[DX-3581] CRE system tests with public images

[Tofel]

• adds a dedicated bash script for resolving chainlink image to use in the workflow
• bumps a couple of actions' versions

Tests:

• CRE system tests pass in CI ✅
• CRE system tests work with public image ✅
• CRE system tests work with private image with explicit tag and empty chainlink version ✅
• CRE system tests work with private image with explicit chainlink version and tag

[github-actions]

✅ No conflicts with other open PRs targeting develop

[trunk-io]

     

View Full Report ↗︎ ⋅ Docs

[Copilot]

Pull request overview

Risk Rating: MEDIUM

Adds a dedicated Chainlink image resolver (with tests) so CRE system tests can run against either public ECR images (full ref) or composed private ECR images (repo/tag/version), plus updates a few GitHub Action versions to support the new flow.

Changes:

• Introduces resolve-chainlink-image.sh and a bash test harness, and wires them into CRE system test execution.
• Adds a dedicated workflow to run resolver tests on PRs that touch relevant workflows/scripts.
• Updates workflow inputs and bumps action/tool versions (e.g., actions/checkout, amazon-ecr-login, gotestsum, CTF tag).

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
.github/workflows/resolve-chainlink-image-tests.yml	New CI workflow to run resolver bash tests when related files change.
.github/workflows/integration-tests.yml	Updates checkout action version and switches CRE reusable-workflow input from ecr_name to chainlink_image_repo.
.github/workflows/cre-system-tests.yaml	Adds new inputs (chainlink_full_image, chainlink_image_repo/tag), public ECR auth, and uses resolver output for CTF_CHAINLINK_IMAGE.
.github/scripts/resolve-chainlink-image.sh	New resolver script that validates and selects the Chainlink image reference based on env vars.
.github/scripts/resolve-chainlink-image_test.sh	New bash tests covering resolver priority, validation, and error cases.

Requires scrupulous human review:

• .github/workflows/cre-system-tests.yaml: the new image-selection inputs + resolver wiring, and the AWS/ECR auth changes (private + public) since they directly affect CI reliability and credential usage.

Suggested reviewers (per CODEOWNERS):

• @smartcontractkit/devex-cicd, @smartcontractkit/devex-tooling, @smartcontractkit/core (owners for /.github/**; see .github/CODEOWNERS:100-111).

[erikburt]

We have a reusable action for this dont we?

[erikburt]

https://github.com/smartcontractkit/.github/blob/27a262d7f1486f53834457ddd187a476d4762604/actions/ctf-setup-run-tests-environment/action.yml#L186

[erikburt]

https://github.com/aptos-labs/actions/tree/main/install-aptos-cli

[erikburt]

Still don't understand why this logic (and determine chainlink version) can't be put into into the actual go run . env start command? Seems like the appropriate place for it.

The logic to setup the env is being split up between shell scripts, GHAs, and go code. I think its best to consolidate it all.

[Tofel]

Logic to determine CL version is not restricted to the local CRE, but to all tests/workflows we want to run with both public and private images and these workflows include non-CRE tests.

I will look into installing Aptos CLI from Go code, but even if added to our automatic setup command, this command will not run CI, since what it does is not required in CI and would only increase execution time. Also, I did not add that step, just moved it around.

EDIT: refactored to use that official action.