feat: Build and publish Helm chart in CI

Author: Zach Price

.github/actions/build-container/action.yml

@@ -26,13 +26,12 @@ runs:
         cache-to: type=gha,mode=max
         context: .
         file: ${{ inputs.dockerfile }}
-        push: ${{ ! github.event.pull_request.head.repo.fork }}
+        push: true
         sbom: true
         tags: ${{ steps.metadata.outputs.tags }}
         labels: ${{ steps.metadata.outputs.labels }}
     - name: Attest to REF image
       uses: actions/attest-build-provenance@v2
-      if: ${{ ! github.event.pull_request.head.repo.fork }}
       with:
         subject-name: ghcr.io/${{ github.repository_owner }}/${{ inputs.container-name }}
         subject-digest: ${{ steps.push.outputs.digest }}

.github/workflows/bump.yaml

@@ -20,7 +20,7 @@ on:
 jobs:
   bump_version:
     name: "Bump version and create changelog"
-    if: "!startsWith(github.event.head_commit.message, 'bump:')"
+    if: ! startsWith(github.event.head_commit.message, 'bump:')
     runs-on: ubuntu-latest
     env:
       CI_COMMIT_EMAIL: "ci-runner@climate-ref.invalid"

.github/workflows/ci-integration.yaml

@@ -1,15 +1,15 @@
-name: Integration tests
+# name: Integration tests
 
-on:
-  # Allow manual triggering of this workflow
-  workflow_dispatch:
-  # Run on each push to main and tagged version
-  push:
-    branches: [main]
-    tags: ['v*']
-  # Runs every day at 2:15am (UTC) (~ midday in AEST)
-  schedule:
-    - cron: '2 15 * * *'
+# on:
+#   # Allow manual triggering of this workflow
+#   workflow_dispatch:
+#   # Run on each push to main and tagged version
+#   push:
+#     branches: [main]
+#     tags: ['v*']
+#   # Runs every day at 2:15am (UTC) (~ midday in AEST)
+#   schedule:
+#     - cron: '2 15 * * *'
 
 permissions:
   contents: read

.github/workflows/ci.yaml

@@ -1,10 +1,10 @@
-name: CI
+# name: CI
 
-on:
-  pull_request:
-  push:
-    branches: [main]
-    tags: ['v*']
+# on:
+#   pull_request:
+#   push:
+#     branches: [main]
+#     tags: ['v*']
 
 jobs:
   pre-commit:

.github/workflows/containers.yaml

@@ -1,15 +1,15 @@
-# Deploys the published wheels to PyPI
-# Uses the artifact from the release job to publish to PyPI
+# # Deploys the published wheels to PyPI
+# # Uses the artifact from the release job to publish to PyPI
 
-name: Deploy
+# name: Deploy
 
-on:
-  release:
-    types: [published]
+# on:
+#   release:
+#     types: [published]
 
-defaults:
-  run:
-    shell: bash
+# defaults:
+#   run:
+#     shell: bash
 
 jobs:
   deploy-pypi:

.github/workflows/deploy.yaml

@@ -1,19 +1,19 @@
-# Test installation of the latest version from PyPI works.
-# We make sure that we run the tests that apply to the version we installed,
-# rather than the latest tests in main.
-# The reason we do this, is that we want this workflow to test
-# that installing from PyPI leads to a correct installation.
-# If we tested against main, the tests could fail
-# because the tests from main require the new features in main to pass.
-name: Test installation PyPI
+# # Test installation of the latest version from PyPI works.
+# # We make sure that we run the tests that apply to the version we installed,
+# # rather than the latest tests in main.
+# # The reason we do this, is that we want this workflow to test
+# # that installing from PyPI leads to a correct installation.
+# # If we tested against main, the tests could fail
+# # because the tests from main require the new features in main to pass.
+# name: Test installation PyPI
 
-on:
-  workflow_dispatch:
-  schedule:
-    # * is a special character in YAML so you have to quote this string
-    # This means At 03:00 on Wednesday.
-    # see https://crontab.guru/#0_0_*_*_3
-    - cron:  '0 3 * * 3'
+# on:
+#   workflow_dispatch:
+#   schedule:
+#     # * is a special character in YAML so you have to quote this string
+#     # This means At 03:00 on Wednesday.
+#     # see https://crontab.guru/#0_0_*_*_3
+#     - cron:  '0 3 * * 3'
 
 jobs:
   test-pypi-install:

.github/workflows/install-pypi.yaml

@@ -0,0 +1,132 @@
+name: Packaging
+
+on:
+  pull_request:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+    tags:
+      - "v*"
+
+permissions:
+  contents: read
+  packages: write
+  attestations: write
+  id-token: write
+
+jobs:
+  containers:
+    name: Containers
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: ./.github/actions/build-container
+        with:
+          container-name: climate-ref
+          dockerfile: packages/climate-ref/Dockerfile
+  helm:
+    name: Helm Chart
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-python@v5
+    - name: Install jq
+      run: |
+        sudo apt-get install --yes jq
+    - name: Install yq
+      run: |
+        pip install yq
+    - name: Generate SemVer
+      id: semantic-version
+      run: |
+        CHART_VERSION=$(yq -r '.version' helm/Chart.yaml)
+        LOCAL_SEGMENT=+pr-${{ github.event.pull_request.number }}
+        GENERATED_VERSION=${CHART_VERSION}${LOCAL_SEGMENT}
+        yq -Y -i ".version = \"$GENERATED_VERSION\"" helm/Chart.yaml
+        echo "generated-semver=$GENERATED_VERSION" >> $GITHUB_OUTPUT
+    - name: Chart | Push
+      uses: appany/helm-oci-chart-releaser@v0.5.0
+      with:
+        name: ref
+        repository: climate-ref/charts
+        tag: ${{ steps.semantic-version.outputs.generated-semver }}
+        path: helm
+        registry: ghcr.io
+        registry_username: ${{ github.actor }}
+        registry_password: ${{ secrets.GITHUB_TOKEN }}
+        update_dependencies: 'true'
+
+  test:
+    name: Test Helm Deployment
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    needs: [containers, helm]
+    steps:
+    - uses: actions/checkout@v4
+    - name: Cache Sample Data (Restore)
+      id: cache-sample-data-restore
+      uses: actions/cache/restore@v4
+      with:
+        path: ${{ github.workspace }}/cache/ref-config
+        key: ${{ runner.os }}-sample-data
+        enableCrossOsArchive: true
+    - name: Set permissions for cached data
+      run: |
+        sudo install -d --owner=1000 --group=1000 ${GITHUB_WORKSPACE}/cache/ref-config
+    - name: Start minikube
+      uses: medyagh/setup-minikube@latest
+      with:
+        mount-path: '${{ github.workspace }}/cache/ref-config:/cache/ref-config'
+    - name: Set up Helm
+      uses: azure/setup-helm@v4.3.0
+    - name: Install Chart
+      run: |
+        helm install test oci://ghcr.io/climate-ref/charts/ref \
+          --version=${{ needs.helm.outputs.generated-semver }} \
+          --set climate-ref.image.tag=pr-${{ github.event.pull_request.number }} \
+          -f helm/ci/gh-actions-values.yaml
+
+        sleep 60
+        kubectl get pods
+        echo ""
+        kubectl describe pod -l app.kubernetes.io/component=pmp
+        echo ""
+        kubectl logs -l app.kubernetes.io/component=pmp
+    - name: Run Migrations
+      run: |
+        kubectl exec deployment/test-ref-orchestrator -- ref config list
+    - name: Initialize Providers (pmp)
+      run: |
+        # Imports ilamb3 which tries to create /home/app/.config/ilamb3 on import, no way to tell it to live somewhere else
+        kubectl exec deployment/test-ref-pmp -- ref providers create-env --provider pmp
+    - name: Initialize Providers (emsvaltool)
+      run: |
+        kubectl exec deployment/test-ref-esmvaltool -- ref providers create-env --provider esmvaltool
+    - name: Fetch Test Data
+      run: |
+        kubectl exec deployment/test-ref-orchestrator -- ref datasets fetch-data --registry sample-data --output-directory /ref/sample-data
+
+    - name: Cache Sample Data (Save)
+      uses: actions/cache/save@v4
+      with:
+        path: ${{ github.workspace }}/cache/ref-config
+        key: ${{ runner.os }}-sample-data
+
+    - name: Ingest Test Data (CMIP6)
+      run: |
+        kubectl exec deployment/test-ref-orchestrator -- ref -v datasets ingest --source-type cmip6 /ref/sample-data/CMIP6
+    - name: Ingest Test Data (obs4mips)
+      run: |
+        kubectl exec deployment/test-ref-orchestrator -- ref -v datasets ingest --source-type obs4mips /ref/sample-data/obs4REF
+    - name: Simple Solve
+      run: |
+        kubectl exec deployment/test-ref-orchestrator -- ref -v solve --timeout 180 --one-per-provider

.github/workflows/packaging.yaml

@@ -1,15 +1,15 @@
-# Generate a draft release on GitHub when a new tag is pushed
-# The draft release will contain draft release notes and some built wheels
+# # Generate a draft release on GitHub when a new tag is pushed
+# # The draft release will contain draft release notes and some built wheels
 
-name: Release
+# name: Release
 
-on:
-  push:
-    tags: ['v*']
+# on:
+#   push:
+#     tags: ['v*']
 
-defaults:
-  run:
-    shell: bash
+# defaults:
+#   run:
+#     shell: bash
 
 jobs:
   draft-release:

.github/workflows/release.yaml

@@ -164,3 +164,6 @@ packages/*/NOTICE
 
 # User-specific catalog paths (test data)
 *.paths.yaml
+
+# Helm dependencies
+helm/charts/*