Skip to content

Commit

Permalink
Update release workflow
Browse files Browse the repository at this point in the history
Signed-off-by: Heba Elayoty <[email protected]>
  • Loading branch information
helayoty committed Mar 26, 2024
1 parent 8eddac3 commit 69aa3e2
Show file tree
Hide file tree
Showing 11 changed files with 349 additions and 217 deletions.
60 changes: 32 additions & 28 deletions .github/workflows/build-publish-image.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
name: Create, Scan and Publish KAITO image
on:
pull_request:
branches:
- main
- release-**
types: [ closed ]
workflow_run:
workflows: [ "Push image to ACR" ]
types: [ completed ]
branches: [ release-** ]

permissions:
contents: write
Expand All @@ -16,51 +15,42 @@ env:
IMAGE_NAME: 'workspace'

jobs:
export-registry:
if: github.event.pull_request.merged == true && contains(github.event.pull_request.title, 'update manifest and helm charts')
runs-on: ubuntu-20.04
publish-images:
if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
environment: preset-env
outputs:
registry: ${{ steps.export.outputs.registry }}
steps:
- id: export
- id: get-registry
run: |
# registry must be in lowercase
echo "registry=$(echo "${{ env.REGISTRY }}/${{ github.repository }}" | tr [:upper:] [:lower:])" >> $GITHUB_OUTPUT
publish-images:
if: github.event.pull_request.merged == true && contains(github.event.pull_request.title, 'update manifest and helm charts')
needs:
- export-registry
env:
REGISTRY: ${{ needs.export-registry.outputs.registry }}
runs-on: ubuntu-20.04
environment: preset-env
steps:
echo " b=$(echo "${{ env.REGISTRY }}/${{ github.repository }}" | tr [:upper:] [:lower:])" >> $GITHUB_ENV
- id: get-tag
name: Get tag
run: echo "IMG_TAG=$(echo ${{ github.event.pull_request.head.ref }} | tr -d release-)" >> $GITHUB_ENV
run: echo "RELEASE_VERSION=$(echo ${{ github.event.pull_request.head.ref }} | tr -d release-)" >> $GITHUB_ENV

- uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
ref: ${{ env.IMG_TAG }}
ref: ${{ env.RELEASE_VERSION }}

- name: Login to ${{ env.REGISTRY }}
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set Image tag
run: |
ver=${{ env.IMG_TAG }}
ver=${{ env.RELEASE_VERSION }}
echo "IMG_TAG=${ver#"v"}" >> $GITHUB_ENV
- name: Build image
run: |
OUTPUT_TYPE=type=registry make docker-build-kaito
env:
VERSION: ${{ env.IMG_TAG }}
VERSION: ${{ env.RELEASE_VERSION }}

- name: Scan ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMG_TAG }}
uses: aquasecurity/trivy-action@master
Expand All @@ -76,9 +66,23 @@ jobs:
TRIVY_USERNAME: ${{ github.actor }}
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}

- uses: ./.github/workflows/e2e-workflow.yaml
with:
git_sha: {{ github.event.pull_request.head.ref }}
isRelease: true
registry: ${{ env.REGISTRY }}
tag: ${{ env.RELEASE_VERSION }}
secrets:
E2E_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
E2E_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
E2E_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
E2E_AMRT_SECRET_NAME: ${{ secrets.AMRT_SECRET_NAME }}
E2E_ACR_AMRT_USERNAME: ${{ secrets.ACR_AMRT_USERNAME }}
E2E_ACR_AMRT_PASSWORD: ${{ secrets.ACR_AMRT_PASSWORD }}

- name: 'Dispatch release tag'
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
event-type: release-tag
client-payload: '{"isRelease": true,"registry": "$${{ env.REGISTRY }}","tag": "v${{ env.IMG_TAG }}"}'
event-type: create-release
client-payload: '{"tag": "v${{ env.IMG_TAG }}"}'
2 changes: 1 addition & 1 deletion .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
fetch-depth: 0
Expand Down
10 changes: 6 additions & 4 deletions .github/workflows/create-release.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
name: Create release
on:
repository_dispatch:
types: [ release-tag ]
branches: [ release-** ]
types: [ create-release ]

permissions:
id-token: write
Expand All @@ -14,18 +13,20 @@ env:

jobs:
create-release:
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit

- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}

- name: Checkout the repository at the given SHA from the artifact
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
fetch-depth: 0
Expand All @@ -38,3 +39,4 @@ jobs:
args: release --rm-dist --timeout 60m --debug
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_CURRENT_TAG: ${{ github.event.client_payload.tag }}
205 changes: 205 additions & 0 deletions .github/workflows/e2e-workflow.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,205 @@
name: kaito-e2e-workflow

on:
workflow_call:
inputs:
git_sha:
type: string
required: true
tag:
type: string
isRelease:
type: boolean
default: false
registry:
type: string
region:
type: string
description: "the azure location to run the e2e test in"
default: "eastus"
k8s_version:
type: string
default: "1.27"
secrets:
E2E_CLIENT_ID:
required: true
E2E_TENANT_ID:
required: true
E2E_SUBSCRIPTION_ID:
required: true
E2E_AMRT_SECRET_NAME:
required: true
E2E_ACR_AMRT_USERNAME:
required: true
E2E_ACR_AMRT_PASSWORD:
required: true

permissions:
contents: read # This is required for actions/checkout

jobs:
e2e-tests:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # This is required for requesting the JWT
environment: e2e-test
env:
GO_VERSION: "1.20"

steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ inputs.git_sha }}

- name: Set e2e Resource and Cluster Name
run: |
rand=$(git rev-parse --short ${{ inputs.git_sha }})
if [ "$rand" = "" ]; then
rand=$RANDOM
fi
echo "VERSION=${rand}" >> $GITHUB_ENV
echo "CLUSTER_NAME=kaito${rand}" >> $GITHUB_ENV
echo "RUN_LLAMA_13B=false" >> $GITHUB_ENV
echo "REGISTRY=kaito${rand}.azurecr.io" >> $GITHUB_ENV
- name: Set Registry
if: ${{ inputs.isRelease }}
run: |
echo "REGISTRY=${{ inputs.registry }}" >> $GITHUB_ENV
echo "VERSION=$(echo ${{ inputs.tag }} | tr -d v)" >> $GITHUB_ENV
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}

- name: Az login
uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a # v2.0.0
with:
client-id: ${{ secrets.E2E_CLIENT_ID }}
tenant-id: ${{ secrets.E2E_TENANT_ID }}
subscription-id: ${{ secrets.E2E_SUBSCRIPTION_ID }}

- uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
id: install

- name: Create Resource Group
shell: bash
run: |
make create-rg
env:
AZURE_RESOURCE_GROUP: ${{ env.CLUSTER_NAME }}

- name: Create ACR
shell: bash
run: |
make create-acr
env:
AZURE_RESOURCE_GROUP: ${{ env.CLUSTER_NAME }}
AZURE_ACR_NAME: ${{ env.CLUSTER_NAME }}

- name: Create Azure Identity
uses: azure/[email protected]
with:
inlineScript: |
az identity create --name gpuIdentity --resource-group ${{ env.CLUSTER_NAME }}
- name: build KAITO image
if: ${{ !inputs.isRelease }}
shell: bash
run: |
make docker-build-kaito
env:
REGISTRY: ${{ env.REGISTRY }}
VERSION: ${{ env.VERSION }}

- name: create cluster
shell: bash
run: |
make create-aks-cluster
env:
AZURE_ACR_NAME: ${{ env.CLUSTER_NAME }}
AZURE_RESOURCE_GROUP: ${{ env.CLUSTER_NAME }}
AZURE_CLUSTER_NAME: ${{ env.CLUSTER_NAME }}
AZURE_LOCATION: ${{ inputs.region }}
AKS_K8S_VERSION: ${{ inputs.k8s_version }}

- name: Install gpu-provisioner helm chart
shell: bash
run: |
make gpu-provisioner-helm
kubectl wait --for=condition=available deploy "kaito-gpu-provisioner" -n gpu-provisioner --timeout=300s
env:
AZURE_RESOURCE_GROUP: ${{ env.CLUSTER_NAME }}
AZURE_CLUSTER_NAME: ${{ env.CLUSTER_NAME }}

- uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a # v2.0.0
with:
client-id: ${{ secrets.E2E_CLIENT_ID }}
tenant-id: ${{ secrets.E2E_TENANT_ID }}
subscription-id: ${{ secrets.E2E_SUBSCRIPTION_ID }}

- name: Create Role Assignment
uses: azure/[email protected]
with:
inlineScript: |
IDENTITY_PRINCIPAL_ID="$(az identity show --name gpuIdentity --resource-group ${{ env.CLUSTER_NAME }} --query 'principalId' -otsv)"
az role assignment create --assignee ${IDENTITY_PRINCIPAL_ID} --scope "/subscriptions/${{ secrets.E2E_SUBSCRIPTION_ID }}/resourceGroups/${{ env.CLUSTER_NAME }}" --role "Contributor"
- name: Create Azure Federated Identity
uses: azure/[email protected]
with:
inlineScript: |
AKS_OIDC_ISSUER="$(az aks show -n "${{ env.CLUSTER_NAME }}" -g "${{ env.CLUSTER_NAME }}" --query 'oidcIssuerProfile.issuerUrl' -otsv)"
az identity federated-credential create --name gpu-fed-credential --identity-name gpuIdentity --resource-group "${{ env.CLUSTER_NAME }}" \
--issuer "${AKS_OIDC_ISSUER}" --subject system:serviceaccount:"gpu-provisioner:gpu-provisioner" --audience api://AzureADTokenExchange
- name: Install KAITO Workspace helm chart
shell: bash
run: |
make az-patch-install-helm
kubectl wait --for=condition=available deploy "kaito-workspace" -n kaito-workspace --timeout=300s
env:
AZURE_RESOURCE_GROUP: ${{ env.CLUSTER_NAME }}
AZURE_CLUSTER_NAME: ${{ env.CLUSTER_NAME }}
REGISTRY: ${{ env.REGISTRY }}
VERSION: ${{ env.VERSION }}

- name: Add Secret Credentials
run: |
kubectl create secret docker-registry ${{ secrets.E2E_AMRT_SECRET_NAME }} \
--docker-server=${{ secrets.E2E_ACR_AMRT_USERNAME }}.azurecr.io \
--docker-username=${{ secrets.E2E_ACR_AMRT_USERNAME }} \
--docker-password=${{ secrets.E2E_ACR_AMRT_PASSWORD }}
- name: Log kaito-workspace
run: |
kubectl get pods -n kaito-workspace -o name | grep "^pod/kaito-workspace" | sed 's/^pod\///' | xargs -I {} kubectl logs -n kaito-workspace {}
- name: Run e2e test
run: |
make kaito-workspace-e2e-test
env:
AZURE_CLUSTER_NAME: ${{ env.CLUSTER_NAME }}
RUN_LLAMA_13B: ${{ env.RUN_LLAMA_13B }}
AI_MODELS_REGISTRY: ${{ secrets.E2E_ACR_AMRT_USERNAME }}.azurecr.io
AI_MODELS_REGISTRY_SECRET: ${{ secrets.E2E_AMRT_SECRET_NAME }}

- name: Cleanup e2e resources
if: ${{ always() }}
uses: azure/[email protected]
with:
inlineScript: |
set +e
az group delete --name "${{ env.CLUSTER_NAME }}" --yes --no-wait || true
10 changes: 4 additions & 6 deletions .github/workflows/helm-chart.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,8 @@
name: publish_helm_chart

on:
workflow_run:
workflows: [ "Create, Scan and Publish KAITO image" ]
types: [ completed ]
branches: [ release-** ]
repository_dispatch:
types: [ create-release ]

permissions:
id-token: write # This is required for requesting the JWT
Expand All @@ -17,13 +15,13 @@ permissions:
jobs:
release:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
fetch-depth: 0
ref: ${{ github.event.client_payload.tag }}

- name: Publish Workspace Helm chart
uses: stefanprodan/[email protected]
Expand Down
Loading

0 comments on commit 69aa3e2

Please sign in to comment.