully completed. The listening workflow within the infra-k8s repository has | |
| # a corresponding event handler to generate releases based on this signal | |
| name: Deploy | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| adapters: | |
| description: Names of adapters to deploy | |
| required: true | |
| infra-k8s-branch-suffix: | |
| description: Suffix to append to infra-k8s branch name. Must be non-empty if not triggered by the full release PR. | |
| required: false | |
| default: '' | |
| concurrency: | |
| group: deploy-and-release | |
| cancel-in-progress: false | |
| jobs: | |
| calculate-changes: | |
| name: Compute changed adapters | |
| runs-on: [ubuntu-latest] | |
| outputs: | |
| adapter-list: ${{ steps.changed-adapters.outputs.CHANGED_ADAPTERS }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 2 | |
| - name: Build list of changed packages and changed adapters | |
| id: changed-adapters | |
| env: | |
| ADAPTER_NAMES: ${{ github.event.inputs.adapters }} | |
| run: | | |
| ./.github/scripts/changed-adapters.sh | |
| create-ecr: | |
| name: Create ECR for ${{ matrix.adapter.shortName }} | |
| runs-on: ubuntu-latest | |
| needs: [calculate-changes] | |
| if: needs.calculate-changes.outputs.adapter-list != '[]' | |
| permissions: # These are needed for the configure-aws-credentials action | |
| id-token: write | |
| contents: read | |
| environment: release | |
| strategy: | |
| max-parallel: 20 | |
| matrix: ${{ fromJson(needs.calculate-changes.outputs.adapter-list) }} | |
| env: | |
| ECR_URL: ${{ secrets.SDLC_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION_ECR_PRIVATE }}.amazonaws.com | |
| ECR_REPO: adapters/${{ matrix.adapter.shortName }}-adapter | |
| IMAGE_VERSION: ${{ matrix.adapter.version }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - name: Create ECR for ${{ matrix.adapter.shortName }} | |
| uses: ./.github/actions/create-ecrs | |
| with: | |
| aws-ecr-url: ${{ env.ECR_URL }} | |
| aws-ecr-repo: ${{ env.ECR_REPO }} | |
| aws-region: ${{ secrets.AWS_REGION_ECR_PRIVATE }} | |
| aws-role: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }} | |
| aws-ecr-account-ids: ${{ secrets.AWS_PRIVATE_ECR_SECONDARY_ACCOUNT_ACCESS_IDS }} | |
| aws-ecr-private: true | |
| build-publish: | |
| name: Build and publish ${{ matrix.adapter.shortName }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| needs: [calculate-changes, create-ecr] | |
| strategy: | |
| max-parallel: 20 | |
| matrix: ${{ fromJson(needs.calculate-changes.outputs.adapter-list) }} | |
| uses: smartcontractkit/.github/.github/workflows/reusable-docker-build-publish.yml@ce87497eb287565c796a8a781508be949f3ed1e2 # 2025-10-10 | |
| with: | |
| aws-ecr-name: adapters/${{ matrix.adapter.shortName }}-adapter | |
| aws-region-ecr: us-west-2 | |
| dockerfile: ./Dockerfile | |
| docker-build-args: | | |
| package=${{ matrix.adapter.name }} | |
| location=${{ matrix.adapter.location }} | |
| docker-build-context: . | |
| docker-image-tag-override: ${{ matrix.adapter.version }} | |
| docker-manifest-additional-tags: latest | |
| docker-push: true | |
| environment: release | |
| git-sha: ${{ github.sha }} | |
| github-event-name: ${{ github.event_name }} | |
| github-ref-name: ${{ github.ref_name }} | |
| github-ref-type: ${{ github.ref_type}} | |
| github-workflow-repository: ${{ github.repository }} | |
| github-runner-arm64: ubuntu-24.04-2cores-8GB-ARM | |
| github-runner-amd64: ubuntu-24.04 | |
| secrets: | |
| AWS_ACCOUNT_ID: ${{ secrets.SDLC_ACCOUNT_ID }} | |
| AWS_ROLE_PUBLISH_ARN: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }} | |
| deploy: | |
| name: Trigger infra deployment | |
| permissions: | |
| id-token: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| needs: | |
| - calculate-changes | |
| - build-publish | |
| if: needs.calculate-changes.outputs.adapter-list != '[]' | |
| environment: InfraK8s | |
| env: | |
| ECR_URL: ${{ secrets.SDLC_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION_ECR_PRIVATE }}.amazonaws.com | |
| CHANGED_ADAPTERS: ${{ needs.calculate-changes.outputs.adapter-list }} | |
| BRANCH_SUFFIX: ${{ github.event.inputs.infra-k8s-branch-suffix }} | |
| steps: | |
| - name: Setup GitHub Token | |
| id: setup-github-token | |
| uses: smartcontractkit/.github/actions/setup-github-token@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # setup-github-token@0.1.2 | |
| with: | |
| aws-role-arn: ${{ secrets.AWS_ROLE_ARN_FOR_INFRA_K8s_PAT }} | |
| aws-lambda-url: ${{ secrets.GATI_LAMBDA_DATA_FEEDS_URL }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| aws-role-duration-seconds: '1800' # this is optional and defaults to 900 | |
| - name: Trigger Image Dispatcher | |
| run: > | |
| # gitRepo does not need to be an actual repo name. It is only used | |
| # in the branch name, PR title, and PR description in infra-k8s. | |
| gh workflow run | |
| --repo smartcontractkit/infra-k8s | |
| --ref main "Infra-k8s Image Dispatcher" | |
| -F imageRepos="$(echo $CHANGED_ADAPTERS | jq -r "\"$ECR_URL/adapters/\" + (.adapter | .[].shortName) + \"-adapter\"" | tr '\n' ' ')" | |
| -F gitRepo="${{ github.event.repository.name }}$BRANCH_SUFFIX" | |
| env: | |
| GITHUB_TOKEN: ${{ steps.setup-github-token.outputs.access-token }} |