Add initial build-deploy workflow

.github/workflows/build-deploy.yml

@@ -0,0 +1,73 @@
+name: Builds and pushes go-ethereum:hardhat Docker image to ECR
+
+on:
+  # keep for manual trigger if needed
+  workflow_dispatch:
+    inputs:
+      create_tag:
+        description: "Create and push a new tag?"
+        required: false
+        type: boolean
+  pull_request:
+    branches: [master]
+    types:
+      - closed
+
+env:
+  AWS_ACCOUNT_ID: "861276097334"
+  AWS_REGION: "eu-central-1"
+  ECR_REPO_NAME: "limechain-devops-task/go-ethereum"
+  IAM_OIDC_ROLE_NAME: "go-ethereum-github-actions-role"
+  GH_TOKEN: ${{ github.token }}
+
+permissions:
+  id-token: write
+  contents: write
+  pull-requests: write
+
+jobs:
+  build-and-push:
+    if: >
+      github.event_name == 'workflow_dispatch' ||
+      (github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'CI:Deploy'))
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ github.ref_name }}
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ env.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/${{ env.IAM_OIDC_ROLE_NAME }}
+          role-session-name: go-ethereum-github-actions
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        run: |
+          FULL_ECR_URL=${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com
+          aws ecr get-login-password --region ${{ env.AWS_REGION }} | docker login --username AWS --password-stdin ${FULL_ECR_URL}
+
+      - name: Get latest image tag
+        id: get-latest-tag
+        run: |
+          LATEST_TAG=$(aws ecr describe-images \
+            --repository-name ${{ env.ECR_REPO_NAME }} \
+            --region ${{ env.AWS_REGION }} \
+            --query "sort_by(imageDetails[?contains(imageTags[0], 'hardhat')], &imagePushedAt)[-1].imageTags[0]" \
+            --output text)
+          if [[ "$LATEST_TAG" == "None" ]]; then
+            NEW_TAG=hardhat-1
+          else
+            # Get only the number part from the latest hardhat tag
+            LAST_NUMBER=$(echo "$LATEST_TAG" | grep -oE '[0-9]+$')
+
+            # Increment the number and build the new tag
+            NEW_NUMBER=$((LAST_NUMBER + 1))
+            NEW_TAG="hardhat-${NEW_NUMBER}"
+            fi
+          fi
+          echo "new-tag=${NEW_TAG}" >> $GITHUB_OUTPUT

.github/workflows/build.yml

@@ -0,0 +1,122 @@
+name: Build and Push go-ethereum Docker image to ECR
+
+on:
+  # keep for manual trigger if needed
+  workflow_dispatch:
+    inputs:
+      create_tag:
+        description: "Create and push a new tag?"
+        required: false
+        type: boolean
+  pull_request:
+    branches: [master]
+    types:
+      - closed
+
+env:
+  AWS_ACCOUNT_ID: "861276097334"
+  AWS_REGION: "eu-central-1"
+  ECR_REPO_NAME: "limechain-devops-task/go-ethereum"
+  IAM_OIDC_ROLE_NAME: "go-ethereum-github-actions-role"
+  GH_TOKEN: ${{ github.token }}
+
+permissions:
+  id-token: write
+  contents: write
+  pull-requests: write
+
+jobs:
+  build-and-push:
+    if: >
+      github.event_name == 'workflow_dispatch' ||
+      (github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'CI:Build'))
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ github.ref_name }}
+
+      ### Need to be careful with dependency caches, since using GitHub-hosted runners. More info at the URL below:
+      ### https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows#about-caching-workflow-dependencies
+      - name: Cache go.mod packages
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: "go.mod"
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ env.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/${{ env.IAM_OIDC_ROLE_NAME }}
+          role-session-name: go-ethereum-github-actions
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        run: |
+          FULL_ECR_URL=${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com
+          aws ecr get-login-password --region ${{ env.AWS_REGION }} | docker login --username AWS --password-stdin ${FULL_ECR_URL}
+
+      - name: Get latest image tag
+        id: get-latest-tag
+        run: |
+          LATEST_TAG=$(aws ecr describe-images \
+            --repository-name ${{ env.ECR_REPO_NAME }} \
+            --region ${{ env.AWS_REGION }} \
+            --query 'sort_by(imageDetails,&imagePushedAt)[-1].imageTags[0]' \
+            --output text)
+          if [[ "$LATEST_TAG" == "None" ]]; then
+            NEW_TAG=1
+          else
+            NEW_TAG=$((LATEST_TAG + 1))
+          fi
+          echo "new-tag=${NEW_TAG}" >> $GITHUB_OUTPUT
+
+      - name: Build and push Docker Image
+        env:
+          COMMIT: ${{ github.sha }}
+        run: |
+          FULL_ECR_URL="${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPO_NAME }}"
+          NEW_TAG="${{ steps.get-latest-tag.outputs.new-tag }}"
+
+          # define build args for the image
+          COMMIT=${COMMIT:0:7}
+          VERSION=$NEW_TAG
+          BUILDNUM=$(git rev-list --count HEAD)
+
+          docker build \
+            --build-arg COMMIT="${COMMIT}" \
+            --build-arg VERSION="${VERSION}" \
+            --build-arg BUILDNUM="${BUILDNUM}" \
+            -t "${FULL_ECR_URL}:${NEW_TAG}" \
+            -f Dockerfile .
+
+          docker push "${FULL_ECR_URL}:${NEW_TAG}"
+
+      - name: Create a new tag
+        if: >
+          inputs.create_tag == true ||
+          (github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'CI:Build'))
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          NEW_TAG=v${{ steps.get-latest-tag.outputs.new-tag }}
+          git tag -a $NEW_TAG -m "New tag: $NEW_TAG"
+          git push origin $NEW_TAG
+
+      - name: Add a release comment in PR
+        if: >
+          inputs.create_tag == true ||
+          (github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'CI:Build'))
+        uses: actions/github-script@v7
+        id: my-script
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: ':rocket: A new tag v${{ steps.get-latest-tag.outputs.new-tag }} has been created and pushed!'
+            })

.github/workflows/go.yml

@@ -1,10 +1,10 @@
 name: i386 linux tests
 
 on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
+  # push:
+  #   branches: [ master ]
+  # pull_request:
+  #   branches: [ master ]
   workflow_dispatch:
 
 jobs:

.gitignore

@@ -43,3 +43,10 @@ profile.cov
 .vscode
 
 tests/spec-tests/
+
+.terraform
+terraform.tfstate*
+.terraform.tfstate.lock.info
+
+.env
+geth-data/

Makefile

@@ -2,7 +2,7 @@
 # with Go source code. If you know what GOPATH is then you probably
 # don't need to bother with make.
 
-.PHONY: geth all test lint fmt clean devtools help
+.PHONY: geth all test lint fmt clean devtools docker-login help
 
 GOBIN = ./build/bin
 GO ?= latest
@@ -47,6 +47,10 @@ devtools:
 	@type "solc" 2> /dev/null || echo 'Please install solc'
 	@type "protoc" 2> /dev/null || echo 'Please install protoc'
 
+#? docker-login: Login to the ECR repo containing the go-ethereum image.
+docker-login:
+	aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin 861276097334.dkr.ecr.eu-central-1.amazonaws.com
+
 #? help: Get more info on make commands.
 help: Makefile
 	@echo ''