feat: initial commit

Signed-off-by: Gabor Boros <gabor@opencraft.com>

Author: gabor-boros

.editorconfig

@@ -0,0 +1,54 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# All files
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+# Shell scripts
+[*.{sh,bash}]
+indent_style = space
+indent_size = 4
+max_line_length = 120
+
+# Markdown files
+[*.md]
+indent_style = space
+indent_size = 2
+max_line_length = 80
+trim_trailing_whitespace = false
+
+# YAML files
+[*.{yml,yaml}]
+indent_style = space
+indent_size = 2
+max_line_length = 120
+
+# JSON files
+[*.json]
+indent_style = space
+indent_size = 2
+max_line_length = 120
+
+# Python files
+[*.py]
+indent_style = space
+indent_size = 4
+max_line_length = 88
+
+# Go files
+[*.go]
+indent_style = tab
+indent_size = 4
+max_line_length = 120
+
+# Terraform files
+[*.{tf,tfvars}]
+indent_style = space
+indent_size = 2
+max_line_length = 120

.github/workflows/build.yml

@@ -0,0 +1,202 @@
+name: Build Service Image
+
+on:
+  workflow_call:
+    inputs:
+      INSTANCE_NAME:
+        description: "Instance to build"
+        required: true
+        type: string
+      SERVICE:
+        description: "Service to build"
+        required: true
+        type: string
+      STRAIN_REPOSITORY:
+        description: "Repository containing the cluster/strains"
+        required: true
+        type: string
+      STRAIN_REPOSITORY_BRANCH:
+        description: "Branch to clone the strain from"
+        required: true
+        type: string
+      TUTOR_VERSION:
+        description: "Version of the tutor to use"
+        required: true
+        type: string
+      PICASSO_VERSION:
+        description: "Picasso version"
+        required: true
+        type: string
+      PHD_CLI_VERSION:
+        description: "PHD CLI version"
+        required: true
+        type: string
+      RUNNER_WORKFLOW_LABEL:
+        description: "The label of the runner workflow to run"
+        required: false
+        type: string
+        default: "ubuntu-latest"
+    secrets:
+      SSH_PRIVATE_KEY:
+        description: "Private SSH key for accessing private repositories"
+        required: true
+
+concurrency:
+  group: ${{ inputs.STRAIN_REPOSITORY }}:${{ inputs.STRAIN_REPOSITORY_BRANCH }}:${{ inputs.INSTANCE_NAME }}:${{ inputs.SERVICE }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: Build with Picasso
+    uses: open-craft/picasso/.github/workflows/build.yml@gabor/add-ghcr-support
+    permissions:
+      packages: write
+      contents: read
+    secrets:
+      SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+    with:
+      STRAIN_REPOSITORY: ${{ inputs.STRAIN_REPOSITORY }}
+      STRAIN_REPOSITORY_BRANCH: ${{ inputs.STRAIN_REPOSITORY_BRANCH }}
+      STRAIN_PATH: "instances/${{ inputs.INSTANCE_NAME }}"
+      SERVICE: ${{ inputs.SERVICE }}
+      IMAGE_TAG_PREFIX: ${{ inputs.SERVICE }}
+      USE_DYNAMIC_IMAGE_TAG: true
+      ADD_RANDOM_SUFFIX_TO_IMAGE_TAG: true
+      RANDOM_SUFFIX_LENGTH: "8"
+      TIMESTAMP_FORMAT: "%Y%m%d"
+      PICASSO_VERSION: ${{ inputs.PICASSO_VERSION }}
+      PYTHON_VERSION: 3.12
+      # Prevent updating the image tag in the config.yml -- it would cause two
+      # commits as we commit other config changes later. We want to avoid confusion
+      # and have a single commit for the whole config update.
+      UPDATE_IMAGE_TAG_IN_REPO: false
+      RUNNER_WORKFLOW_LABEL: ${{ inputs.RUNNER_WORKFLOW_LABEL }}
+
+  generate-env-dir:
+    needs:
+      - build
+    name: Generate Environment Directory
+    uses: open-craft/phd-cluster-template/.github/workflows/generate-env-dir.yml@main
+    secrets:
+      SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+    with:
+      INSTANCE_NAME: ${{ inputs.INSTANCE_NAME }}
+      SERVICE: ${{ inputs.SERVICE }}
+      IMAGE_TAG: ${{ needs.build.outputs.image_tag }}
+      STRAIN_REPOSITORY: ${{ inputs.STRAIN_REPOSITORY }}
+      STRAIN_REPOSITORY_BRANCH: ${{ inputs.STRAIN_REPOSITORY_BRANCH }}
+      TUTOR_VERSION: ${{ inputs.TUTOR_VERSION }}
+      PICASSO_VERSION: ${{ inputs.PICASSO_VERSION }}
+      PHD_CLI_VERSION: ${{ inputs.PHD_CLI_VERSION }}
+      RUNNER_WORKFLOW_LABEL: ${{ inputs.RUNNER_WORKFLOW_LABEL }}
+
+  commit-and-push:
+    needs:
+      - build
+      - generate-env-dir
+    runs-on: ${{ inputs.RUNNER_WORKFLOW_LABEL }}
+    concurrency:
+      group: ${{ inputs.STRAIN_REPOSITORY }}:${{ inputs.STRAIN_REPOSITORY_BRANCH }}:${{ inputs.INSTANCE_NAME }}:commit
+      cancel-in-progress: false
+    steps:
+      - name: Setup SSH agent
+        uses: webfactory/ssh-agent@v0.9.0
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Add GitHub to known hosts
+        run: ssh-keyscan github.com >> ~/.ssh/known_hosts
+
+      - name: Checkout cluster repository
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ inputs.STRAIN_REPOSITORY }}
+          ref: ${{ inputs.STRAIN_REPOSITORY_BRANCH }}
+          fetch-depth: 0
+          ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Configure git
+        run: |
+          git config user.name "GitHub Actions"
+          git config user.email "actions@github.com"
+
+      - name: Checkout Picasso for scripts
+        uses: actions/checkout@v4
+        with:
+          repository: open-craft/picasso
+          ref: ${{ inputs.PICASSO_VERSION }}
+          path: picasso
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.12
+          cache: 'pip'
+          cache-dependency-path: picasso/requirements/base.txt
+
+      - name: Install requirements
+        run: pip install -r picasso/requirements/base.txt
+
+      - name: Download env artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: tutor-env-${{ inputs.INSTANCE_NAME }}
+          path: instances/${{ inputs.INSTANCE_NAME }}/env
+
+
+
+      - name: Update config.yml with image tag
+        env:
+          CONFIG_FILE: instances/${{ inputs.INSTANCE_NAME }}/config.yml
+          SCRIPT_PATH: picasso/.github/workflows/scripts/dynamic_image_tag.py
+          SERVICE: ${{ inputs.SERVICE }}
+          IMAGE_TAG: ${{ needs.build.outputs.image_tag }}
+        run: |
+          python $SCRIPT_PATH \
+            --config-file "$CONFIG_FILE" \
+            --service "$SERVICE" \
+            --save-config "true" \
+            --image-tag "$IMAGE_TAG"
+
+      - name: Commit and push changes
+        env:
+          INSTANCE_NAME: ${{ inputs.INSTANCE_NAME }}
+          SERVICE: ${{ inputs.SERVICE }}
+          IMAGE_TAG: ${{ needs.build.outputs.image_tag }}
+          BRANCH: ${{ inputs.STRAIN_REPOSITORY_BRANCH }}
+          SCRIPT_PATH: picasso/.github/workflows/scripts/dynamic_image_tag.py
+          CONFIG_FILE: instances/${{ inputs.INSTANCE_NAME }}/config.yml
+        run: |
+          set -euo pipefail
+
+          git add instances/$INSTANCE_NAME/config.yml
+          git add instances/$INSTANCE_NAME/env
+
+          if git diff --cached --quiet; then
+            echo "No changes to commit"
+            exit 0
+          fi
+
+          git commit -m "chore: update $SERVICE image and tutor config for $INSTANCE_NAME"
+
+          for i in 1 2 3; do
+            if git push; then
+              exit 0
+            fi
+            sleep $((i*i))
+            git pull origin "$BRANCH" --rebase
+            # Re-apply the config update on top of latest base in case of rebase changes
+            python "$SCRIPT_PATH" \
+              --config-file "$CONFIG_FILE" \
+              --service "$SERVICE" \
+              --save-config "true" \
+              --image-tag "$IMAGE_TAG"
+            git add instances/$INSTANCE_NAME/config.yml
+            git add instances/$INSTANCE_NAME/env
+            if git diff --cached --quiet; then
+              echo "No additional changes after rebase"
+            else
+              git commit -m "chore: update $SERVICE image and tutor config for $INSTANCE_NAME (retry $i)" || true
+            fi
+          done
+          exit 1