diff --git a/.github/actions/changes/action.yml b/.github/actions/changes/action.yml index eb0403340..a3e497672 100644 --- a/.github/actions/changes/action.yml +++ b/.github/actions/changes/action.yml @@ -16,7 +16,7 @@ outputs: runs: using: 'composite' steps: - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: changes with: list-files: 'csv' diff --git a/.github/actions/check-go-version/action.yml b/.github/actions/check-go-version/action.yml index 66578440c..bac03682c 100644 --- a/.github/actions/check-go-version/action.yml +++ b/.github/actions/check-go-version/action.yml @@ -9,14 +9,18 @@ inputs: outputs: go_version: description: 'The extracted Go version.' + value: ${{ steps.extract-go-version.outputs.go_version }} runs: using: 'composite' steps: - name: Extract go version + id: extract-go-version shell: bash + env: + WORKING_DIRECTORY: ${{ inputs.working-directory }} run: | set -euo pipefail - go_version=$(grep -E '^golang [0-9]+\.[0-9]+\.[0-9]+' ${{ inputs.working-directory }}/.tool-versions | awk '{print $2}') + go_version=$(grep -E '^golang [0-9]+\.[0-9]+\.[0-9]+' ${WORKING_DIRECTORY}/.tool-versions | awk '{print $2}') echo "go_version=${go_version}" >> $GITHUB_ENV - echo "::set-output name=go_version::${go_version}" + echo "go_version=${go_version}" | tee -a "${GITHUB_OUTPUT}" diff --git a/.github/workflows/aptos-bindings.yml b/.github/workflows/aptos-bindings.yml index c8e2f9c6e..bc436972f 100644 --- a/.github/workflows/aptos-bindings.yml +++ b/.github/workflows/aptos-bindings.yml @@ -5,9 +5,9 @@ jobs: bindgen: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install Aptos CLI - uses: aptos-labs/actions/install-aptos-cli@ce57287eb852b9819c1d74fecc3be187677559fd # v0.1 + uses: aptos-labs/actions/install-aptos-cli@528ef7ad9427a8c0720ea3eea790a9190d6e377d # 2026-04-09 with: CLI_VERSION: 9.1.0 - name: Run make wrappers diff --git a/.github/workflows/aptos-ccip-integration-tests.yml b/.github/workflows/aptos-ccip-integration-tests.yml index 20bcd2beb..fee030485 100644 --- a/.github/workflows/aptos-ccip-integration-tests.yml +++ b/.github/workflows/aptos-ccip-integration-tests.yml @@ -16,22 +16,22 @@ jobs: contents: read steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Extract Go version uses: ./.github/actions/check-go-version - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ env.go_version }} - name: Install Aptos CLI - uses: aptos-labs/actions/install-aptos-cli@ce57287eb852b9819c1d74fecc3be187677559fd # v0.1 + uses: aptos-labs/actions/install-aptos-cli@528ef7ad9427a8c0720ea3eea790a9190d6e377d # 2026-04-09 with: CLI_VERSION: 9.1.0 - name: Run tests run: | cd integration-tests - go test ./ccip -timeout 10m -v \ No newline at end of file + go test ./ccip -timeout 10m -v diff --git a/.github/workflows/aptos-ccip-tests.yml b/.github/workflows/aptos-ccip-tests.yml index 642cabb3c..f511e2bba 100644 --- a/.github/workflows/aptos-ccip-tests.yml +++ b/.github/workflows/aptos-ccip-tests.yml @@ -35,15 +35,15 @@ jobs: fi - name: Install Aptos CLI - uses: aptos-labs/actions/install-aptos-cli@ce57287eb852b9819c1d74fecc3be187677559fd # v0.1 + uses: aptos-labs/actions/install-aptos-cli@528ef7ad9427a8c0720ea3eea790a9190d6e377d # 2026-04-09 with: CLI_VERSION: 9.1.0 - name: Checkout chainlink-aptos - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@v6 - name: Checkout chainlink - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@v6 with: repository: smartcontractkit/chainlink ref: ${{ env.CUSTOM_CORE_REF || env.DEFAULT_CORE_REF }} @@ -56,7 +56,7 @@ jobs: echo "GO_VERSION=${go_version}" >> "${GITHUB_OUTPUT}" - name: Set up Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@v6 with: go-version: ${{ steps.tool_versions.outputs.GO_VERSION }} diff --git a/.github/workflows/aptos-contracts.yml b/.github/workflows/aptos-contracts.yml index 162e41c22..f25ac8e75 100644 --- a/.github/workflows/aptos-contracts.yml +++ b/.github/workflows/aptos-contracts.yml @@ -13,10 +13,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install Aptos CLI - uses: aptos-labs/actions/install-aptos-cli@ce57287eb852b9819c1d74fecc3be187677559fd # v0.1 + uses: aptos-labs/actions/install-aptos-cli@528ef7ad9427a8c0720ea3eea790a9190d6e377d # 2026-04-09 with: CLI_VERSION: 9.1.0 diff --git a/.github/workflows/aptos-movefmt.yml b/.github/workflows/aptos-movefmt.yml index 187781e74..520a82c49 100644 --- a/.github/workflows/aptos-movefmt.yml +++ b/.github/workflows/aptos-movefmt.yml @@ -5,9 +5,9 @@ jobs: movefmt: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install Aptos CLI - uses: aptos-labs/actions/install-aptos-cli@ce57287eb852b9819c1d74fecc3be187677559fd # v0.1 + uses: aptos-labs/actions/install-aptos-cli@528ef7ad9427a8c0720ea3eea790a9190d6e377d # 2026-04-09 with: CLI_VERSION: 9.1.0 - name: Update movefmt diff --git a/.github/workflows/aptos-relayer.yml b/.github/workflows/aptos-relayer.yml index 56a52d482..64b50f8d6 100644 --- a/.github/workflows/aptos-relayer.yml +++ b/.github/workflows/aptos-relayer.yml @@ -11,7 +11,7 @@ jobs: test: name: Integration Tests runs-on: ubuntu-latest - + services: postgres: image: postgres:16 @@ -26,24 +26,24 @@ jobs: --health-retries 5 ports: - 5432:5432 - + env: TEST_DB_URL: postgres://user:pass@localhost:5432/testdb_test - + steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Extract Go version uses: ./.github/actions/check-go-version - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ env.go_version }} - name: Install Aptos CLI - uses: aptos-labs/actions/install-aptos-cli@ce57287eb852b9819c1d74fecc3be187677559fd # v0.1 + uses: aptos-labs/actions/install-aptos-cli@528ef7ad9427a8c0720ea3eea790a9190d6e377d # 2026-04-09 with: CLI_VERSION: 9.1.0 @@ -61,10 +61,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@v6 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: cache-dependency-path: go.sum go-version-file: go.mod diff --git a/.github/workflows/aptos-release.yml b/.github/workflows/aptos-release.yml index 9c7f499d4..78e1a2ef0 100644 --- a/.github/workflows/aptos-release.yml +++ b/.github/workflows/aptos-release.yml @@ -42,33 +42,39 @@ jobs: steps: - name: Setup GitHub Token id: setup-github-token - uses: smartcontractkit/.github/actions/setup-github-token@ef78fa97bf3c77de6563db1175422703e9e6674f # setup-github-token@0.2.1 + uses: smartcontractkit/.github/actions/setup-github-token@setup-github-token/v1 with: aws-role-arn: ${{ secrets.AWS_ROLE_ARN_GATI_CHANGESETS }} aws-lambda-url: ${{ secrets.AWS_LAMBDA_URL_GATI }} aws-region: ${{ secrets.AWS_REGION }} - name: Checkout this repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Compute Docker Tag id: compute-docker-tag + env: + GITHUB_REF: ${{ github.ref }} + GITHUB_REF_NAME: ${{ github.ref_name }} + GITHUB_EVENT_NAME: ${{ github.event_name }} + GITHUB_EVENT_INPUTS_VERSION: ${{ github.event.inputs.version }} + NEXT_VERSION: ${{ env.NEXT_VERSION }} run: | - BRANCH_NAME=${{ github.ref_name }} + BRANCH_NAME=${GITHUB_REF_NAME} SHORT_HASH=$(git rev-parse --short HEAD) - INPUT_VERSION="${{ github.event.inputs.version }}" + INPUT_VERSION="${GITHUB_EVENT_INPUTS_VERSION}" if [[ -n "$INPUT_VERSION" ]]; then IMAGE_TAG="${INPUT_VERSION}-aptos" elif [[ "$BRANCH_NAME" == "main" ]]; then - IMAGE_TAG="${{ env.NEXT_VERSION }}-aptos" + IMAGE_TAG="${NEXT_VERSION}-aptos" elif [[ "$BRANCH_NAME" == "develop" ]]; then - IMAGE_TAG="${{ env.NEXT_VERSION }}-develop-${SHORT_HASH}-aptos" + IMAGE_TAG="${NEXT_VERSION}-develop-${SHORT_HASH}-aptos" elif [[ "$BRANCH_NAME" == integration/* ]]; then INTEGRATION_NAME=${BRANCH_NAME#integration/} - IMAGE_TAG="${{ env.NEXT_VERSION }}-${INTEGRATION_NAME}-${SHORT_HASH}-aptos" + IMAGE_TAG="${NEXT_VERSION}-${INTEGRATION_NAME}-${SHORT_HASH}-aptos" else echo "Branch '$BRANCH_NAME' does not match expected patterns" exit 0 @@ -79,39 +85,42 @@ jobs: - name: Determine Chainlink CORE_REF id: determine-chainlink-core-ref + env: + INPUT_CORE_REF: ${{ github.event.inputs.core_ref }} + APTOS_CORE_REF: ${{ env.APTOS_CORE_REF }} run: | - if [ -n "${{ github.event.inputs.core_ref }}" ]; then - echo "CORE_REF provided as input: ${{ github.event.inputs.core_ref }}" - echo "CORE_REF=${{ github.event.inputs.core_ref }}" >> $GITHUB_ENV + if [ -n "${INPUT_CORE_REF}" ]; then + echo "CORE_REF provided as input: ${INPUT_CORE_REF}" + echo "CORE_REF=${INPUT_CORE_REF}" >> $GITHUB_ENV else - echo "No core_ref provided as input. Using default: ${{ env.APTOS_CORE_REF }}" - echo "CORE_REF=${{ env.APTOS_CORE_REF }}" >> $GITHUB_ENV + echo "No core_ref provided as input. Using default: ${APTOS_CORE_REF}" + echo "CORE_REF=${APTOS_CORE_REF}" >> $GITHUB_ENV fi - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: - aws-region: ${{ vars.AWS_REGION }} + aws-region: ${{ secrets.AWS_REGION }} role-to-assume: ${{ secrets.AWS_ROLE_ARN_PROD_PUBLISH_ECR }} role-duration-seconds: 3600 mask-aws-account-id: true - name: Login to Amazon ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 + uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 with: mask-password: "true" registries: "${{ secrets.AWS_ACCOUNT_ID_PROD}},${{ secrets.QA_AWS_ACCOUNT_NUMBER }}" - name: Set up Docker Buildx - uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 # This is not the most efficient way to check if the image exist or not. I was having trouble using aws CLI due to missing permission. We could improve this in a next iteration. - name: Check if Aptos image already exists id: check-ecr-tag + env: + IMAGE_URI: ${{ format('{0}.dkr.ecr.{1}.amazonaws.com/chainlink-internal-integrations-aptos:{2}', secrets.AWS_ACCOUNT_ID_PROD, secrets.AWS_REGION, env.IMAGE_TAG) }} run: | - IMAGE_URI="${{ secrets.AWS_ACCOUNT_ID_PROD }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com/chainlink-internal-integrations-aptos:${{ env.IMAGE_TAG }}" - # Try to pull the image if docker pull $IMAGE_URI; then echo "Image $IMAGE_URI already exists. Skipping image build and push." @@ -125,7 +134,7 @@ jobs: - name: Build and Push if: steps.check-ecr-tag.outputs.SKIP_IMAGE_BUILD == 'false' - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 id: build-image with: context: ${{ github.workspace }} @@ -138,11 +147,14 @@ jobs: - name: Determine if Prerelease if: steps.check-ecr-tag.outputs.SKIP_IMAGE_BUILD == 'false' id: determine-prerelease + env: + INPUT_PRERELEASE: ${{ github.event.inputs.prerelease }} + GITHUB_REF_NAME: ${{ github.ref_name }} run: | - if [[ -n "${{ github.event.inputs.prerelease }}" ]]; then - PRERELEASE=${{ github.event.inputs.prerelease }} + if [[ -n "${INPUT_PRERELEASE}" ]]; then + PRERELEASE=${INPUT_PRERELEASE} echo "Using provided prerelease value: $PRERELEASE" - elif [[ "${{ github.ref_name }}" == "main" ]]; then + elif [[ "${GITHUB_REF_NAME}" == "main" ]]; then PRERELEASE=false echo "Branch 'main' detected. Setting prerelease=false" else @@ -154,7 +166,7 @@ jobs: - name: Create a Release if: steps.check-ecr-tag.outputs.SKIP_IMAGE_BUILD == 'false' - uses: elgohr/Github-Release-Action@c5ea99036abb741a89f8bf1f2cd7fba845e3313a # v5 https://github.com/elgohr/Github-Release-Action/releases/tag/v5 + uses: elgohr/Github-Release-Action@3af318c9bb451e43ab8cea7fa17a5598abe94ed2 # 20240816194204 env: GH_ENTERPRISE_TOKEN: ${{ steps.setup-github-token.outputs.access-token }} with: diff --git a/.github/workflows/aptos-run-smoke-tests.yml b/.github/workflows/aptos-run-smoke-tests.yml index bced9e426..aea8910af 100644 --- a/.github/workflows/aptos-run-smoke-tests.yml +++ b/.github/workflows/aptos-run-smoke-tests.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Get core ref from PR body if: github.event_name == 'pull_request' @@ -38,7 +38,7 @@ jobs: fi - name: Checkout chainlink repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: smartcontractkit/chainlink ref: ${{ env.CUSTOM_CORE_REF || env.DEFAULT_CORE_REF }} @@ -71,7 +71,7 @@ jobs: id: go-version - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ env.go_version }} @@ -115,11 +115,11 @@ jobs: set -e cd integration-tests go mod tidy - TEST_LOG_LEVEL=${{env.TEST_LOG_LEVEL}} go test -timeout 24h -count=1 -run TestOCR3Keystone ./smoke + TEST_LOG_LEVEL=${TEST_LOG_LEVEL} go test -timeout 24h -count=1 -run TestOCR3Keystone ./smoke - name: Configure AWS Credentials if: success() && github.event.pull_request.user.login != 'dependabot[bot]' - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: aws-region: ${{ secrets.QA_AWS_REGION }} role-to-assume: ${{ secrets.QA_AWS_ROLE_TO_ASSUME }} @@ -129,19 +129,22 @@ jobs: - name: Login to Amazon ECR if: success() && github.event.pull_request.user.login != 'dependabot[bot]' id: login-ecr - uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 + uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 with: mask-password: "true" - name: Push Image to ECR if: success() && github.event.pull_request.user.login != 'dependabot[bot]' + env: + CL_ECR: ${{ env.CL_ECR }} + GITHUB_SHA: ${{ github.sha }} run: | - docker tag chainlink-aptos ${{ env.CL_ECR }}:aptos.${{ github.sha }} - docker push ${{ env.CL_ECR }}:aptos.${{ github.sha }} + docker tag chainlink-aptos ${CL_ECR}:aptos.${GITHUB_SHA} + docker push ${CL_ECR}:aptos.${GITHUB_SHA} - name: Upload Test Artifacts if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: smoke-test-logs path: ./integration-tests/logs/ diff --git a/.github/workflows/ci-protobuf.yml b/.github/workflows/ci-protobuf.yml index 194134c4f..f1fe9831a 100644 --- a/.github/workflows/ci-protobuf.yml +++ b/.github/workflows/ci-protobuf.yml @@ -8,10 +8,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup buf - uses: bufbuild/buf-setup-action@35c243d7f2a909b1d4e40399b348a7fdab27d78d # v1.34.0 + uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml index e74ff9ebd..27ba46a03 100644 --- a/.github/workflows/dependabot.yml +++ b/.github/workflows/dependabot.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ github.head_ref }} fetch-depth: 0 @@ -41,14 +41,14 @@ jobs: - name: Setup GitHub Token if: steps.commit.outputs.has_changes == 'true' id: setup-github-token - uses: smartcontractkit/.github/actions/setup-github-token@ef78fa97bf3c77de6563db1175422703e9e6674f # setup-github-token@0.2.1 + uses: smartcontractkit/.github/actions/setup-github-token@setup-github-token/v1 with: aws-role-arn: ${{ secrets.GATI_AWS_ROLE_APTOS_CICD }} aws-lambda-url: ${{ secrets.GATI_AWS_LABDA_URL_INTEGRATIONS }} aws-region: ${{ secrets.GATI_AWS_REGION }} - name: Push signed commits if: steps.commit.outputs.has_changes == 'true' - uses: asana/push-signed-commits@d615ca88d8e1a946734c24970d1e7a6c56f34897 # v1 + uses: asana/push-signed-commits@fafa843d9ca76ea7e1a217202973ff566c7fa2a4 # v1.4 with: github-token: ${{ steps.setup-github-token.outputs.access-token }} local_branch_name: ${{ github.head_ref }} diff --git a/.github/workflows/go-all.yml b/.github/workflows/go-all.yml index 7ad16cdc4..9a406c974 100644 --- a/.github/workflows/go-all.yml +++ b/.github/workflows/go-all.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Linting Go - uses: smartcontractkit/.github/actions/ci-lint-go@ci-lint-go/1.0.0 + uses: smartcontractkit/.github/actions/ci-lint-go@ci-lint-go/v4 with: golangci-lint-version: v2.4.0 golangci-lint-args: --timeout 5m @@ -22,10 +22,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Install Aptos CLI - uses: aptos-labs/actions/install-aptos-cli@ce57287eb852b9819c1d74fecc3be187677559fd # v0.1 + uses: aptos-labs/actions/install-aptos-cli@528ef7ad9427a8c0720ea3eea790a9190d6e377d # 2026-04-09 with: CLI_VERSION: 9.1.0 - name: Build and test - uses: smartcontractkit/.github/actions/ci-test-go@ci-test-go/1.0.0 + uses: smartcontractkit/.github/actions/ci-test-go@ci-test-go/v1 with: use-go-cache: true diff --git a/.tool-versions b/.tool-versions index 309ff5cb0..d6b1ca19f 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1 +1 @@ -golang 1.25.5 +golang 1.25.7 diff --git a/scripts/on-chain-data/go.mod b/scripts/on-chain-data/go.mod index d9eaf38db..ede0a7691 100644 --- a/scripts/on-chain-data/go.mod +++ b/scripts/on-chain-data/go.mod @@ -1,6 +1,6 @@ module on_chain_data -go 1.25.3 +go 1.25.7 require ( github.com/montanaflynn/stats v0.7.1