Merge pull request #6527 from smartcontractkit/release/1.4.0-rc0

release/1.4.0-rc0 -> master

.github/actions/build-sign-publish-chainlink/action.yml

@@ -41,8 +41,12 @@ inputs:
   cosign-private-key:
     description: The private key to be used with cosign to sign the image
     required: false
+  cosign-public-key:
+    description: The public key to be used with cosign for verification
+    required: false
   cosign-password:
     description: The password to decrypt the cosign private key needed to sign the image
+    required: false
   sign-method:
     description: Build image will be signed using keypair or keyless methods
     default: "keypair"
@@ -108,6 +112,8 @@ runs:
     id: meta-root
     uses: docker/metadata-action@e5622373a38e60fb6d795a4421e56882f2d7a681 # v3.6.2
     with:
+      flavor: |
+        suffix=-root
       # list of Docker images to use as base name for tags
       images: ${{ env.shared-images }}
       tags: ${{ env.shared-tag-list }}
@@ -179,9 +185,9 @@ runs:
 
   - if: inputs.sign-images == 'true'
     name: Install cosign
-    uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422 # v1.4.0
+    uses: sigstore/cosign-installer@581838fbedd492d2350a9ecd427a95d6de1e5d01 # v2.1.0
     with:
-      cosign-release: 'v1.4.0'
+      cosign-release: 'v1.6.0'
 
   - if: inputs.sign-images == 'true' && inputs.sign-method == 'keypair'
     name: Sign the published root Docker image using keypair method

.github/dependabot.yml

@@ -14,7 +14,7 @@ updates:
     directory: '/'
     schedule:
       interval: monthly
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 0
     ignore:
       - dependency-name: webpack
         versions:

.github/workflows/build-custom.yml

@@ -22,29 +22,38 @@ on:
     inputs:
       cl_repo:
         required: true
+        description: The chainlik ecr repository to use
         default: ${{ github.repository }}
         type: string
       cl_ref:
         required: false
+        description: The git ref from cl to use
         default: develop
         type: string
       dep_solana_sha:
         required: false
+        description: chainlink-solana commit or branch
         type: string
       dep_terra_sha:
         required: false
+        description: chainlink-terra commit or branch
         type: string
     secrets:
       AWS_ACCESS_KEY_ID:
         required: true
+        description: The AWS access key id to use
       AWS_SECRET_ACCESS_KEY:
         required: true
+        description: The AWS secret key to use
       AWS_REGION:
         required: true
+        description: The AWS region to use
       AWS_ROLE_TO_ASSUME:
         required: true
+        description: The AWS role to assume
       QA_KUBECONFIG:
         required: true
+        description: The kubernetes configuation to use
 jobs:
   build-chainlink:
     name: Build Chainlink Image
@@ -57,7 +66,7 @@ jobs:
           ref: ${{ github.event.inputs.cl_ref }}
       - uses: actions/setup-go@v2
         with:
-          go-version: ~1.17
+          go-version: ^1.18
       - name: Replace Solana deps manual flow
         if: ${{ github.event.inputs.dep_solana_sha }}
         run: |
@@ -76,7 +85,7 @@ jobs:
           go get github.com/smartcontractkit/chainlink-terra@${{ inputs.dep_terra_sha }}
       - name: Tidy
         run: |
-          go mod tidy -compat=1.17
+          go mod tidy
       - name: Env vars
         run: env
       - name: Cat go.mod

.github/workflows/build-publish.yml

@@ -7,7 +7,6 @@ on:
       - 'v*'
     branches:
       - master
-      - develop
 
 jobs:
   build-sign-publish-chainlink:

.github/workflows/ci-core.yml

@@ -35,20 +35,42 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: ~1.17
-      - name: Cache Go vendor packages
+          go-version: ^1.18
+      - name: Go Cache
         uses: actions/cache@v2
         with:
-          path: /go/pkg/mod
-          key: go-mod-${{ env.CACHE_VERSION }}-${{ hashFiles('go.sum') }}
+          # * Module download cache
+          # * Build cache (Linux)
+          path: |
+            ~/go/pkg/mod
+            ~/.cache/go-build
+          key: go-mod-${{ matrix.cmd }}-${{ hashFiles('go.sum') }}
           restore-keys: |
-            go-mod-${{ env.CACHE_VERSION }}
+            go-mod-${{ matrix.cmd }}-
+            go-mod-
       - name: Touching core/web/assets/index.html
         run: mkdir -p core/web/assets && touch core/web/assets/index.html
       - name: Download Go vendor packages
         run: go mod download
+      - name: Yarn cache
+        uses: actions/cache@v2
+        env:
+          cache-name: yarn-cache
+        with:
+          path: |
+            ~/.npm
+            ~/.cache
+            **/node_modules
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+      - run: yarn install --frozen-lockfile
       - name: Install terrad
         run: ./tools/ci/install_terrad
+      - name: Install solana cli
+        run: ./tools/ci/install_solana
       - name: Setup DB
         run: go run ./core local db preparetest
       - name: Run tests
@@ -66,4 +88,3 @@ jobs:
         uses: docker://docker:latest
         with:
           args: logs ${{ job.services.postgres.id }}
-

.github/workflows/codeql-analysis.yml

@@ -33,18 +33,18 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: ~1.17
+          go-version: ^1.18
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@546b30f35ae5a3db0e0be1843008c2224f71c3b0
+        uses: github/codeql-action/init@28eead240834b314f7def40f6fcba65d100d99b1 # v2.1.6
         with:
           languages: ${{ matrix.language }}
 
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@546b30f35ae5a3db0e0be1843008c2224f71c3b0
+        uses: github/codeql-action/autobuild@28eead240834b314f7def40f6fcba65d100d99b1  # v2.1.6
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -58,4 +58,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@546b30f35ae5a3db0e0be1843008c2224f71c3b0
+        uses: github/codeql-action/analyze@28eead240834b314f7def40f6fcba65d100d99b1 # v2.1.6

.github/workflows/dependency-check.yml

@@ -20,7 +20,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: ~1.17
+          go-version: ^1.18
         id: go
 
       - name: Write Go Modules list

.github/workflows/golangci-lint.yml

@@ -21,8 +21,10 @@ jobs:
   golangci:
     name: lint
     runs-on: ubuntu-latest
-    go: '1.17'
     steps:
+      - uses: actions/setup-go@v2
+        with:
+          go-version: ~1.18
       - uses: actions/checkout@v2
         with:
           fetch-depth: 0
@@ -31,7 +33,9 @@ jobs:
         uses: golangci/golangci-lint-action@v2
         with:
           # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-          version: v1.43.0
+          version: v1.45.2
+
+          skip-go-installation: true
 
           # Optional: working directory, useful for monorepos
           # working-directory: somedir

.github/workflows/integration-tests.yml

@@ -13,7 +13,10 @@ jobs:
           filters: |
             src:
               - '**/*.go'
+              - '**/*go.sum'
+              - '**/*go.mod'
   build-chainlink:
+    environment: integration
     name: Build Chainlink Image
     runs-on: ubuntu-latest
     needs: changes
@@ -44,6 +47,7 @@ jobs:
           tags: 795953128386.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/chainlink:latest.${{ github.sha }}
           push: true
   smoke:
+    environment: integration
     name: ETH Smoke Tests
     runs-on: ubuntu-latest
     needs: [changes, build-chainlink]
@@ -58,7 +62,7 @@ jobs:
       - name: Setup go
         uses: actions/setup-go@v1
         with:
-          go-version: 1.17
+          go-version: 1.18
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v1
         with:
@@ -89,14 +93,11 @@ jobs:
         if: steps.cache-packages.outputs.cache-hit != 'true'
         run: go mod download
       - name: Install Ginkgo CLI
-        run: |
-          go get github.com/onsi/ginkgo/v2/ginkgo/generators@v2.1.2
-          go get github.com/onsi/ginkgo/v2/ginkgo/internal@v2.1.2
-          go get github.com/onsi/ginkgo/v2/ginkgo/labels@v2.1.2
-          go install github.com/onsi/ginkgo/v2/ginkgo
+        run: go install github.com/onsi/ginkgo/v2/ginkgo@v2.1.3
       - name: Run Tests
         run: |
-          export PATH=$PATH:$(go env GOPATH)/bin
+          PATH=$PATH:$(go env GOPATH)/bin
+          export PATH
           make test_smoke args="-nodes=6"
       - name: Publish Test Results
         uses: mikepenz/action-junit-report@v2
@@ -106,10 +107,11 @@ jobs:
           check_name: 'Smoke Test Results'
       - name: Publish Artifacts
         if: failure()
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v3
         with:
-          name: test-logs
+          name: eth-test-logs
           path: ./integration-tests/logs
+
   solana:
     name: Solana Tests
     needs: [changes, build-chainlink]
@@ -126,6 +128,7 @@ jobs:
       QA_AWS_REGION: ${{ secrets.AWS_REGION }}
       QA_AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE_TO_ASSUME }}
       QA_KUBECONFIG: ${{ secrets.KUBECONFIG }}
+
   terra:
     name: Terra Tests
     needs: [changes, build-chainlink]
@@ -142,4 +145,3 @@ jobs:
       QA_AWS_REGION: ${{ secrets.AWS_REGION }}
       QA_AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE_TO_ASSUME }}
       QA_KUBECONFIG: ${{ secrets.KUBECONFIG }}
-      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/lint-gh-workflows.yml

@@ -0,0 +1,12 @@
+name: Lint GH Workflows
+on:
+  push:
+jobs:
+  lint_workflows:
+    name: Validate Github Action Workflows
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out Code
+        uses: actions/checkout@v3
+      - name: Run actionlint
+        uses: reviewdog/action-actionlint@a0541743e79d2ce4ee65276807ac493a93149b7c # v1.23.0

.tool-versions

@@ -1,4 +1,4 @@
-golang 1.17.2
-mockery 2.8.0
+golang 1.18
+mockery 2.10.1
 nodejs 16.13.2
 postgres 13.3

CODEOWNERS

@@ -9,7 +9,7 @@
 
 # Services
 /core/services/cron @spooktheducks @samsondav
-/core/services/directrequest @spooktheducks @j16r @connorwstein @samsondav
+/core/services/directrequest @spooktheducks @connorwstein @samsondav
 /core/services/feeds @jkongie
 /core/services/fluxmonitorv2 @jkongie @PiotrTrzpil @spooktheducks @connorwstein
 /core/services/health @archseer @samsondav
@@ -22,7 +22,7 @@
 /core/services/pipeline @spooktheducks @connorwstein @archseer @prashantkumar1982
 /core/services/synchronization
 /core/services/telemetry
-/core/services/vrf @connorwstein
+/core/services/vrf @connorwstein @Nic0s @makramkd
 /core/services/webhook @spooktheducks @archseer
 
 # API
@@ -46,6 +46,9 @@
 /core/logger @jmank88
 /core/internal @samsondav @jmank88 @archseer
 
+# CI/CD
+/.github/** @alexroan @chainchad @HenryNguyen5 @javuto @jkongie @jmank88 @samsondav
+
 # Dependencies
 contracts/scripts/requirements.txt @smartcontractkit/prodsec-public
 .tool-versions @smartcontractkit/prodsec-public

GNUmakefile

@@ -75,11 +75,11 @@ testdb-user-only: ## Prepares the test database with user only.
 presubmit: ## Format go files and imports.
 	goimports -w ./core
 	gofmt -w ./core
-	go mod tidy -compat=1.17
+	go mod tidy
 
 .PHONY: mockery
 mockery: $(mockery) ## Install mockery.
-	go install github.com/vektra/mockery/v2@v2.8.0
+	go install github.com/vektra/mockery/v2@v2.10.1
 
 .PHONY: telemetry-protobuf
 telemetry-protobuf: $(telemetry-protobuf) ## Generate telemetry protocol buffers.