diff --git a/.dockerignore b/.dockerignore index 3d3091c6a58..c150affa90f 100644 --- a/.dockerignore +++ b/.dockerignore @@ -11,6 +11,11 @@ tmp/ contracts/node_modules examples/ +.changeset/ +.github/ +docs/ +fuzz/ + devenv/ deployment/ integration/ diff --git a/.github/actions/golangci-lint/action.yml b/.github/actions/golangci-lint/action.yml index e4a5715e3f1..cdd516d4059 100644 --- a/.github/actions/golangci-lint/action.yml +++ b/.github/actions/golangci-lint/action.yml @@ -27,7 +27,7 @@ runs: using: composite steps: - name: Checkout repo (full) - uses: actions/checkout@v4 + uses: actions/checkout@v6 # Only do a full checkout on merge_groups if: github.event_name == 'merge_group' with: @@ -35,7 +35,7 @@ runs: fetch-depth: 0 - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 if: github.event_name != 'merge_group' with: persist-credentials: false @@ -109,7 +109,7 @@ runs: - name: Store Golangci-lint report artifact if: always() id: upload-artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: # Use a unique suffix for each lint report artifact to avoid duplication errors name: golangci-lint-report-${{ steps.suffix.outputs.suffix }} diff --git a/.github/actions/setup-solana/build-contracts/action.yml b/.github/actions/setup-solana/build-contracts/action.yml index 21252a7af26..5b9a88740bc 100644 --- a/.github/actions/setup-solana/build-contracts/action.yml +++ b/.github/actions/setup-solana/build-contracts/action.yml @@ -10,7 +10,7 @@ runs: using: composite steps: - name: Checkout chainlink-ccip - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: smartcontractkit/chainlink-ccip path: chainlink-ccip @@ -57,7 +57,6 @@ runs: echo "exists=false" >> $GITHUB_ENV fi - - name: Download artifact if it exists if: env.exists == 'true' shell: bash @@ -77,7 +76,7 @@ runs: - name: Upload artifact (if newly built) if: env.exists == 'false' continue-on-error: true # don't fail if the upload fails, it might conflict with another job - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: ${{ env.ARTIFACT_NAME }} path: chainlink-ccip/chains/solana/contracts/target/deploy/*.so diff --git a/.github/workflows/bash-scripts.yml b/.github/workflows/bash-scripts.yml index c67a9080429..22db01d4a55 100644 --- a/.github/workflows/bash-scripts.yml +++ b/.github/workflows/bash-scripts.yml @@ -11,7 +11,7 @@ jobs: bash-scripts-src: ${{ steps.bash-scripts.outputs.src }} steps: - name: Checkout the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 @@ -27,7 +27,7 @@ jobs: needs: [changes] steps: - name: Checkout the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false - name: Run ShellCheck diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml index 41255ad21b5..5b7f6c76d5e 100644 --- a/.github/workflows/build-publish.yml +++ b/.github/workflows/build-publish.yml @@ -20,7 +20,7 @@ jobs: prerelease-phase: ${{ steps.detect-prerelease-phase.outputs.prerelease-phase }} is-hotfix: ${{ steps.detect-hotfix.outputs.is-hotfix }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false diff --git a/.github/workflows/chain-selectors-check.yml b/.github/workflows/chain-selectors-check.yml index 7b8c144e14f..066b570d21e 100644 --- a/.github/workflows/chain-selectors-check.yml +++ b/.github/workflows/chain-selectors-check.yml @@ -11,13 +11,12 @@ on: branches: - release/* - jobs: verify-version: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false diff --git a/.github/workflows/changeset.yml b/.github/workflows/changeset.yml index 900f206f48f..65564a46d82 100644 --- a/.github/workflows/changeset.yml +++ b/.github/workflows/changeset.yml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false fetch-depth: 0 @@ -93,7 +93,7 @@ jobs: run: echo "top_level_dir=$(pwd)" >> $GITHUB_OUTPUT - name: Checkout .Github repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false repository: smartcontractkit/.github diff --git a/.github/workflows/changesets-preview-pr.yml b/.github/workflows/changesets-preview-pr.yml index 4a8fa1a9474..0d5dd66da65 100644 --- a/.github/workflows/changesets-preview-pr.yml +++ b/.github/workflows/changesets-preview-pr.yml @@ -17,7 +17,7 @@ jobs: pull-requests: write steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false diff --git a/.github/workflows/ci-core.yml b/.github/workflows/ci-core.yml index 646d7596646..e22615a6edf 100644 --- a/.github/workflows/ci-core.yml +++ b/.github/workflows/ci-core.yml @@ -44,7 +44,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false repository: smartcontractkit/chainlink @@ -112,7 +112,7 @@ jobs: golangci: name: GolangCI Lint - needs: [filter, run-frequency ] + needs: [filter, run-frequency] # We don't directly merge dependabot PRs to not waste the resources. if: ${{ needs.filter.outputs.affected-modules != '[]' && github.event_name != 'merge_group' && github.actor != 'dependabot[bot]' }} permissions: @@ -133,7 +133,7 @@ jobs: metrics: cpu,network,memory,disk - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false @@ -238,7 +238,7 @@ jobs: name: Core Tests (${{ matrix.type.cmd }}) # Be careful modifying the job name, as it is used to fetch the job URL # We don't directly merge dependabot PRs, so let's not waste the resources if: ${{ github.actor != 'dependabot[bot]' }} - needs: [filter, run-frequency ] + needs: [filter, run-frequency] timeout-minutes: 60 # Use ubuntu-latest for jobs that will be skipped runs-on: ${{ matrix.type.should-run == 'true' && matrix.type.os || 'ubuntu-latest' }} @@ -254,7 +254,7 @@ jobs: - name: Checkout the repo if: ${{ matrix.type.should-run == 'true' }} - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false @@ -376,7 +376,7 @@ jobs: - name: Store logs artifacts if: ${{ always() && matrix.type.should-run == 'true' }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: ${{ matrix.type.cmd }}_logs path: | @@ -411,7 +411,7 @@ jobs: if: ${{ needs.filter.outputs.should-run-core-tests == 'true' }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Go uses: ./.github/actions/setup-go @@ -426,7 +426,7 @@ jobs: - name: Store test report artifacts if: ${{ always() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: go_core_scripts_tests_logs path: | @@ -442,7 +442,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false fetch-depth: 0 # fetches all history for all tags and branches to provide more metadata for sonar reports @@ -545,7 +545,7 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false - name: Setup Go @@ -604,7 +604,7 @@ jobs: name: Misc runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false - name: Setup go diff --git a/.github/workflows/ci-protobuf.yml b/.github/workflows/ci-protobuf.yml index 2d3d66fc9d3..0e55c192d39 100644 --- a/.github/workflows/ci-protobuf.yml +++ b/.github/workflows/ci-protobuf.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false diff --git a/.github/workflows/client-compatibility-tests.yml b/.github/workflows/client-compatibility-tests.yml index 1b32e69a5ae..ec5e2cacf0f 100644 --- a/.github/workflows/client-compatibility-tests.yml +++ b/.github/workflows/client-compatibility-tests.yml @@ -47,7 +47,7 @@ jobs: dependency_changed: ${{ steps.changes.outputs.dependency_changed }} steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false fetch-depth: 0 @@ -344,7 +344,7 @@ jobs: needs: [should-run, select-versions] steps: - name: Checkout the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false ref: ${{ needs.select-versions.outputs.chainlink_version }} @@ -575,7 +575,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false repository: smartcontractkit/chainlink @@ -845,7 +845,7 @@ jobs: - vrfv2plus steps: - name: Checkout the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false ref: ${{ needs.select-versions.outputs.chainlink_version }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 583699c29e7..0ca8226096b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -13,7 +13,7 @@ on: jobs: analyze: name: Analyze (${{ matrix.language }}) - needs: [ runner-config ] + needs: [runner-config] runs-on: ${{ matrix.runs-on || 'ubuntu-latest' }} permissions: # required for all workflows @@ -48,7 +48,7 @@ jobs: metrics: cpu,network,memory,disk - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Go if: matrix.language == 'go' @@ -78,7 +78,7 @@ jobs: - name: Build go code manually if: matrix.language == 'go' run: | - echo "::group::Builing all go code (go build ./...)" + echo "::group::Building all go code (go build ./...)" go build ./... echo "::endgroup::" diff --git a/.github/workflows/cre-local-env-tests.yaml b/.github/workflows/cre-local-env-tests.yaml index 3ef9b6aea53..68c44eb3b36 100644 --- a/.github/workflows/cre-local-env-tests.yaml +++ b/.github/workflows/cre-local-env-tests.yaml @@ -47,7 +47,7 @@ jobs: timeout-minutes: 5 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ github.event_name == 'pull_request' && github.sha || inputs.chainlink_version }} @@ -72,7 +72,7 @@ jobs: if: needs.changes.outputs.should-run-tests == 'true' steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ github.event_name == 'pull_request' && github.sha || inputs.chainlink_version }} @@ -300,7 +300,7 @@ jobs: - name: Upload all artifacts as single package if: failure() - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@v7 with: name: local-cre-docker-logs path: ./core/scripts/cre/environment/logs/ diff --git a/.github/workflows/cre-regression-system-tests.yaml b/.github/workflows/cre-regression-system-tests.yaml index a4ec65b103d..17728a8b167 100644 --- a/.github/workflows/cre-regression-system-tests.yaml +++ b/.github/workflows/cre-regression-system-tests.yaml @@ -43,7 +43,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ inputs.chainlink_version }} persist-credentials: false @@ -115,7 +115,7 @@ jobs: metrics: cpu,network,memory,disk - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ inputs.chainlink_version }} persist-credentials: false @@ -238,7 +238,7 @@ jobs: - name: Upload all artifacts as single package if: failure() - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@v7 with: name: test-logs-${{ matrix.tests.test_name }}-${{ matrix.tests.topology }} path: | diff --git a/.github/workflows/cre-soak-memory-leak.yml b/.github/workflows/cre-soak-memory-leak.yml index 7a9eabb9aa1..62dfd1f6f39 100644 --- a/.github/workflows/cre-soak-memory-leak.yml +++ b/.github/workflows/cre-soak-memory-leak.yml @@ -49,7 +49,7 @@ jobs: metrics: cpu,network,memory,disk - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ github.sha }} persist-credentials: false @@ -131,7 +131,7 @@ jobs: - name: Upload alloc.pprof if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: alloc.pprof path: alloc.pprof @@ -139,7 +139,7 @@ jobs: - name: Upload Docker logs if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: soak-docker-logs path: system-tests/tests/soak/cre/logs diff --git a/.github/workflows/cre-system-tests.yaml b/.github/workflows/cre-system-tests.yaml index ba27f356917..38c9f11e3c0 100644 --- a/.github/workflows/cre-system-tests.yaml +++ b/.github/workflows/cre-system-tests.yaml @@ -43,7 +43,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ inputs.chainlink_version }} persist-credentials: false @@ -162,7 +162,7 @@ jobs: metrics: cpu,network,memory,disk - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ inputs.chainlink_version }} persist-credentials: false @@ -353,7 +353,7 @@ jobs: - name: Upload all artifacts as single package if: failure() - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@v7 with: name: test-logs-${{ matrix.tests.test_name }}-${{ matrix.tests.topology }} path: | diff --git a/.github/workflows/cre-workflow-don-benchmark.yaml b/.github/workflows/cre-workflow-don-benchmark.yaml index a8701694374..b03be3df83c 100644 --- a/.github/workflows/cre-workflow-don-benchmark.yaml +++ b/.github/workflows/cre-workflow-don-benchmark.yaml @@ -40,7 +40,7 @@ jobs: if: github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' || github.event_name == 'workflow_call' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'run-cre-workflow-don-benchmark')) steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ github.event_name == 'pull_request' && github.sha || inputs.chainlink_version }} @@ -173,7 +173,7 @@ jobs: fi - name: Upload node logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 timeout-minutes: 2 continue-on-error: true with: @@ -183,7 +183,7 @@ jobs: retention-days: 5 - name: Upload performance reports - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 timeout-minutes: 2 continue-on-error: true with: diff --git a/.github/workflows/delete-caches.yml b/.github/workflows/delete-caches.yml index 41d02fb2eb8..c4f7756ca55 100644 --- a/.github/workflows/delete-caches.yml +++ b/.github/workflows/delete-caches.yml @@ -21,7 +21,7 @@ jobs: PR_NUMBER: ${{ github.event.pull_request.number }} steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index bdc8801db16..a25bb5d5006 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -11,7 +11,7 @@ jobs: changes: ${{ steps.changes.outputs.src }} steps: - name: Checkout the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: changes with: @@ -25,7 +25,7 @@ jobs: needs: [changes] steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false @@ -33,8 +33,8 @@ jobs: if: needs.changes.outputs.src == 'true' uses: ./.github/actions/setup-go with: - go-version-file: 'go.mod' - only-modules: 'true' + go-version-file: "go.mod" + only-modules: "true" - name: Write Go Modules list if: needs.changes.outputs.src == 'true' diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 714f88b48ae..1552cd27465 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -13,7 +13,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 1 persist-credentials: false diff --git a/.github/workflows/devenv-compat.yml b/.github/workflows/devenv-compat.yml index 66847ff7600..4bd0a32b89a 100644 --- a/.github/workflows/devenv-compat.yml +++ b/.github/workflows/devenv-compat.yml @@ -214,7 +214,7 @@ jobs: - name: Upload Logs if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: container-logs-smoke path: ${{ env.LOGS_DIR }} diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 73385d5ab9e..a61c7d3c1e4 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -63,7 +63,7 @@ jobs: fi - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 ref: ${{ inputs.git-ref || github.sha }} diff --git a/.github/workflows/go-mod-cache.yml b/.github/workflows/go-mod-cache.yml index 22e0d6c095d..c1b7e65508f 100644 --- a/.github/workflows/go-mod-cache.yml +++ b/.github/workflows/go-mod-cache.yml @@ -58,7 +58,7 @@ jobs: metrics: cpu,network,memory,disk - name: Checkout the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false diff --git a/.github/workflows/integration-in-memory-tests.yml b/.github/workflows/integration-in-memory-tests.yml index 11f01e639ce..39b6423fef7 100644 --- a/.github/workflows/integration-in-memory-tests.yml +++ b/.github/workflows/integration-in-memory-tests.yml @@ -41,7 +41,7 @@ jobs: should_use_self_hosted_runner: ${{ steps.label-runs-on-opt-out.outputs.check-label-found == 'false' }} steps: - name: Checkout the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false repository: smartcontractkit/chainlink diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 6f6c8fb8010..8dc2aa74cd3 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -58,7 +58,7 @@ jobs: steps: - run: echo "${{github.event_name}}" - name: Checkout the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false repository: smartcontractkit/chainlink @@ -102,7 +102,7 @@ jobs: ccip-changes: ${{ steps.changes.outputs.ccip_changes }} steps: - name: Checkout the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false repository: smartcontractkit/chainlink @@ -220,6 +220,7 @@ jobs: runner: ${{ needs.labels.outputs.builder-runner-label-core || 'ubuntu22.04-8cores-32GB' }} dockerfile: core/chainlink.Dockerfile tag-suffix: "" + cache-scope: core # todo: optimize this conditional should-build: >- ${{ @@ -233,6 +234,7 @@ jobs: runner: ${{ needs.labels.outputs.builder-runner-label-plugins || 'ubuntu22.04-8cores-32GB' }} dockerfile: plugins/chainlink.Dockerfile tag-suffix: -plugins + cache-scope: plugins # todo: optimize this conditional should-build: >- ${{ @@ -273,7 +275,7 @@ jobs: - name: Checkout the repo if: matrix.image.should-build && steps.check-image-exists.outputs.exists != 'true' - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false repository: smartcontractkit/chainlink @@ -281,7 +283,7 @@ jobs: - name: Build Chainlink Image if: matrix.image.should-build && steps.check-image-exists.outputs.exists != 'true' - uses: smartcontractkit/.github/actions/ctf-build-image@ctf-build-image/v1 + uses: smartcontractkit/.github/actions/ctf-build-image@425f86d37ae9b549bba3a7dde06fe8c9f35a680b # DEBUG: Using new caching strategy with verification with: image-tag: ${{ inputs.evm-ref || env.CHAINLINK_REF }}${{ matrix.image.tag-suffix }} dockerfile: ${{ matrix.image.dockerfile }} @@ -296,6 +298,7 @@ jobs: github.com/smartcontractkit/chainlink-evm=${{ inputs.evm-ref }} gati-role-arn: ${{ secrets.AWS_OIDC_CHAINLINK_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }} gati-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }} + cache-scope: ${{ matrix.image.cache-scope }} run-core-cre-e2e-tests-setup: name: Run Core CRE E2E Tests Setup @@ -709,7 +712,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false repository: smartcontractkit/chainlink @@ -792,7 +795,7 @@ jobs: sha: ${{ steps.getsha.outputs.sha }} steps: - name: Checkout the repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false repository: smartcontractkit/chainlink @@ -816,7 +819,7 @@ jobs: echo "short_sha=${short_sha}" | tee -a "$GITHUB_OUTPUT" - name: Checkout solana - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false repository: smartcontractkit/chainlink-solana diff --git a/.github/workflows/lint-gh-workflows.yml b/.github/workflows/lint-gh-workflows.yml index ae971f6052f..b5b1e0837bc 100644 --- a/.github/workflows/lint-gh-workflows.yml +++ b/.github/workflows/lint-gh-workflows.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out Code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false - name: Run actionlint diff --git a/.github/workflows/operator-ui-ci.yml b/.github/workflows/operator-ui-ci.yml index 9135bf4e68a..cbeda242453 100644 --- a/.github/workflows/operator-ui-ci.yml +++ b/.github/workflows/operator-ui-ci.yml @@ -32,7 +32,7 @@ jobs: url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }} - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false diff --git a/.github/workflows/pr-conflicts.yaml b/.github/workflows/pr-conflicts.yaml index 73438a7986c..a1484c7e6db 100644 --- a/.github/workflows/pr-conflicts.yaml +++ b/.github/workflows/pr-conflicts.yaml @@ -16,7 +16,7 @@ jobs: contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 1 diff --git a/.github/workflows/sync-develop-from-smartcontractkit-chainlink.yml b/.github/workflows/sync-develop-from-smartcontractkit-chainlink.yml index 939e67df17f..dd0e08d2657 100644 --- a/.github/workflows/sync-develop-from-smartcontractkit-chainlink.yml +++ b/.github/workflows/sync-develop-from-smartcontractkit-chainlink.yml @@ -3,14 +3,14 @@ name: Sync develop from smartcontractkit/chainlink on: schedule: # * is a special character in YAML so you have to quote this string - - cron: '*/30 * * * *' + - cron: "*/30 * * * *" jobs: sync: name: Sync runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: persist-credentials: false ref: develop diff --git a/.github/workflows/system-tests-nightly.yml b/.github/workflows/system-tests-nightly.yml index 39b5f63dc9e..13eff02ed6c 100644 --- a/.github/workflows/system-tests-nightly.yml +++ b/.github/workflows/system-tests-nightly.yml @@ -352,7 +352,7 @@ jobs: - name: Upload Logs if: always() && steps.gate.outputs.should_run == 'true' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: container-logs-${{ matrix.logs_archive_name }} path: devenv/tests/${{ matrix.tests_dir }}/logs diff --git a/core/chainlink.Dockerfile b/core/chainlink.Dockerfile index 37412ca9077..ff5f444fc5c 100644 --- a/core/chainlink.Dockerfile +++ b/core/chainlink.Dockerfile @@ -1,7 +1,11 @@ ## # Build image: Chainlink binary with plugins. ## -FROM golang:1.25.7-bookworm AS buildgo + +# Stage: deps-base — module downloads, no source tree. +# Stages that don't need the full source (remote plugins, delve) branch from +# here so that source-only changes never invalidate their layer cache. +FROM golang:1.25.7-bookworm AS deps-base RUN go version RUN apt-get update && apt-get install -y jq && rm -rf /var/lib/apt/lists/* @@ -11,35 +15,65 @@ COPY GNUmakefile package.json ./ COPY tools/bin/ldflags ./tools/bin/ ADD go.mod go.sum ./ -RUN --mount=type=cache,target=/go/pkg/mod \ - go mod download -COPY . . +RUN go mod download + +# Apply dependency overrides if specified (comma-separated: dep1=sha1,dep2=sha2) +ARG GO_OVERRIDE_DEPS +RUN --mount=type=secret,id=GIT_AUTH_TOKEN \ + set -e && \ + if [ -n "$GO_OVERRIDE_DEPS" ]; then \ + export GIT_CONFIG_GLOBAL=/tmp/gitconfig-github-token && \ + if [ -f /run/secrets/GIT_AUTH_TOKEN ] && [ -s /run/secrets/GIT_AUTH_TOKEN ]; then \ + TOKEN=$(cat /run/secrets/GIT_AUTH_TOKEN) && \ + git config --file "$GIT_CONFIG_GLOBAL" \ + url."https://oauth2:${TOKEN}@github.com/".insteadOf "https://github.com/"; \ + fi && \ + IFS=',' && \ + for entry in $GO_OVERRIDE_DEPS; do \ + dep="${entry%%=*}" && \ + sha="${entry#*=}" && \ + [ -z "$dep" ] && continue; \ + [ -z "$sha" ] && continue; \ + echo "Overriding: github.com/smartcontractkit/${dep}@${sha}" && \ + go get "github.com/smartcontractkit/${dep}@${sha}"; \ + done && \ + unset IFS && \ + go mod tidy && \ + go mod download && \ + rm -f "$GIT_CONFIG_GLOBAL"; \ + fi -# Install Delve for debugging with cache mounts -RUN --mount=type=cache,target=/go/pkg/mod \ - --mount=type=cache,target=/root/.cache/go-build \ - go install github.com/go-delve/delve/cmd/dlv@v1.24.2 +# Stage: deps — full source tree for stages that compile chainlink code. +FROM deps-base AS deps +COPY . . -# Flag to control installation of private plugins (default: true). +# Stage: Delve debugger (no source needed, branches from deps-base) +FROM deps-base AS build-delve +RUN go install github.com/go-delve/delve/cmd/dlv@v1.24.2 + +# Stage: Remote plugins — only manifest YAMLs, no source tree. +# Cached as long as go.mod/go.sum and plugin manifests are unchanged, +# so typical source-only PRs skip the entire ~160s remote plugin build. +# Uses `go tool loopinstall` via the Makefile (resolved from the `tool` +# directive in go.mod). If this fails without the full source tree, fall back +# to installing loopinstall standalone: +# RUN go install github.com/smartcontractkit/chainlink-common/pkg/loop/cmd/loopinstall@v0.11.1 +# and invoke `loopinstall` directly instead of `make install-plugins-*`. +FROM deps-base AS build-remote-plugins ARG CL_INSTALL_PRIVATE_PLUGINS=true -# Flag to control installation of testing plugins (default: false). ARG CL_INSTALL_TESTING_PLUGINS=false -# Env vars needed for chainlink build -ARG COMMIT_SHA -ARG VERSION_TAG -# Flag to control whether this is a prod build (default: true) -ARG CL_IS_PROD_BUILD=true + +COPY plugins/plugins.public.yaml plugins/plugins.private.yaml plugins/plugins.testing.yaml ./plugins/ +COPY plugins/scripts/ ./plugins/scripts/ ENV CL_LOOPINSTALL_OUTPUT_DIR=/tmp/loopinstall-output \ GIT_CONFIG_GLOBAL=/tmp/gitconfig-github-token RUN --mount=type=secret,id=GIT_AUTH_TOKEN \ - --mount=type=cache,target=/go/pkg/mod \ - --mount=type=cache,target=/root/.cache/go-build \ set -e && \ trap 'rm -f "$GIT_CONFIG_GLOBAL"' EXIT && \ ./plugins/scripts/setup_git_auth.sh && \ - mkdir -p /gobins && mkdir -p "${CL_LOOPINSTALL_OUTPUT_DIR}" && \ - GOBIN=/gobins CL_LOOPINSTALL_OUTPUT_DIR=${CL_LOOPINSTALL_OUTPUT_DIR} make install-plugins-local install-plugins-public && \ + mkdir -p /gobins "${CL_LOOPINSTALL_OUTPUT_DIR}" && \ + GOBIN=/gobins CL_LOOPINSTALL_OUTPUT_DIR=${CL_LOOPINSTALL_OUTPUT_DIR} make install-plugins-public && \ if [ "${CL_INSTALL_PRIVATE_PLUGINS}" = "true" ]; then \ GOBIN=/gobins CL_LOOPINSTALL_OUTPUT_DIR=${CL_LOOPINSTALL_OUTPUT_DIR} make install-plugins-private; \ fi && \ @@ -47,16 +81,25 @@ RUN --mount=type=secret,id=GIT_AUTH_TOKEN \ GOBIN=/gobins CL_LOOPINSTALL_OUTPUT_DIR=${CL_LOOPINSTALL_OUTPUT_DIR} make install-plugins-testing; \ fi -# Copy any shared libraries. -RUN --mount=type=cache,target=/go/pkg/mod \ - mkdir -p /tmp/lib && \ +RUN mkdir -p /tmp/lib && \ ./plugins/scripts/copy_loopinstall_libs.sh \ "$CL_LOOPINSTALL_OUTPUT_DIR" \ /tmp/lib -# Build chainlink. -RUN --mount=type=cache,target=/go/pkg/mod \ - --mount=type=cache,target=/root/.cache/go-build \ +# Stage: Local plugins (needs source tree for ./plugins/cmd/...) +FROM deps AS build-local-plugins +RUN --mount=type=cache,target=/root/.cache/go-build,id=go-build-local-plugins \ + mkdir -p /gobins && \ + GOBIN=/gobins make install-plugins-local + +# Stage: Chainlink binary (needs source tree) +FROM deps AS build-chainlink +ARG COMMIT_SHA +ARG VERSION_TAG +ARG CL_IS_PROD_BUILD=true + +RUN --mount=type=cache,target=/root/.cache/go-build,id=go-build-chainlink \ + mkdir -p /gobins && \ if [ "$CL_IS_PROD_BUILD" = "false" ]; then \ GOBIN=/gobins make install-chainlink-dev; \ else \ @@ -98,12 +141,13 @@ COPY ./cci[p]/confi[g] /ccip-config ARG CL_CHAIN_DEFAULTS ENV CL_CHAIN_DEFAULTS=${CL_CHAIN_DEFAULTS} -# Copy the binaries from the build stage (plugins + chainlink). -COPY --from=buildgo /gobins/ /usr/local/bin/ -# Copy shared libraries from the build stage. -COPY --from=buildgo /tmp/lib /usr/lib/ -# Copy dlv (Delve debugger) from the build stage. -COPY --from=buildgo /go/bin/dlv /usr/local/bin/ +# Copy binaries from the parallel build stages. +COPY --from=build-remote-plugins /gobins/ /usr/local/bin/ +COPY --from=build-local-plugins /gobins/ /usr/local/bin/ +COPY --from=build-chainlink /gobins/ /usr/local/bin/ +# Copy shared libraries from the remote plugins build stage. +COPY --from=build-remote-plugins /tmp/lib /usr/lib/ +COPY --from=build-delve /go/bin/dlv /usr/local/bin/ WORKDIR /home/${CHAINLINK_USER} diff --git a/plugins/chainlink.Dockerfile b/plugins/chainlink.Dockerfile index 9b6420ed7b5..505e9d3abb4 100644 --- a/plugins/chainlink.Dockerfile +++ b/plugins/chainlink.Dockerfile @@ -3,7 +3,11 @@ # XXX: Experimental -- not to be used to build images for production use. # See: ../core/chainlink.Dockerfile for the production Dockerfile. ## -FROM golang:1.25.7-bookworm AS buildgo + +# Stage: deps-base — module downloads, no source tree. +# Stages that don't need the full source (remote plugins, delve) branch from +# here so that source-only changes never invalidate their layer cache. +FROM golang:1.25.7-bookworm AS deps-base RUN go version RUN apt-get update && apt-get install -y jq && rm -rf /var/lib/apt/lists/* @@ -13,37 +17,65 @@ COPY GNUmakefile package.json ./ COPY tools/bin/ldflags ./tools/bin/ ADD go.mod go.sum ./ -RUN --mount=type=cache,target=/go/pkg/mod \ - go mod download -COPY . . +RUN go mod download -# Install Delve for debugging with cache mounts -RUN --mount=type=cache,target=/go/pkg/mod \ - --mount=type=cache,target=/root/.cache/go-build \ - go install github.com/go-delve/delve/cmd/dlv@v1.24.2 +# Apply dependency overrides if specified (comma-separated: dep1=sha1,dep2=sha2) +ARG GO_OVERRIDE_DEPS +RUN --mount=type=secret,id=GIT_AUTH_TOKEN \ + set -e && \ + if [ -n "$GO_OVERRIDE_DEPS" ]; then \ + export GIT_CONFIG_GLOBAL=/tmp/gitconfig-github-token && \ + if [ -f /run/secrets/GIT_AUTH_TOKEN ] && [ -s /run/secrets/GIT_AUTH_TOKEN ]; then \ + TOKEN=$(cat /run/secrets/GIT_AUTH_TOKEN) && \ + git config --file "$GIT_CONFIG_GLOBAL" \ + url."https://oauth2:${TOKEN}@github.com/".insteadOf "https://github.com/"; \ + fi && \ + IFS=',' && \ + for entry in $GO_OVERRIDE_DEPS; do \ + dep="${entry%%=*}" && \ + sha="${entry#*=}" && \ + [ -z "$dep" ] && continue; \ + [ -z "$sha" ] && continue; \ + echo "Overriding: github.com/smartcontractkit/${dep}@${sha}" && \ + go get "github.com/smartcontractkit/${dep}@${sha}"; \ + done && \ + unset IFS && \ + go mod tidy && \ + go mod download && \ + rm -f "$GIT_CONFIG_GLOBAL"; \ + fi -# Flag to control installation of private plugins (default: false). +# Stage: deps — full source tree for stages that compile chainlink code. +FROM deps-base AS deps +COPY . . + +# Stage: Delve debugger (no source needed, branches from deps-base) +FROM deps-base AS build-delve +RUN go install github.com/go-delve/delve/cmd/dlv@v1.24.2 + +# Stage: Remote plugins — only manifest YAMLs, no source tree. +# Cached as long as go.mod/go.sum and plugin manifests are unchanged, +# so typical source-only PRs skip the entire ~160s remote plugin build. +# Uses `go tool loopinstall` via the Makefile (resolved from the `tool` +# directive in go.mod). If this fails without the full source tree, fall back +# to installing loopinstall standalone: +# RUN go install github.com/smartcontractkit/chainlink-common/pkg/loop/cmd/loopinstall@v0.11.1 +# and invoke `loopinstall` directly instead of `make install-plugins-*`. +FROM deps-base AS build-remote-plugins ARG CL_INSTALL_PRIVATE_PLUGINS=false -# Flag to control installation of testing plugins (default: false). ARG CL_INSTALL_TESTING_PLUGINS=false -# Flag to control whether this is a prod build (default: true) -ARG CL_IS_PROD_BUILD=true -# Flags for Go Delve debugger -ARG GO_GCFLAGS -# Env vars needed for chainlink build -ARG COMMIT_SHA -ARG VERSION_TAG + +COPY plugins/plugins.public.yaml plugins/plugins.private.yaml plugins/plugins.testing.yaml ./plugins/ +COPY plugins/scripts/ ./plugins/scripts/ ENV CL_LOOPINSTALL_OUTPUT_DIR=/tmp/loopinstall-output \ GIT_CONFIG_GLOBAL=/tmp/gitconfig-github-token RUN --mount=type=secret,id=GIT_AUTH_TOKEN \ - --mount=type=cache,target=/go/pkg/mod \ - --mount=type=cache,target=/root/.cache/go-build \ set -e && \ trap 'rm -f "$GIT_CONFIG_GLOBAL"' EXIT && \ ./plugins/scripts/setup_git_auth.sh && \ - mkdir -p /gobins && mkdir -p "${CL_LOOPINSTALL_OUTPUT_DIR}" && \ - GOBIN=/gobins CL_LOOPINSTALL_OUTPUT_DIR=${CL_LOOPINSTALL_OUTPUT_DIR} make install-plugins-local install-plugins-public && \ + mkdir -p /gobins "${CL_LOOPINSTALL_OUTPUT_DIR}" && \ + GOBIN=/gobins CL_LOOPINSTALL_OUTPUT_DIR=${CL_LOOPINSTALL_OUTPUT_DIR} make install-plugins-public && \ if [ "${CL_INSTALL_PRIVATE_PLUGINS}" = "true" ]; then \ GOBIN=/gobins CL_LOOPINSTALL_OUTPUT_DIR=${CL_LOOPINSTALL_OUTPUT_DIR} make install-plugins-private; \ fi && \ @@ -51,16 +83,26 @@ RUN --mount=type=secret,id=GIT_AUTH_TOKEN \ GOBIN=/gobins CL_LOOPINSTALL_OUTPUT_DIR=${CL_LOOPINSTALL_OUTPUT_DIR} make install-plugins-testing; \ fi -# Copy any shared libraries. -RUN --mount=type=cache,target=/go/pkg/mod \ - mkdir -p /tmp/lib && \ +RUN mkdir -p /tmp/lib && \ ./plugins/scripts/copy_loopinstall_libs.sh \ "$CL_LOOPINSTALL_OUTPUT_DIR" \ /tmp/lib -# Build chainlink. -RUN --mount=type=cache,target=/go/pkg/mod \ - --mount=type=cache,target=/root/.cache/go-build \ +# Stage: Local plugins (needs source tree for ./plugins/cmd/...) +FROM deps AS build-local-plugins +RUN --mount=type=cache,target=/root/.cache/go-build,id=go-build-local-plugins \ + mkdir -p /gobins && \ + GOBIN=/gobins make install-plugins-local + +# Stage: Chainlink binary (needs source tree) +FROM deps AS build-chainlink +ARG CL_IS_PROD_BUILD=true +ARG GO_GCFLAGS +ARG COMMIT_SHA +ARG VERSION_TAG + +RUN --mount=type=cache,target=/root/.cache/go-build,id=go-build-chainlink \ + mkdir -p /gobins && \ if [ "$CL_IS_PROD_BUILD" = "false" ]; then \ GOBIN=/gobins make install-chainlink-dev; \ else \ @@ -85,8 +127,7 @@ RUN curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \ RUN if [ ${CHAINLINK_USER} != root ]; then useradd --uid 14933 --create-home ${CHAINLINK_USER}; fi USER ${CHAINLINK_USER} -# Copy Delve debugger from build stage. -COPY --from=buildgo /go/bin/dlv /usr/local/bin/dlv +COPY --from=build-delve /go/bin/dlv /usr/local/bin/dlv # Expose image metadata to the running node. ARG CL_AUTO_DOCKER_TAG=unset @@ -105,10 +146,12 @@ COPY ./cci[p]/confi[g] /ccip-config ARG CL_CHAIN_DEFAULTS ENV CL_CHAIN_DEFAULTS=${CL_CHAIN_DEFAULTS} -# Copy the binaries from the build stage (plugins + chainlink). -COPY --from=buildgo /gobins/ /usr/local/bin/ -# Copy shared libraries from the build stage. -COPY --from=buildgo /tmp/lib /usr/lib/ +# Copy binaries from the parallel build stages. +COPY --from=build-remote-plugins /gobins/ /usr/local/bin/ +COPY --from=build-local-plugins /gobins/ /usr/local/bin/ +COPY --from=build-chainlink /gobins/ /usr/local/bin/ +# Copy shared libraries from the remote plugins build stage. +COPY --from=build-remote-plugins /tmp/lib /usr/lib/ WORKDIR /home/${CHAINLINK_USER}