diff --git a/.github/workflows/pull-request-main.yml b/.github/workflows/pull-request-main.yml index 9b940b715..a8a6d6624 100644 --- a/.github/workflows/pull-request-main.yml +++ b/.github/workflows/pull-request-main.yml @@ -79,9 +79,43 @@ jobs: id-token: write contents: read actions: read - env: - CATALOG_SERVICE_IMAGE: ${{ secrets.AWS_ACCOUNT_NUMBER_PROD }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/op-catalog-service:latest steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Configure AWS credentials for ECR + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + role-to-assume: ${{ secrets.ECR_READ_ROLE_ARN }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Get latest catalog service tag from ECR + id: get-catalog-tag + run: | + # Fetch the latest semantic version tag from ECR + # Sort images by push date (latest first) and find the first semver tag + LATEST_TAG=$(aws ecr describe-images \ + --repository-name op-catalog-service \ + --region ${{ secrets.AWS_REGION }} \ + --registry-id ${{ secrets.AWS_ACCOUNT_NUMBER_PROD }} \ + --query 'reverse(sort_by(imageDetails,& imagePushedAt))' \ + --output json | \ + jq -r ' + [.[] | + select(.imageTags != null) | + .imageTags[] | + select(test("^v[0-9]+\\.[0-9]+\\.[0-9]+$")) + ] | first + ') + + if [[ -z "${LATEST_TAG}" ]] || [[ "${LATEST_TAG}" == "null" ]]; then + echo "::error::Could not find a valid semantic version tag in ECR" + exit 1 + fi + + echo "Latest catalog service tag from ECR: ${LATEST_TAG}" + echo "tag=${LATEST_TAG}" >> "${GITHUB_OUTPUT}" + - name: Pull Catalog Service ECR Image uses: smartcontractkit/.github/actions/pull-private-ecr-image@2f8f0baf38e46140c6a119eb551a56eaaabcc09e # pull-private-ecr-image@1.0.0 with: @@ -89,7 +123,7 @@ jobs: aws-region: ${{ secrets.AWS_REGION }} aws-role-arn: ${{ secrets.ECR_READ_ROLE_ARN }} ecr-repository: "op-catalog-service" - image-tag: "latest" + image-tag: ${{ steps.get-catalog-tag.outputs.tag }} - name: Run Catalog Remote Integration Tests uses: smartcontractkit/.github/actions/ci-test-go@dfcba48f05933158428bce867d790e3d5a9baa6b # ci-test-go@1.1.0 @@ -98,6 +132,8 @@ jobs: go-test-cmd: cd datastore/catalog/remote && go test -v -race -timeout 10m -gcflags=all=-d=checkptr=0 -coverprofile=../../../coverage.txt use-go-cache: true artifact-name: catalog-remote-tests + env: + CATALOG_SERVICE_IMAGE: ${{ secrets.AWS_ACCOUNT_NUMBER_PROD }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/op-catalog-service:${{ steps.get-catalog-tag.outputs.tag }} sonarqube: name: Sonar Scan diff --git a/.github/workflows/schedule-main.yml b/.github/workflows/schedule-main.yml index 1505a1186..da24af6f0 100644 --- a/.github/workflows/schedule-main.yml +++ b/.github/workflows/schedule-main.yml @@ -75,9 +75,43 @@ jobs: id-token: write contents: read actions: read - env: - CATALOG_SERVICE_IMAGE: ${{ secrets.AWS_ACCOUNT_NUMBER_PROD }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/op-catalog-service:latest steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Configure AWS credentials for ECR + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + role-to-assume: ${{ secrets.ECR_READ_ROLE_ARN }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Get latest catalog service tag from ECR + id: get-catalog-tag + run: | + # Fetch the latest semantic version tag from ECR + # Sort images by push date (latest first) and find the first semver tag + LATEST_TAG=$(aws ecr describe-images \ + --repository-name op-catalog-service \ + --region ${{ secrets.AWS_REGION }} \ + --registry-id ${{ secrets.AWS_ACCOUNT_NUMBER_PROD }} \ + --query 'reverse(sort_by(imageDetails,& imagePushedAt))' \ + --output json | \ + jq -r ' + [.[] | + select(.imageTags != null) | + .imageTags[] | + select(test("^v[0-9]+\\.[0-9]+\\.[0-9]+$")) + ] | first + ') + + if [[ -z "${LATEST_TAG}" ]] || [[ "${LATEST_TAG}" == "null" ]]; then + echo "::error::Could not find a valid semantic version tag in ECR" + exit 1 + fi + + echo "Latest catalog service tag from ECR: ${LATEST_TAG}" + echo "tag=${LATEST_TAG}" >> "${GITHUB_OUTPUT}" + - name: Pull Catalog Service ECR Image uses: smartcontractkit/.github/actions/pull-private-ecr-image@2f8f0baf38e46140c6a119eb551a56eaaabcc09e # pull-private-ecr-image@1.0.0 with: @@ -85,7 +119,7 @@ jobs: aws-region: ${{ secrets.AWS_REGION }} aws-role-arn: ${{ secrets.ECR_READ_ROLE_ARN }} ecr-repository: "op-catalog-service" - image-tag: "latest" + image-tag: ${{ steps.get-catalog-tag.outputs.tag }} - name: Run Catalog Remote Integration Tests uses: smartcontractkit/.github/actions/ci-test-go@dfcba48f05933158428bce867d790e3d5a9baa6b # ci-test-go@1.1.0 @@ -94,6 +128,8 @@ jobs: go-test-cmd: cd datastore/catalog/remote && go test -v -race -timeout 10m -gcflags=all=-d=checkptr=0 -coverprofile=../../../coverage.txt use-go-cache: true artifact-name: catalog-remote-tests + env: + CATALOG_SERVICE_IMAGE: ${{ secrets.AWS_ACCOUNT_NUMBER_PROD }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/op-catalog-service:${{ steps.get-catalog-tag.outputs.tag }} sonarqube: name: Sonar Scan