-
Notifications
You must be signed in to change notification settings - Fork 0
424 lines (364 loc) · 14.5 KB
/
pipeline.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
name: cicd
on:
pull_request:
branches:
- main
types: [opened, synchronize, reopened]
workflow_dispatch:
# This allows it to be triggered manually in the github console
# You could put inputs here, but we don't need them.
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
# This causes it to cancel previous in-progress actions in the same PR
cancel-in-progress: true
env:
PYTHON_VERSION: "3.11"
POETRY_VERSION: "1.8.3"
# This is the token associated with "prod-biggies" (with shared credentials on 1password)
GROUNDLIGHT_API_TOKEN: ${{ secrets.GROUNDLIGHT_API_TOKEN }}
# This is the NGINX proxy endpoint
GROUNDLIGHT_ENDPOINT: http://localhost:30101
jobs:
test-general-edge-endpoint:
runs-on: ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Set up python
id: setup_python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install poetry
uses: snok/install-poetry@v1
with:
version: ${{ env.POETRY_VERSION }}
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
- name: Load Cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3
with:
path: .venv
key: venv-${{ runner.os }}-${{ env.PYTHON_VERSION }}-${{ hashFiles('**/poetry.lock') }}
- name: Install edge-endpoint's python dependencies
run: |
poetry install --no-interaction --no-root
- name: Run Unit Tests (that dont require docker)
run: |
# Point these tests to the cloud endpoint, because to test the edge-endpoint, they
# dont actually issue requests. They interally setup a test client and server.
# The cloud endpoint is needed so that the /me endpoint succeeds and we can actually
# use the GL client.
GROUNDLIGHT_ENDPOINT="https://api.groundlight.ai/"
source test/setup_plain_test_env.sh
poetry run pytest -vs -k "not _live"
- name: Install Docker
run: |
sudo apt-get update
sudo apt-get remove moby-runc
sudo apt-get install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get install docker-ce
- name: Build Docker Image
run: docker build --tag groundlight-edge .
- name: Start Docker Container
id: start_container
run: |
source test/setup_plain_test_env.sh
echo "EDGE_CONFIG=$EDGE_CONFIG"
container_id=$(docker run \
-e LOG_LEVEL=DEBUG \
-e EDGE_CONFIG \
-d -p 30101:30101 \
groundlight-edge)
echo "::set-output name=container_id::$container_id"
- name: Run Unit Tests (that do require docker)
run: |
GROUNDLIGHT_ENDPOINT=http://localhost:30101
source test/setup_plain_test_env.sh
poetry run pytest -k "_live"
- name: Dump Logs from Docker Container
if: always()
run: docker logs ${{ steps.start_container.outputs.container_id }}
- name: Stop Docker Container
# This ensures that we always stop the container regardless of the outcomes of
# the previous steps
if: always()
run: docker stop ${{ steps.start_container.outputs.container_id }}
validate-setup-ee:
runs-on: ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Install k3s
run: |
./deploy/bin/install-k3s.sh
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_GL_PUBLIC_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_GL_PUBLIC_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- name: Install poetry
uses: snok/install-poetry@v1
with:
version: ${{ env.POETRY_VERSION }}
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
- name: Install edge-endpoint's python dependencies
run: |
poetry install --no-interaction --no-root
- name: Validate setup edge endpoint
run: |
make validate-setup-ee
# we run this seperately from validate-setup-ee since we run out of disk space doing
# both of them on the same runner and they can be slow so its best to do them in parallel
test-with-k3s:
runs-on: ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Install k3s
run: |
./deploy/bin/install-k3s.sh
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_GL_PUBLIC_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_GL_PUBLIC_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- name: Install poetry
uses: snok/install-poetry@v1
with:
version: ${{ env.POETRY_VERSION }}
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
- name: Install edge-endpoint's python dependencies
run: |
poetry install --no-interaction --no-root
- name: Run tests with k3s
run: |
make test-with-k3s
# Run Groundlight SDK tests against the edge proxy endpoint
test-sdk:
runs-on: ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Set up python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install Docker
run: |
sudo apt-get update
sudo apt-get remove moby-runc
sudo apt-get install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get install docker-ce
- name: Build Docker Image
run: docker build --tag groundlight-edge .
- name: Start Docker Container
id: start_container
run: |
source test/setup_plain_test_env.sh
echo "EDGE_CONFIG=$EDGE_CONFIG"
container_id=$(docker run \
-e LOG_LEVEL=DEBUG \
-e EDGE_CONFIG \
-d -p 30101:30101 \
groundlight-edge)
echo "::set-output name=container_id::$container_id"
- name: Install poetry
uses: snok/install-poetry@v1
with:
version: ${{ env.POETRY_VERSION }}
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
- name: Load Cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3
with:
path: .venv
key: venv-${{ runner.os }}-${{ env.PYTHON_VERSION }}-${{ hashFiles('**/poetry.lock') }}
# Note that we're pulling the latest main from the SDK repo
# This might be ahead of what's published to pypi, but it's useful to test things before they're released.
- name: Checkout Groundlight SDK
uses: actions/checkout@v3
with:
repository: groundlight/python-sdk
path: groundlight-sdk
- name: Install Groundlight SDK dependencies
run: |
cd groundlight-sdk
make install
- name: Run Groundlight SDK tests against Prod API via Edge Proxy Endpoint
run: |
cd groundlight-sdk
make test-4edge
cd ..
- name: Dump Logs from Docker Container
if: always()
run: docker logs ${{ steps.start_container.outputs.container_id }}
- name: Stop Docker Container
# This ensures that we always stop the container regardless of the outcomes of
# the previous steps
if: always()
run: docker stop ${{ steps.start_container.outputs.container_id }}
G4-end-to-end:
# Note this job can run multiple times in parallel because the stack name is unique
# for the run. How much we want to do this is TBD.
runs-on: self-hosted
# Run this on any PR.
# Question: Should we wait until the other tests pass before running this?
#needs:
# - validate-setup-ee
# - test-with-k3s
# - test-sdk
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_CICD_PAT }}
PYTHONUNBUFFERED: 1
defaults:
run:
working-directory: cicd/pulumi
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Name the stack
run: |
# Set to expire in 60 minutes
EXPIRATION_TIME=$(($(date +%s) + 60 * 60))
STACK_NAME=ee-cicd-${{ github.run_id }}-expires-${EXPIRATION_TIME}
echo "STACK_NAME=${STACK_NAME}" | tee -a $GITHUB_ENV
# We give the stack a name including its expiration time so that the sweeper
# (in sweeper-eeut.yaml) knows when to get rid of it.
# This saves us having to clean up here, which can be quite slow (~7 minutes for a g4)
- name: Check that aws credentials are set
# Credentials come from an IAM profile on the runner instance
run: |
aws sts get-caller-identity
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install Pulumi
run: |
curl -fsSL https://get.pulumi.com | sh
export HOME=$(eval echo ~$(whoami))
echo "$HOME/.pulumi/bin" >> $GITHUB_PATH
- name: Install uv
uses: astral-sh/setup-uv@v5
- name: Make sure uv is working
run: |
uv --version
uv sync
uv run python --version
- name: Check that pulumi is installed and authenticated
run: |
uv run pulumi whoami
- name: Prepare pulumi stack
run: |
uv run pulumi stack init ${STACK_NAME}
uv run pulumi config
- name: Pick which commit we will test
run: |
echo "This is a bit subtle."
echo "We can't just test on 'main' for fairly obvious reasons - we"
echo "want to test the code in this PR's branch. The current commit"
echo "right here is ${GITHUB_SHA}, which is likely a merge commit."
echo "Merge commits are challenging. They are what would happen if"
echo "this PR were to be merged into its base branch. But they are"
echo "ephemeral things and not available in the public repo. So the"
echo "EEUT can't just check them out. Making them available to the"
echo "EEUT would require pushing them and polluting the repo. So,"
echo "for now, we are going to use the PR's head ref"
echo "${{ github.event.pull_request.head.ref }}, which is the commit"
echo "that was used to create the PR. Recognizing that this doesn't"
echo "reflect what will happen after merge. But it's simpler."
# TODO: test on the merge commit by pushing it to the repo with a temporary
# branch, and then clean up the branch later.
COMMIT_TO_TEST=${{ github.event.pull_request.head.ref }}
uv run pulumi config set ee-cicd:targetCommit ${COMMIT_TO_TEST}
- name: Create the EEUT instance
run: |
uv run pulumi up --yes
- name: Check that EE install succeeded
run: |
uv run fab connect --patience=150
uv run fab wait-for-ee-setup
- name: Wait for K8 to load everything
run: |
uv run fab check-k8-deployments
uv run fab check-server-port
- name: Use groundlight sdk through EE
run: |
EEUT_IP=$(uv run pulumi stack output eeut_private_ip)
export GROUNDLIGHT_ENDPOINT=http://${EEUT_IP}:30101
uv run groundlight whoami
uv run groundlight list-detectors
- name: Thank the worker and shut down
if: always()
run: |
echo "Strong work, G4! Now go to sleep. The grim sweeper will visit soon."
# This saves money and frees up resources
uv run fab shutdown-instance
build-push-edge-endpoint-multiplatform:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch' }}
# We only run this action if all the prior test actions succeed
needs:
- test-general-edge-endpoint
- test-sdk
- validate-setup-ee
- G4-end-to-end
runs-on: ubuntu-22.04
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_GL_PUBLIC_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_GL_PUBLIC_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: "true"
- name: Check out code
uses: actions/checkout@v4
- name: Build and Push Multiplatform edge-endpoint Image to ECR
timeout-minutes: 45
run: ./deploy/bin/build-push-edge-endpoint-image.sh
update-glhub:
if: github.ref == 'refs/heads/main'
needs: validate-setup-ee
runs-on: ubuntu-latest
environment: live
steps:
- name: Checkout glhub
uses: actions/checkout@v4
with:
repository: groundlight/glhub
token: ${{ secrets.BOT_GITHUB_TOKEN }}
path: glhub
- name: Update GLHub
run: |
cd glhub
git config --global user.email "[email protected]"
git config --global user.name "edge-glhub-bot"
git submodule update --init --recursive
git submodule update --remote edge-endpoint
git add .
git commit -m "Update edge endpoint submodule"
git push https://edge-glhub-bot:${{ secrets.BOT_GITHUB_TOKEN }}@github.com/groundlight/glhub.git main
env:
GIT_AUTHOR_NAME: "edge-glhub-bot"
GIT_AUTHOR_EMAIL: "[email protected]"