|
| 1 | +name: Build Service Image |
| 2 | + |
| 3 | +on: |
| 4 | + workflow_call: |
| 5 | + inputs: |
| 6 | + INSTANCE_NAME: |
| 7 | + description: "Instance to build" |
| 8 | + required: true |
| 9 | + type: string |
| 10 | + SERVICE: |
| 11 | + description: "Service to build" |
| 12 | + required: true |
| 13 | + type: string |
| 14 | + STRAIN_REPOSITORY: |
| 15 | + description: "Repository containing the cluster/strains" |
| 16 | + required: true |
| 17 | + type: string |
| 18 | + STRAIN_REPOSITORY_BRANCH: |
| 19 | + description: "Branch to clone the strain from" |
| 20 | + required: true |
| 21 | + type: string |
| 22 | + TUTOR_VERSION: |
| 23 | + description: "Version of the tutor to use" |
| 24 | + required: true |
| 25 | + type: string |
| 26 | + PICASSO_VERSION: |
| 27 | + description: "Picasso version" |
| 28 | + required: true |
| 29 | + type: string |
| 30 | + PHD_CLI_VERSION: |
| 31 | + description: "PHD CLI version" |
| 32 | + required: true |
| 33 | + type: string |
| 34 | + RUNNER_WORKFLOW_LABEL: |
| 35 | + description: "The label of the runner workflow to run" |
| 36 | + required: false |
| 37 | + type: string |
| 38 | + default: "ubuntu-latest" |
| 39 | + secrets: |
| 40 | + SSH_PRIVATE_KEY: |
| 41 | + description: "Private SSH key for accessing private repositories" |
| 42 | + required: true |
| 43 | + |
| 44 | +concurrency: |
| 45 | + group: ${{ inputs.STRAIN_REPOSITORY }}:${{ inputs.STRAIN_REPOSITORY_BRANCH }}:${{ inputs.INSTANCE_NAME }}:${{ inputs.SERVICE }} |
| 46 | + cancel-in-progress: true |
| 47 | + |
| 48 | +jobs: |
| 49 | + build: |
| 50 | + name: Build with Picasso |
| 51 | + uses: open-craft/picasso/.github/workflows/build.yml@gabor/add-ghcr-support |
| 52 | + permissions: |
| 53 | + packages: write |
| 54 | + contents: read |
| 55 | + secrets: |
| 56 | + SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} |
| 57 | + with: |
| 58 | + STRAIN_REPOSITORY: ${{ inputs.STRAIN_REPOSITORY }} |
| 59 | + STRAIN_REPOSITORY_BRANCH: ${{ inputs.STRAIN_REPOSITORY_BRANCH }} |
| 60 | + STRAIN_PATH: "instances/${{ inputs.INSTANCE_NAME }}" |
| 61 | + SERVICE: ${{ inputs.SERVICE }} |
| 62 | + IMAGE_TAG_PREFIX: ${{ inputs.SERVICE }} |
| 63 | + USE_DYNAMIC_IMAGE_TAG: true |
| 64 | + ADD_RANDOM_SUFFIX_TO_IMAGE_TAG: true |
| 65 | + RANDOM_SUFFIX_LENGTH: "8" |
| 66 | + TIMESTAMP_FORMAT: "%Y%m%d" |
| 67 | + PICASSO_VERSION: ${{ inputs.PICASSO_VERSION }} |
| 68 | + PYTHON_VERSION: 3.12 |
| 69 | + # Prevent updating the image tag in the config.yml -- it would cause two |
| 70 | + # commits as we commit other config changes later. We want to avoid confusion |
| 71 | + # and have a single commit for the whole config update. |
| 72 | + UPDATE_IMAGE_TAG_IN_REPO: false |
| 73 | + RUNNER_WORKFLOW_LABEL: ${{ inputs.RUNNER_WORKFLOW_LABEL }} |
| 74 | + |
| 75 | + generate-env-dir: |
| 76 | + needs: |
| 77 | + - build |
| 78 | + name: Generate Environment Directory |
| 79 | + uses: open-craft/phd-cluster-template/.github/workflows/generate-env-dir.yml@main |
| 80 | + secrets: |
| 81 | + SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} |
| 82 | + with: |
| 83 | + INSTANCE_NAME: ${{ inputs.INSTANCE_NAME }} |
| 84 | + SERVICE: ${{ inputs.SERVICE }} |
| 85 | + IMAGE_TAG: ${{ needs.build.outputs.image_tag }} |
| 86 | + STRAIN_REPOSITORY: ${{ inputs.STRAIN_REPOSITORY }} |
| 87 | + STRAIN_REPOSITORY_BRANCH: ${{ inputs.STRAIN_REPOSITORY_BRANCH }} |
| 88 | + TUTOR_VERSION: ${{ inputs.TUTOR_VERSION }} |
| 89 | + PICASSO_VERSION: ${{ inputs.PICASSO_VERSION }} |
| 90 | + PHD_CLI_VERSION: ${{ inputs.PHD_CLI_VERSION }} |
| 91 | + RUNNER_WORKFLOW_LABEL: ${{ inputs.RUNNER_WORKFLOW_LABEL }} |
| 92 | + |
| 93 | + commit-and-push: |
| 94 | + needs: |
| 95 | + - build |
| 96 | + - generate-env-dir |
| 97 | + runs-on: ${{ inputs.RUNNER_WORKFLOW_LABEL }} |
| 98 | + concurrency: |
| 99 | + group: ${{ inputs.STRAIN_REPOSITORY }}:${{ inputs.STRAIN_REPOSITORY_BRANCH }}:${{ inputs.INSTANCE_NAME }}:commit |
| 100 | + cancel-in-progress: false |
| 101 | + steps: |
| 102 | + - name: Setup SSH agent |
| 103 | + uses: webfactory/ssh-agent@v0.9.0 |
| 104 | + with: |
| 105 | + ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} |
| 106 | + |
| 107 | + - name: Add GitHub to known hosts |
| 108 | + run: ssh-keyscan github.com >> ~/.ssh/known_hosts |
| 109 | + |
| 110 | + - name: Checkout cluster repository |
| 111 | + uses: actions/checkout@v4 |
| 112 | + with: |
| 113 | + repository: ${{ inputs.STRAIN_REPOSITORY }} |
| 114 | + ref: ${{ inputs.STRAIN_REPOSITORY_BRANCH }} |
| 115 | + fetch-depth: 0 |
| 116 | + ssh-key: ${{ secrets.SSH_PRIVATE_KEY }} |
| 117 | + |
| 118 | + - name: Checkout Picasso for scripts |
| 119 | + uses: actions/checkout@v4 |
| 120 | + with: |
| 121 | + repository: open-craft/picasso |
| 122 | + ref: ${{ inputs.PICASSO_VERSION }} |
| 123 | + path: picasso |
| 124 | + |
| 125 | + - name: Setup Python |
| 126 | + uses: actions/setup-python@v5 |
| 127 | + with: |
| 128 | + python-version: 3.12 |
| 129 | + cache: 'pip' |
| 130 | + cache-dependency-path: picasso/requirements/base.txt |
| 131 | + |
| 132 | + - name: Install requirements |
| 133 | + run: pip install -r picasso/requirements/base.txt |
| 134 | + |
| 135 | + - name: Download env artifact |
| 136 | + uses: actions/download-artifact@v4 |
| 137 | + with: |
| 138 | + name: tutor-env-${{ inputs.INSTANCE_NAME }} |
| 139 | + path: instances/${{ inputs.INSTANCE_NAME }}/env |
| 140 | + |
| 141 | + - name: Configure git |
| 142 | + run: | |
| 143 | + git config user.name "GitHub Actions" |
| 144 | + git config user.email "actions@github.com" |
| 145 | +
|
| 146 | + - name: Pull latest |
| 147 | + run: git pull origin ${{ inputs.STRAIN_REPOSITORY_BRANCH }} --rebase |
| 148 | + |
| 149 | + - name: Update config.yml with image tag |
| 150 | + env: |
| 151 | + CONFIG_FILE: instances/${{ inputs.INSTANCE_NAME }}/config.yml |
| 152 | + SCRIPT_PATH: picasso/.github/workflows/scripts/dynamic_image_tag.py |
| 153 | + SERVICE: ${{ inputs.SERVICE }} |
| 154 | + IMAGE_TAG: ${{ needs.build.outputs.image_tag }} |
| 155 | + run: | |
| 156 | + python $SCRIPT_PATH \ |
| 157 | + --config-file "$CONFIG_FILE" \ |
| 158 | + --service "$SERVICE" \ |
| 159 | + --save-config "true" \ |
| 160 | + --image-tag "$IMAGE_TAG" |
| 161 | +
|
| 162 | + - name: Commit and push changes |
| 163 | + env: |
| 164 | + INSTANCE_NAME: ${{ inputs.INSTANCE_NAME }} |
| 165 | + SERVICE: ${{ inputs.SERVICE }} |
| 166 | + IMAGE_TAG: ${{ needs.build.outputs.image_tag }} |
| 167 | + BRANCH: ${{ inputs.STRAIN_REPOSITORY_BRANCH }} |
| 168 | + SCRIPT_PATH: picasso/.github/workflows/scripts/dynamic_image_tag.py |
| 169 | + CONFIG_FILE: instances/${{ inputs.INSTANCE_NAME }}/config.yml |
| 170 | + run: | |
| 171 | + set -euo pipefail |
| 172 | +
|
| 173 | + git add instances/$INSTANCE_NAME/config.yml |
| 174 | + git add instances/$INSTANCE_NAME/env |
| 175 | +
|
| 176 | + if git diff --cached --quiet; then |
| 177 | + echo "No changes to commit" |
| 178 | + exit 0 |
| 179 | + fi |
| 180 | +
|
| 181 | + git commit -m "chore: update $SERVICE image and tutor config for $INSTANCE_NAME" |
| 182 | +
|
| 183 | + for i in 1 2 3; do |
| 184 | + if git push; then |
| 185 | + exit 0 |
| 186 | + fi |
| 187 | + sleep $((i*i)) |
| 188 | + git pull origin "$BRANCH" --rebase |
| 189 | + # Re-apply the config update on top of latest base in case of rebase changes |
| 190 | + python "$SCRIPT_PATH" \ |
| 191 | + --config-file "$CONFIG_FILE" \ |
| 192 | + --service "$SERVICE" \ |
| 193 | + --save-config "true" \ |
| 194 | + --image-tag "$IMAGE_TAG" |
| 195 | + git add instances/$INSTANCE_NAME/config.yml |
| 196 | + git add instances/$INSTANCE_NAME/env |
| 197 | + if git diff --cached --quiet; then |
| 198 | + echo "No additional changes after rebase" |
| 199 | + else |
| 200 | + git commit -m "chore: update $SERVICE image and tutor config for $INSTANCE_NAME (retry $i)" || true |
| 201 | + fi |
| 202 | + done |
| 203 | + exit 1 |
0 commit comments