-
Notifications
You must be signed in to change notification settings - Fork 51
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
**Reason for Change**: - Automate the release workflow. - Use [Reusable workflows](https://docs.github.com/en/actions/using-workflows/reusing-workflows#reusable-workflows-and-starter-workflows) instead of workflow_dispatch. This will enhance the usability of e2e pipeline. - Remove unnecessary jobs. - Fix goreleaser to pick the current tag. - Add option to update k8s version for upcoming pipelines. **Requirements** - [ ] added unit tests and e2e tests (if applicable). **Issue Fixed**: <!-- If this PR fixes GitHub issue 4321, add "Fixes #4321" to the next line. --> **Notes for Reviewers**: --------- Signed-off-by: Heba Elayoty <[email protected]>
- Loading branch information
Showing
13 changed files
with
367 additions
and
283 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,40 +1,66 @@ | ||
name: e2e-test | ||
|
||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | ||
cancel-in-progress: true | ||
name: kaito-e2e-workflow | ||
|
||
on: | ||
push: | ||
branches: [main] | ||
paths-ignore: ['docs/**', '**.md', '**.mdx', '**.png', '**.jpg'] | ||
pull_request: | ||
branches: [main] | ||
paths-ignore: ['docs/**', '**.md', '**.mdx', '**.png', '**.jpg'] | ||
repository_dispatch: | ||
types: [ release-tag ] | ||
branches: [ release-** ] | ||
|
||
env: | ||
GO_VERSION: "1.20" | ||
workflow_call: | ||
inputs: | ||
git_sha: | ||
type: string | ||
required: true | ||
tag: | ||
type: string | ||
isRelease: | ||
type: boolean | ||
default: false | ||
registry: | ||
type: string | ||
region: | ||
type: string | ||
description: "the azure location to run the e2e test in" | ||
default: "eastus" | ||
k8s_version: | ||
type: string | ||
default: "1.27" | ||
secrets: | ||
E2E_CLIENT_ID: | ||
required: true | ||
E2E_TENANT_ID: | ||
required: true | ||
E2E_SUBSCRIPTION_ID: | ||
required: true | ||
E2E_AMRT_SECRET_NAME: | ||
required: true | ||
E2E_ACR_AMRT_USERNAME: | ||
required: true | ||
E2E_ACR_AMRT_PASSWORD: | ||
required: true | ||
|
||
permissions: | ||
id-token: write # This is required for requesting the JWT | ||
contents: read # This is required for actions/checkout | ||
|
||
jobs: | ||
e2e-tests: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
id-token: write # This is required for requesting the JWT | ||
environment: e2e-test | ||
env: | ||
GO_VERSION: "1.20" | ||
|
||
steps: | ||
- name: Shorten SHA | ||
if: ${{ !github.event.client_payload.isRelease }} | ||
id: vars | ||
run: echo "pr_sha_short=$(git rev-parse --short ${{ github.event.pull_request.head.sha }})" >> $GITHUB_OUTPUT | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | ||
with: | ||
egress-policy: audit | ||
|
||
- name: Checkout | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
with: | ||
ref: ${{ inputs.git_sha }} | ||
|
||
- name: Set e2e Resource and Cluster Name | ||
run: | | ||
rand=${{ steps.vars.outputs.pr_sha_short }} | ||
rand=$(git rev-parse --short ${{ inputs.git_sha }}) | ||
if [ "$rand" = "" ]; then | ||
rand=$RANDOM | ||
|
@@ -46,36 +72,22 @@ jobs: | |
echo "REGISTRY=kaito${rand}.azurecr.io" >> $GITHUB_ENV | ||
- name: Set Registry | ||
if: ${{ github.event.client_payload.isRelease }} | ||
if: ${{ inputs.isRelease }} | ||
run: | | ||
echo "REGISTRY=${{ github.event.client_payload.registry }}" >> $GITHUB_ENV | ||
echo "VERSION=$(echo ${{ github.event.client_payload.tag }} | tr -d v)" >> $GITHUB_ENV | ||
echo "REGISTRY=${{ inputs.registry }}" >> $GITHUB_ENV | ||
echo "VERSION=$(echo ${{ inputs.tag }} | tr -d v)" >> $GITHUB_ENV | ||
- name: Set up Go ${{ env.GO_VERSION }} | ||
uses: actions/setup-go@v5 | ||
with: | ||
go-version: ${{ env.GO_VERSION }} | ||
|
||
- name: Checkout | ||
if: ${{ !github.event.client_payload.isRelease }} | ||
uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
fetch-depth: 0 | ||
|
||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
if: ${{ github.event.client_payload.isRelease }} | ||
with: | ||
fetch-depth: 0 | ||
submodules: true | ||
ref: ${{ env.REPO_TAG }} | ||
|
||
- uses: azure/[email protected] | ||
- name: Az login | ||
uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a # v2.0.0 | ||
with: | ||
client-id: ${{ secrets.AZURE_CLIENT_ID }} | ||
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | ||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
client-id: ${{ secrets.E2E_CLIENT_ID }} | ||
tenant-id: ${{ secrets.E2E_TENANT_ID }} | ||
subscription-id: ${{ secrets.E2E_SUBSCRIPTION_ID }} | ||
|
||
- uses: azure/setup-helm@v4 | ||
with: | ||
|
@@ -104,7 +116,7 @@ jobs: | |
az identity create --name gpuIdentity --resource-group ${{ env.CLUSTER_NAME }} | ||
- name: build KAITO image | ||
if: ${{ !github.event.client_payload.isRelease }} | ||
if: ${{ !inputs.isRelease }} | ||
shell: bash | ||
run: | | ||
make docker-build-kaito | ||
|
@@ -120,6 +132,8 @@ jobs: | |
AZURE_ACR_NAME: ${{ env.CLUSTER_NAME }} | ||
AZURE_RESOURCE_GROUP: ${{ env.CLUSTER_NAME }} | ||
AZURE_CLUSTER_NAME: ${{ env.CLUSTER_NAME }} | ||
AZURE_LOCATION: ${{ inputs.region }} | ||
AKS_K8S_VERSION: ${{ inputs.k8s_version }} | ||
|
||
- name: Install gpu-provisioner helm chart | ||
shell: bash | ||
|
@@ -130,18 +144,18 @@ jobs: | |
AZURE_RESOURCE_GROUP: ${{ env.CLUSTER_NAME }} | ||
AZURE_CLUSTER_NAME: ${{ env.CLUSTER_NAME }} | ||
|
||
- uses: azure/login@v1.6.1 | ||
- uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a # v2.0.0 | ||
with: | ||
client-id: ${{ secrets.AZURE_CLIENT_ID }} | ||
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | ||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
client-id: ${{ secrets.E2E_CLIENT_ID }} | ||
tenant-id: ${{ secrets.E2E_TENANT_ID }} | ||
subscription-id: ${{ secrets.E2E_SUBSCRIPTION_ID }} | ||
|
||
- name: Create Role Assignment | ||
uses: azure/[email protected] | ||
with: | ||
inlineScript: | | ||
IDENTITY_PRINCIPAL_ID="$(az identity show --name gpuIdentity --resource-group ${{ env.CLUSTER_NAME }} --query 'principalId' -otsv)" | ||
az role assignment create --assignee ${IDENTITY_PRINCIPAL_ID} --scope "/subscriptions/${{ secrets.AZURE_SUBSCRIPTION_ID }}/resourceGroups/${{ env.CLUSTER_NAME }}" --role "Contributor" | ||
az role assignment create --assignee ${IDENTITY_PRINCIPAL_ID} --scope "/subscriptions/${{ secrets.E2E_SUBSCRIPTION_ID }}/resourceGroups/${{ env.CLUSTER_NAME }}" --role "Contributor" | ||
- name: Create Azure Federated Identity | ||
uses: azure/[email protected] | ||
|
@@ -164,10 +178,10 @@ jobs: | |
|
||
- name: Add Secret Credentials | ||
run: | | ||
kubectl create secret docker-registry ${{secrets.AMRT_SECRET_NAME}} \ | ||
--docker-server=${{secrets.ACR_AMRT_USERNAME}}.azurecr.io \ | ||
--docker-username=${{secrets.ACR_AMRT_USERNAME}} \ | ||
--docker-password=${{secrets.ACR_AMRT_PASSWORD}} | ||
kubectl create secret docker-registry ${{ secrets.E2E_AMRT_SECRET_NAME }} \ | ||
--docker-server=${{ secrets.E2E_ACR_AMRT_USERNAME }}.azurecr.io \ | ||
--docker-username=${{ secrets.E2E_ACR_AMRT_USERNAME }} \ | ||
--docker-password=${{ secrets.E2E_ACR_AMRT_PASSWORD }} | ||
- name: Log kaito-workspace | ||
run: | | ||
|
@@ -179,8 +193,8 @@ jobs: | |
env: | ||
AZURE_CLUSTER_NAME: ${{ env.CLUSTER_NAME }} | ||
RUN_LLAMA_13B: ${{ env.RUN_LLAMA_13B }} | ||
AI_MODELS_REGISTRY: ${{secrets.ACR_AMRT_USERNAME}}.azurecr.io | ||
AI_MODELS_REGISTRY_SECRET: ${{secrets.AMRT_SECRET_NAME}} | ||
AI_MODELS_REGISTRY: ${{ secrets.E2E_ACR_AMRT_USERNAME }}.azurecr.io | ||
AI_MODELS_REGISTRY_SECRET: ${{ secrets.E2E_AMRT_SECRET_NAME }} | ||
|
||
- name: Cleanup e2e resources | ||
if: ${{ always() }} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,8 @@ | ||
name: publish_helm_chart | ||
|
||
on: | ||
workflow_run: | ||
workflows: [ "Create, Scan and Publish KAITO image" ] | ||
types: [ completed ] | ||
branches: [ release-** ] | ||
repository_dispatch: | ||
types: [ create-release ] | ||
|
||
permissions: | ||
id-token: write # This is required for requesting the JWT | ||
|
@@ -15,15 +13,15 @@ permissions: | |
pull-requests: read | ||
|
||
jobs: | ||
release: | ||
publish-helm: | ||
runs-on: ubuntu-latest | ||
if: ${{ github.event.workflow_run.conclusion == 'success' }} | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
with: | ||
submodules: true | ||
fetch-depth: 0 | ||
ref: ${{ github.event.client_payload.tag }} | ||
|
||
- name: Publish Workspace Helm chart | ||
uses: stefanprodan/[email protected] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
name: pr-e2e-test | ||
|
||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | ||
cancel-in-progress: true | ||
|
||
on: | ||
pull_request: | ||
paths-ignore: ['docs/**', '**.md', '**.mdx', '**.png', '**.jpg'] | ||
|
||
env: | ||
GO_VERSION: "1.20" | ||
|
||
permissions: | ||
id-token: write # This is required for requesting the JWT | ||
contents: read # This is required for actions/checkout | ||
|
||
jobs: | ||
run-e2e: | ||
uses: ./.github/workflows/e2e-workflow.yml | ||
with: | ||
git_sha: ${{ github.event.pull_request.head.sha }} | ||
secrets: | ||
E2E_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | ||
E2E_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | ||
E2E_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
E2E_AMRT_SECRET_NAME: ${{ secrets.AMRT_SECRET_NAME }} | ||
E2E_ACR_AMRT_USERNAME: ${{ secrets.ACR_AMRT_USERNAME }} | ||
E2E_ACR_AMRT_PASSWORD: ${{ secrets.ACR_AMRT_PASSWORD }} |
Oops, something went wrong.