From e9ac94f822e658af542366d9ef72754e2f62943e Mon Sep 17 00:00:00 2001 From: Jade Park Date: Mon, 1 Dec 2025 14:45:14 +0000 Subject: [PATCH 1/8] feat: run e2e against w/ contract version --- .github/workflows/ccip-integration-test.yml | 19 ++++++++++++++++++- scripts/.staging_contract_version | 1 + scripts/e2e/lib.sh | 4 +++- 3 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 scripts/.staging_contract_version diff --git a/.github/workflows/ccip-integration-test.yml b/.github/workflows/ccip-integration-test.yml index a8f8654a9..27ac882ea 100644 --- a/.github/workflows/ccip-integration-test.yml +++ b/.github/workflows/ccip-integration-test.yml @@ -50,11 +50,20 @@ jobs: fail-fast: false matrix: type: - # Note: list of tests, add more tests here + # Tests with LOCAL contracts (latest changes) - name: "TON2EVM Messaging Test" cmd: "cd integration-tests && go test ./smoke/ccip -run Test_CCIPMessaging_TON2EVM -timeout 20m -test.parallel=1 -count=1 -json" + contract_mode: "local" - name: "EVM2TON Messaging Test" cmd: "cd integration-tests && go test ./smoke/ccip -run Test_CCIPMessaging_EVM2TON -timeout 20m -test.parallel=1 -count=1 -json" + contract_mode: "local" + # Tests with STAGING contracts (deployed version compatibility) + - name: "TON2EVM Messaging Test (Staging Compat)" + cmd: "cd integration-tests && go test ./smoke/ccip -run Test_CCIPMessaging_TON2EVM -timeout 20m -test.parallel=1 -count=1 -json" + contract_mode: "staging" + - name: "EVM2TON Messaging Test (Staging Compat)" + cmd: "cd integration-tests && go test ./smoke/ccip -run Test_CCIPMessaging_EVM2TON -timeout 20m -test.parallel=1 -count=1 -json" + contract_mode: "staging" name: ${{ matrix.type.name }} # ubuntu-latest: 4 / 16 GB / 150GB SSD https://github.com/smartcontractkit/chainlink-ton/actions/runners @@ -114,13 +123,21 @@ jobs: ref: ${{ steps.read_core_ref.outputs.CORE_REF }} path: chainlink + # Only build contracts for "local" mode tests - name: Build contracts + if: matrix.type.contract_mode == 'local' run: | cd contracts nix develop .#contracts -c yarn && yarn build - name: Setup Environment and Run Tests run: | + if [ "${{ matrix.type.contract_mode }}" == "local" ]; then + export CCIP_CONTRACTS_TON_VERSION="local" + else + export CCIP_CONTRACTS_TON_VERSION=$(cat ./scripts/.staging_contract_version | tr -d '[:space:]') + fi + echo "Testing with contract version: $CCIP_CONTRACTS_TON_VERSION" nix develop .#ccip-e2e -c scripts/e2e/setup-env.sh --core-dir "${GITHUB_WORKSPACE}/chainlink" nix develop .#ccip-e2e -c scripts/e2e/run-test.sh --core-dir "${GITHUB_WORKSPACE}/chainlink" --test-command "${{ matrix.type.cmd }}" --clean-logs diff --git a/scripts/.staging_contract_version b/scripts/.staging_contract_version new file mode 100644 index 000000000..cdaea2e1f --- /dev/null +++ b/scripts/.staging_contract_version @@ -0,0 +1 @@ +7e49136b6205 diff --git a/scripts/e2e/lib.sh b/scripts/e2e/lib.sh index 5d90b52de..cecb12451 100644 --- a/scripts/e2e/lib.sh +++ b/scripts/e2e/lib.sh @@ -166,6 +166,8 @@ setup_contracts() { log_info "Linking contracts to chainlink core (no copy, direct reference via symlink)..." ln -sfn "$ROOT_DIR/contracts" "$chainlink_core_dir/contracts" - export CCIP_CONTRACTS_TON_VERSION="local" + # Default to "local" if not already set externally + export CCIP_CONTRACTS_TON_VERSION="${CCIP_CONTRACTS_TON_VERSION:-local}" + log_info "Contracts version: $CCIP_CONTRACTS_TON_VERSION" log_info "Contracts ready at $chainlink_core_dir/contracts -> $ROOT_DIR/contracts" } From 903045f1510802b9076fcbbaacf5ec9f0da6792a Mon Sep 17 00:00:00 2001 From: Jade Park Date: Mon, 1 Dec 2025 15:38:19 +0000 Subject: [PATCH 2/8] refactor: split workflows --- .github/actions/ccip-e2e-setup/action.yml | 73 +++++++++++ .github/ccip-ton-tests.yml | 16 +++ .github/workflows/ccip-integration-test.yml | 129 ++++++-------------- .github/workflows/ccip-staging-compat.yml | 101 +++++++++++++++ 4 files changed, 226 insertions(+), 93 deletions(-) create mode 100644 .github/actions/ccip-e2e-setup/action.yml create mode 100644 .github/ccip-ton-tests.yml create mode 100644 .github/workflows/ccip-staging-compat.yml diff --git a/.github/actions/ccip-e2e-setup/action.yml b/.github/actions/ccip-e2e-setup/action.yml new file mode 100644 index 000000000..62ecd7d53 --- /dev/null +++ b/.github/actions/ccip-e2e-setup/action.yml @@ -0,0 +1,73 @@ +name: 'CCIP E2E Setup' +description: 'Common setup for CCIP E2E tests - caches, dependencies, and environment' + +inputs: + contract_version: + description: 'Contract version to test against (local or commit SHA)' + required: true + default: 'local' + build_contracts: + description: 'Whether to build contracts locally' + required: false + default: 'true' + +runs: + using: 'composite' + steps: + - name: Restore cached docker images + uses: actions/cache@v4 + id: docker-cache-restore + with: + path: ${{ github.workspace }}/.cache/ccip-e2e-docker-images.tar + key: ccip-e2e-images-v2 + + - name: Load docker images + if: steps.docker-cache-restore.outputs.cache-hit == 'true' + shell: bash + run: | + echo "Cache hit. Loading images from tarball..." + docker load -i ${{ github.workspace }}/.cache/ccip-e2e-docker-images.tar + + - name: Install Nix + uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31 + with: + nix_path: nixpkgs=channel:nixos-unstable + + - name: Cache Go modules + uses: actions/cache@v4 + with: + path: | + /home/runner/.cache/go-build + /home/runner/go/pkg/mod + key: go-${{ hashFiles('**/go.sum', 'chainlink/**/go.sum') }} + + - name: Read Chainlink Core Ref + id: read_core_ref + shell: bash + run: echo "CORE_REF=$(cat ./scripts/.core_version | tr -d '[:space:]')" >> $GITHUB_OUTPUT + + - name: Cache Chainlink Core repo + uses: actions/cache@v4 + id: core-cache + with: + path: chainlink + key: core-${{ steps.read_core_ref.outputs.CORE_REF }} + + - name: Checkout Chainlink Core repo + if: steps.core-cache.outputs.cache-hit != 'true' + uses: actions/checkout@v5 + with: + repository: smartcontractkit/chainlink + ref: ${{ steps.read_core_ref.outputs.CORE_REF }} + path: chainlink + + - name: Build contracts + if: inputs.build_contracts == 'true' + shell: bash + run: | + cd contracts + nix develop .#contracts -c yarn && yarn build + + - name: Set contract version environment + shell: bash + run: echo "CCIP_CONTRACTS_TON_VERSION=${{ inputs.contract_version }}" >> $GITHUB_ENV diff --git a/.github/ccip-ton-tests.yml b/.github/ccip-ton-tests.yml new file mode 100644 index 000000000..c910422d0 --- /dev/null +++ b/.github/ccip-ton-tests.yml @@ -0,0 +1,16 @@ +# CCIP TON E2E Test Definitions +# This file is the single source of truth for CCIP TON integration tests. +# Both ccip-integration-test.yml and ccip-staging-compat.yml workflows read from this file. +# +# To add a new test: +# 1. Add an entry to the 'tests' list below +# 2. The test will automatically run in both local and staging compatibility checks + +tests: + - id: ccip_messaging_ton2evm + name: "TON2EVM Messaging Test" + cmd: "cd integration-tests && go test ./smoke/ccip -run Test_CCIPMessaging_TON2EVM -timeout 20m -test.parallel=1 -count=1 -json" + + - id: ccip_messaging_evm2ton + name: "EVM2TON Messaging Test" + cmd: "cd integration-tests && go test ./smoke/ccip -run Test_CCIPMessaging_EVM2TON -timeout 20m -test.parallel=1 -count=1 -json" diff --git a/.github/workflows/ccip-integration-test.yml b/.github/workflows/ccip-integration-test.yml index 27ac882ea..3bbd68fb0 100644 --- a/.github/workflows/ccip-integration-test.yml +++ b/.github/workflows/ccip-integration-test.yml @@ -14,10 +14,10 @@ env: DOCKER_CACHE_KEY: ccip-e2e-images-v2 DOCKER_CACHE_DIR: ${{ github.workspace }}/.cache DOCKER_CACHE_TAR_NAME: ccip-e2e-docker-images.tar - # mylocalton docker image / CCIP E2E test database image DOCKER_IMAGES: >- ghcr.io/neodix42/mylocalton-docker:v3.7 postgres:16-alpine + jobs: prepare-images: name: Prepare and Cache Docker Images @@ -44,124 +44,67 @@ jobs: docker save ${{ env.DOCKER_IMAGES }} \ -o ${{ env.DOCKER_CACHE_DIR }}/${{ env.DOCKER_CACHE_TAR_NAME }} - integration-test-matrix: - needs: prepare-images - strategy: - fail-fast: false - matrix: - type: - # Tests with LOCAL contracts (latest changes) - - name: "TON2EVM Messaging Test" - cmd: "cd integration-tests && go test ./smoke/ccip -run Test_CCIPMessaging_TON2EVM -timeout 20m -test.parallel=1 -count=1 -json" - contract_mode: "local" - - name: "EVM2TON Messaging Test" - cmd: "cd integration-tests && go test ./smoke/ccip -run Test_CCIPMessaging_EVM2TON -timeout 20m -test.parallel=1 -count=1 -json" - contract_mode: "local" - # Tests with STAGING contracts (deployed version compatibility) - - name: "TON2EVM Messaging Test (Staging Compat)" - cmd: "cd integration-tests && go test ./smoke/ccip -run Test_CCIPMessaging_TON2EVM -timeout 20m -test.parallel=1 -count=1 -json" - contract_mode: "staging" - - name: "EVM2TON Messaging Test (Staging Compat)" - cmd: "cd integration-tests && go test ./smoke/ccip -run Test_CCIPMessaging_EVM2TON -timeout 20m -test.parallel=1 -count=1 -json" - contract_mode: "staging" - - name: ${{ matrix.type.name }} - # ubuntu-latest: 4 / 16 GB / 150GB SSD https://github.com/smartcontractkit/chainlink-ton/actions/runners - runs-on: ubuntu-latest-4cores-16GB + load-tests: + name: Load Test Matrix + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - name: Checkout Repository uses: actions/checkout@v5 - - name: Restore cached docker images - id: docker-cache-restore - uses: actions/cache@v4 - with: - path: ${{ env.DOCKER_CACHE_DIR }}/${{ env.DOCKER_CACHE_TAR_NAME }} - key: ${{ env.DOCKER_CACHE_KEY }} - - - name: Load docker images - if: steps.docker-cache-restore.outputs.cache-hit == 'true' + - name: Load test definitions + id: set-matrix run: | - echo "Cache hit for key '${{ env.DOCKER_CACHE_KEY }}'. Loading images from tarball..." - docker load -i ${{ env.DOCKER_CACHE_DIR }}/${{ env.DOCKER_CACHE_TAR_NAME }} - - - name: Install Nix - uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31 - with: - nix_path: nixpkgs=channel:nixos-unstable - - # cache Go build artifacts and modules to speed up subsequent runs - # key includes go.sum files from both chainlink-ton and chainlink core repos - # paths are standard Go cache locations on GitHub Actions runners - - name: Cache Go modules - uses: actions/cache@v4 - with: - path: | - /home/runner/.cache/go-build - /home/runner/go/pkg/mod - key: go-${{ hashFiles('**/go.sum', 'chainlink/**/go.sum') }} - - - name: Read Chainlink Core Ref from .core_version - id: read_core_ref - run: echo "CORE_REF=$(cat ./scripts/.core_version | tr -d '[:space:]')" >> $GITHUB_OUTPUT - - # cache the entire Chainlink Core repository to avoid re-cloning - # key is based on the exact commit SHA from .core_version file - # only checkout if cache miss occurs - - name: Cache Chainlink Core repo - uses: actions/cache@v4 - id: core-cache - with: - path: chainlink - key: core-${{ steps.read_core_ref.outputs.CORE_REF }} + MATRIX=$(yq -o=json '.tests' .github/ccip-ton-tests.yml) + echo "matrix=$MATRIX" >> $GITHUB_OUTPUT - - name: Checkout Chainlink Core repo - if: steps.core-cache.outputs.cache-hit != 'true' + integration-test: + name: ${{ matrix.test.name }} + needs: [prepare-images, load-tests] + runs-on: ubuntu-latest-4cores-16GB + strategy: + fail-fast: false + matrix: + test: ${{ fromJson(needs.load-tests.outputs.matrix) }} + steps: + - name: Checkout Repository uses: actions/checkout@v5 - with: - repository: smartcontractkit/chainlink - ref: ${{ steps.read_core_ref.outputs.CORE_REF }} - path: chainlink - # Only build contracts for "local" mode tests - - name: Build contracts - if: matrix.type.contract_mode == 'local' - run: | - cd contracts - nix develop .#contracts -c yarn && yarn build + - name: Setup E2E Environment + uses: ./.github/actions/ccip-e2e-setup + with: + contract_version: 'local' + build_contracts: 'true' - - name: Setup Environment and Run Tests + - name: Run Tests run: | - if [ "${{ matrix.type.contract_mode }}" == "local" ]; then - export CCIP_CONTRACTS_TON_VERSION="local" - else - export CCIP_CONTRACTS_TON_VERSION=$(cat ./scripts/.staging_contract_version | tr -d '[:space:]') - fi echo "Testing with contract version: $CCIP_CONTRACTS_TON_VERSION" nix develop .#ccip-e2e -c scripts/e2e/setup-env.sh --core-dir "${GITHUB_WORKSPACE}/chainlink" - nix develop .#ccip-e2e -c scripts/e2e/run-test.sh --core-dir "${GITHUB_WORKSPACE}/chainlink" --test-command "${{ matrix.type.cmd }}" --clean-logs + nix develop .#ccip-e2e -c scripts/e2e/run-test.sh --core-dir "${GITHUB_WORKSPACE}/chainlink" --test-command "${{ matrix.test.cmd }}" --clean-logs - - name: Upload e2e test logs on success + - name: Upload test logs on success if: success() uses: actions/upload-artifact@v4 with: - name: ccip-test-logs-${{ matrix.type.name }} + name: ccip-test-logs-${{ matrix.test.id }} path: chainlink/integration-tests/smoke/ccip/logs/ retention-days: 3 - - name: Upload e2e test logs on failure + - name: Upload test logs on failure if: failure() uses: actions/upload-artifact@v4 with: - name: ccip-test-logs-${{ matrix.type.name }} + name: ccip-test-logs-${{ matrix.test.id }} path: chainlink/integration-tests/smoke/ccip/logs/ retention-days: 7 - integration-test-ccip: + integration-test-status: + name: Integration Tests Status if: always() runs-on: ubuntu-latest - needs: [integration-test-matrix] + needs: [integration-test] steps: - - name: Fail if any CCIP test failed - if: always() && needs.integration-test-matrix.result == 'failure' + - name: Check test results + if: needs.integration-test.result == 'failure' run: exit 1 diff --git a/.github/workflows/ccip-staging-compat.yml b/.github/workflows/ccip-staging-compat.yml new file mode 100644 index 000000000..8eff35fcb --- /dev/null +++ b/.github/workflows/ccip-staging-compat.yml @@ -0,0 +1,101 @@ +name: "TON - CCIP Staging Compatibility" + +# This workflow tests plugin compatibility with staging-deployed contracts. +# It serves as an early warning system - failures indicate that merging this PR +# will break staging until contracts are also updated. +# +# This workflow is INFORMATIONAL and should NOT be required for merge. +# Configure branch protection to only require "TON - CCIP Integration Tests". + +on: + pull_request: + push: + branches: + - "main" + +permissions: + contents: read + actions: read + +env: + DOCKER_CACHE_KEY: ccip-e2e-images-v2 + DOCKER_CACHE_DIR: ${{ github.workspace }}/.cache + DOCKER_CACHE_TAR_NAME: ccip-e2e-docker-images.tar + +jobs: + load-tests: + name: Load Test Matrix + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + staging_version: ${{ steps.read-staging.outputs.version }} + steps: + - name: Checkout Repository + uses: actions/checkout@v5 + + - name: Load test definitions + id: set-matrix + run: | + MATRIX=$(yq -o=json '.tests' .github/ccip-ton-tests.yml) + echo "matrix=$MATRIX" >> $GITHUB_OUTPUT + + - name: Read staging contract version + id: read-staging + run: | + VERSION=$(cat ./scripts/.staging_contract_version | tr -d '[:space:]') + echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "Staging contract version: $VERSION" + + staging-compat-test: + name: "${{ matrix.test.name }} (Staging)" + needs: [load-tests] + runs-on: ubuntu-latest-4cores-16GB + strategy: + fail-fast: false + matrix: + test: ${{ fromJson(needs.load-tests.outputs.matrix) }} + steps: + - name: Checkout Repository + uses: actions/checkout@v5 + + - name: Setup E2E Environment + uses: ./.github/actions/ccip-e2e-setup + with: + contract_version: ${{ needs.load-tests.outputs.staging_version }} + build_contracts: 'false' + + - name: Run Tests + run: | + echo "Testing staging compatibility with contract version: $CCIP_CONTRACTS_TON_VERSION" + nix develop .#ccip-e2e -c scripts/e2e/setup-env.sh --core-dir "${GITHUB_WORKSPACE}/chainlink" + nix develop .#ccip-e2e -c scripts/e2e/run-test.sh --core-dir "${GITHUB_WORKSPACE}/chainlink" --test-command "${{ matrix.test.cmd }}" --clean-logs + + - name: Upload test logs on success + if: success() + uses: actions/upload-artifact@v4 + with: + name: ccip-staging-compat-logs-${{ matrix.test.id }} + path: chainlink/integration-tests/smoke/ccip/logs/ + retention-days: 3 + + - name: Upload test logs on failure + if: failure() + uses: actions/upload-artifact@v4 + with: + name: ccip-staging-compat-logs-${{ matrix.test.id }} + path: chainlink/integration-tests/smoke/ccip/logs/ + retention-days: 7 + + staging-compat-status: + name: Staging Compatibility Status + if: always() + runs-on: ubuntu-latest + needs: [staging-compat-test] + steps: + - name: Report staging compatibility + run: | + if [ "${{ needs.staging-compat-test.result }}" == "failure" ]; then + echo "::warning::Staging compatibility tests failed. After merging, staging contracts must be updated." + exit 1 + fi + echo "Staging compatibility tests passed." From 9ea8fc76d16320787f35cb63abdb413de5b0826c Mon Sep 17 00:00:00 2001 From: Jade Park Date: Mon, 1 Dec 2025 15:39:46 +0000 Subject: [PATCH 3/8] fix: parsing --- .github/workflows/ccip-integration-test.yml | 2 +- .github/workflows/ccip-staging-compat.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ccip-integration-test.yml b/.github/workflows/ccip-integration-test.yml index 3bbd68fb0..1ea723653 100644 --- a/.github/workflows/ccip-integration-test.yml +++ b/.github/workflows/ccip-integration-test.yml @@ -56,7 +56,7 @@ jobs: - name: Load test definitions id: set-matrix run: | - MATRIX=$(yq -o=json '.tests' .github/ccip-ton-tests.yml) + MATRIX=$(yq -o=json -I=0 '.tests' .github/ccip-ton-tests.yml) echo "matrix=$MATRIX" >> $GITHUB_OUTPUT integration-test: diff --git a/.github/workflows/ccip-staging-compat.yml b/.github/workflows/ccip-staging-compat.yml index 8eff35fcb..69264d42c 100644 --- a/.github/workflows/ccip-staging-compat.yml +++ b/.github/workflows/ccip-staging-compat.yml @@ -36,7 +36,7 @@ jobs: - name: Load test definitions id: set-matrix run: | - MATRIX=$(yq -o=json '.tests' .github/ccip-ton-tests.yml) + MATRIX=$(yq -o=json -I=0 '.tests' .github/ccip-ton-tests.yml) echo "matrix=$MATRIX" >> $GITHUB_OUTPUT - name: Read staging contract version From 296a2112811068e96a9a6c01906f3d9a8459623d Mon Sep 17 00:00:00 2001 From: Jade Park Date: Mon, 1 Dec 2025 16:35:41 +0000 Subject: [PATCH 4/8] chore: merge conflict --- .github/actions/ccip-e2e-setup/action.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/actions/ccip-e2e-setup/action.yml b/.github/actions/ccip-e2e-setup/action.yml index 62ecd7d53..35b854b1e 100644 --- a/.github/actions/ccip-e2e-setup/action.yml +++ b/.github/actions/ccip-e2e-setup/action.yml @@ -14,6 +14,17 @@ inputs: runs: using: 'composite' steps: + - name: Free Disk Space + uses: smartcontractkit/.github/actions/free-disk-space@free-disk-space/v1 + + - name: Relocate Nix store to /mnt + shell: bash + run: | + sudo mkdir -p /mnt/nix + sudo mkdir -p /nix + sudo mount --bind /mnt/nix /nix + df -h /nix /mnt + - name: Restore cached docker images uses: actions/cache@v4 id: docker-cache-restore From c119c94febe7a8cbf07fb589706f33a2777890c4 Mon Sep 17 00:00:00 2001 From: Jade Park Date: Wed, 3 Dec 2025 11:27:50 +0000 Subject: [PATCH 5/8] fix: staging redeployment --- scripts/.staging_contract_version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/.staging_contract_version b/scripts/.staging_contract_version index cdaea2e1f..f57983037 100644 --- a/scripts/.staging_contract_version +++ b/scripts/.staging_contract_version @@ -1 +1 @@ -7e49136b6205 +6729cee0a172 From 7df9940b972ae317c050a2513dc61e5bf58acad0 Mon Sep 17 00:00:00 2001 From: Jade Park Date: Wed, 3 Dec 2025 22:18:39 +0000 Subject: [PATCH 6/8] chore: staging redeployment --- scripts/.staging_contract_version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/.staging_contract_version b/scripts/.staging_contract_version index f57983037..805496400 100644 --- a/scripts/.staging_contract_version +++ b/scripts/.staging_contract_version @@ -1 +1 @@ -6729cee0a172 +43d7a93089fe From e94fdc841e59c2ef9b6be2c38e9d872041c17079 Mon Sep 17 00:00:00 2001 From: Jade Park Date: Wed, 3 Dec 2025 22:44:13 +0000 Subject: [PATCH 7/8] fix: required name --- .github/workflows/ccip-integration-test.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ccip-integration-test.yml b/.github/workflows/ccip-integration-test.yml index 1ea723653..f2db1287b 100644 --- a/.github/workflows/ccip-integration-test.yml +++ b/.github/workflows/ccip-integration-test.yml @@ -99,8 +99,7 @@ jobs: path: chainlink/integration-tests/smoke/ccip/logs/ retention-days: 7 - integration-test-status: - name: Integration Tests Status + integration-test-ccip: if: always() runs-on: ubuntu-latest needs: [integration-test] From 4c6d8254bc43dca0f413a32ded558301059eacb5 Mon Sep 17 00:00:00 2001 From: Jade Park Date: Fri, 5 Dec 2025 18:12:46 +0000 Subject: [PATCH 8/8] feat: extra validation --- .github/actions/ccip-e2e-setup/action.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/actions/ccip-e2e-setup/action.yml b/.github/actions/ccip-e2e-setup/action.yml index 35b854b1e..658fcda6a 100644 --- a/.github/actions/ccip-e2e-setup/action.yml +++ b/.github/actions/ccip-e2e-setup/action.yml @@ -55,7 +55,14 @@ runs: - name: Read Chainlink Core Ref id: read_core_ref shell: bash - run: echo "CORE_REF=$(cat ./scripts/.core_version | tr -d '[:space:]')" >> $GITHUB_OUTPUT + run: | + CORE_REF=$(cat ./scripts/.core_version | tr -d '[:space:]') + # Validate it's a 40-char hex SHA (not a branch name) + if [[ ! "$CORE_REF" =~ ^[0-9a-f]{40}$ ]]; then + echo "ERROR: .core_version must be a full commit SHA, got: $CORE_REF" + exit 1 + fi + echo "CORE_REF=$CORE_REF" >> $GITHUB_OUTPUT - name: Cache Chainlink Core repo uses: actions/cache@v4 @@ -71,6 +78,7 @@ runs: repository: smartcontractkit/chainlink ref: ${{ steps.read_core_ref.outputs.CORE_REF }} path: chainlink + persist-credentials: false - name: Build contracts if: inputs.build_contracts == 'true'