31 fix cidi pipeline (#47)

* Added: extra & missing cicd packages

* - Changed: updated pre-commit-config & fix: correct file permissions

* fix: cicd to build image and push to the `ghcr.io`

* bugfix: missing keyword

* Add: added allowance for development branch

* Fixes

* Changed: removed condition

* fixed: branch ref

* remove: removed development branch specifics

* Readme update

Author: DrJStrudwick

.dockerignore

@@ -1,4 +1,4 @@
 configs
 data
 experiments
-venv
+venv

.github/workflows/docker-image.yml

@@ -0,0 +1,83 @@
+name: Create and publish a Docker image
+
+# Configures this workflow to run every time a change is pushed to the branch called `release`.
+on:
+  push:
+    branches: [ "dev"]
+  pull_request_target:
+    types:
+        - closed
+    branches: [ "main","dev" ]
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
+jobs:
+  build-and-push-image:
+    if: ${{ (github.event.pull_request.merged == true) || (github.ref_name == 'dev') }}
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
+    steps:
+      # Check out branch
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      #js: read version
+      - name: set VER
+        run: echo "VER=$(awk -F \" '/version/ {print $2 }' pyproject.toml)" >> $GITHUB_ENV
+
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable=${{ github.base_ref == 'main' }}
+            type=semver,pattern={{version}},value=${{ env.VER }},enable=${{ github.base_ref == 'main' }}
+            type=raw,value=dev,enable=${{ (github.base_ref == 'dev') || (github.ref_name == 'dev') }}
+
+      # js: added in for multi arch building
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
+      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see [Usage](https://github.com/docker/build-push-action#usage) in the README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64 #js: added for multi arch building
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see [Using artifact attestations to establish provenance for builds](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds).
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true

.gitignore

@@ -16,4 +16,4 @@ playground*.ipynb
 coverage.xml
 .coverage
 ao-env
-dev_scripts
+dev_scripts

.pre-commit-config.yaml

@@ -1,6 +1,22 @@
 repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-ast
+      - id: check-docstring-first
+      - id: check-executables-have-shebangs
+      - id: check-json
+      - id: check-yaml
+      - id: check-toml
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: mixed-line-ending
+      - id: name-tests-test
+        args: [--pytest-test-first]
+      - id: pretty-format-json
+        args: [--autofix]
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.0.289 # Ruff version.
+    rev: v0.12.7
     hooks:
       - id: ruff
         args:
@@ -12,19 +28,39 @@ repos:
             --ignore=E501,
             --ignore=F401,
           ]
-  - repo: https://github.com/psf/black
-    rev: de65741b8d49d78fa2675ef79b799cd35e92e7c1
+  - repo: https://github.com/shellcheck-py/shellcheck-py
+    rev: v0.10.0.1
+    hooks:
+      - id: shellcheck
+  - repo: https://github.com/pycqa/pydocstyle
+    rev: 6.3.0
     hooks:
-      - id: black
-        language_version: python3.9
-        args: [--line-length=120]
-
+      - id: pydocstyle
+        args:
+          - --ignore=D203,D213,D401,D413
+  # - repo: local
+  #   hooks:
+  #     - id: pdoc
+  #       name: pdoc
+  #       language: system
+  #       pass_filenames: false
+  #       entry: poetry run pdoc --html -f autoxai4omics -o docs
+  # TODO: Include when/if hook is extended to check .toml files
+  # - repo: https://github.com/pivotal/LicenseFinder
+  #   rev: v7.1.0
+  #   hooks:
+  #     - id: license-finder
+  # - repo: https://github.com/PyCQA/bandit
+  #   rev: "1.7.9"
+  #   hooks:
+  #     - id: bandit
+  #       args: ["--exclude", "tests"]
   - repo: https://github.com/ibm/detect-secrets
     # If you desire to use a specific version of detect-secrets, you can replace `master` with other git revisions such as branch, tag or commit sha.
     # You are encouraged to use static refs such as tags, instead of branch name
     #
     # Running "pre-commit autoupdate" automatically updates rev to latest tag
-    rev: 0.13.1+ibm.61.dss
+    rev: 0.13.1+ibm.62.dss
     hooks:
       - id: detect-secrets # pragma: whitelist secret
         # Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options.

.travis.yml

@@ -1,12 +1,12 @@
 <!--
  Copyright 2024 IBM Corp.
- 
+
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at
- 
+
      http://www.apache.org/licenses/LICENSE-2.0
- 
+
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -24,17 +24,21 @@ Change log for the codebase. Initialised from the developments following version
 
 - Added: test case for variance threshold
 - Added: `.env' file to set some required env vars
+- Added: extra & missing cicd packages
 
 ### Changed
 
 - changed: dockerfile to only install main dependencies
 - changed: streamlined imports
 - changed: updated as many packages as possible
+- Changed: updated pre-commit-config
 
 ### Fixed
 
 - fix: omic path parsing bug
 - fix: plotting bug arising from api change
+- fix: correct file permissions
+- fix: cicd to build image and push to the `ghcr.io`
 
 ### Security
 

CHANGELOG.md

@@ -1,12 +1,12 @@
 <!--
  Copyright 2024 IBM Corp.
- 
+
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at
- 
+
      http://www.apache.org/licenses/LICENSE-2.0
- 
+
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

DEV_MANUAL.md

@@ -1,11 +1,11 @@
 # Copyright 2024 IBM Corp.
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -36,6 +36,6 @@ COPY --chown=omicsuser:0 autoxai4omics .
 
 RUN poetry env use system
 RUN poetry install --no-root --only main
-USER omicsuser 
+USER omicsuser
 
-CMD ["$@"]
+CMD ["$@"]

Dockerfile

@@ -1,12 +1,12 @@
 <!--
  Copyright 2024 IBM Corp.
- 
+
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at
- 
+
      http://www.apache.org/licenses/LICENSE-2.0
- 
+
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -49,9 +49,11 @@ AutoXAI4Omics is a command line automated explainable AI tool that easily enable
        3. Make the experiments folder accessaible by running the following the directory where the experiment directory exists:
 
        ```shell
-       chmod 777 -R experiments 
+       chmod 777 -R experiments
        ```
 
+*note* If you dont wish to build the image you can pull the image from the [github container regristry, found here](https://github.com/IBM/AutoXAI4Omics/pkgs/container/autoxai4omics)
+
 ## Citation
 
 For citation of this tool, please reference this article:
@@ -101,7 +103,7 @@ Data to be used by AutoXAI4Omics needs to be stored in the `AutoXAI4Omics/data`
   * `./autoxai4omics.sh -m bash -r`
 
 * AutoXAI4Omics has a config duplication function (for when you wish to run the same config over multiple datasets). To use this you need to build the image and the run it in `bash` mode. Once there you can then run:
-  
+
   ```shell
   python mode_config_duplicate.py -c SUBPATH_TO_TEMPLATE_CONFIG -d DATA_SUBDIR
   ```