add release pipeline for mlflow

Author: diamonwiggins

.github/workflows/mlflow-ci.yml

@@ -0,0 +1,186 @@
+name: MLflow CI
+
+on:
+  pull_request:
+    paths:
+      - 'applications/mlflow/charts/**'
+      - 'applications/mlflow/kots/**'
+      - '.github/workflows/mlflow-ci.yml'
+  push:
+    branches:
+      - main
+    paths:
+      - 'applications/mlflow/charts/**'
+      - 'applications/mlflow/kots/**'
+      - '.github/workflows/mlflow-ci.yml'
+
+env:
+  APP_SLUG: mlflow
+
+jobs:
+  lint:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v4.3.0
+
+      - name: Set up Python
+        uses: actions/setup-python@v3
+        with:
+          python-version: 3.12
+
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+        with:
+          version: v3.8.0
+
+      - name: Run chart-testing (lint)
+        run: ct lint --config applications/mlflow/ct.yaml --chart-dirs applications/mlflow/charts --charts applications/mlflow/charts/mlflow applications/mlflow/charts/infra
+
+  test:
+    runs-on: ubuntu-22.04
+    needs: [lint]
+    strategy:
+      fail-fast: false
+      matrix:
+        cluster:
+          - distribution: kind
+            version: 1.32.3
+          - distribution: k3s
+            version: 1.32.3
+          - distribution: aks
+            version: 1.31
+          - distribution: gke
+            version: 1.32
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v4.3.0
+
+      - name: Create Cluster
+        id: create-cluster
+        uses: replicatedhq/replicated-actions/[email protected]
+        with:
+          api-token: ${{ secrets.REPLICATED_PLATFORM_EXAMPLES_TOKEN }}
+          kubernetes-distribution: ${{ matrix.cluster.distribution }}
+          kubernetes-version: ${{ matrix.cluster.version }}
+          cluster-name: mlflow-e2e-${{ github.run_id }}-${{ matrix.cluster.distribution }}-${{ matrix.cluster.version }}
+          ttl: 1h
+
+      - name: Install Infra Chart
+        run: ct install --config applications/mlflow/ct.yaml --chart-dirs applications/mlflow/charts --charts applications/mlflow/charts/mlflow --skip-clean-up --namespace default
+        env:
+          KUBECONFIG: ${{ steps.create-cluster.outputs.cluster-kubeconfig }}
+
+      - name: Install Mlflow Chart
+        run: ct install --config applications/mlflow/ct.yaml --chart-dirs applications/mlflow/charts --charts applications/mlflow/charts/mlflow --skip-clean-up --namespace default
+        env:
+          KUBECONFIG: ${{ steps.create-cluster.outputs.cluster-kubeconfig }}
+
+      - name: Install troubleshoot
+        run: curl -L https://github.com/replicatedhq/troubleshoot/releases/latest/download/support-bundle_linux_amd64.tar.gz | tar xzvf -
+        if: failure()
+
+      - name: Collect bundle
+        run: ./support-bundle --kubeconfig=${{ steps.create-cluster.outputs.cluster-kubeconfig }} --interactive=false -o ci-bundle-${{ matrix.cluster.distribution }}-${{ matrix.cluster.version }} https://raw.githubusercontent.com/replicatedhq/troubleshoot-specs/main/in-cluster/default.yaml
+        env:
+          KUBECONFIG: ${{ steps.create-cluster.outputs.cluster-kubeconfig }}
+        if: failure()
+
+      - name: Upload support bundle artifact
+        uses: actions/upload-artifact@v3
+        if: failure()
+        with:
+          name: mlflow-bundle-${{ matrix.cluster.distribution }}-${{ matrix.cluster.version }}
+          path: 'ci-bundle-${{ matrix.cluster.distribution }}-${{ matrix.cluster.version }}.tar.gz'
+
+      - name: Remove Cluster
+        uses: replicatedhq/replicated-actions/[email protected]
+        if: ${{ always() && steps.create-cluster.outputs.cluster-id != '' }}
+        with:
+          api-token: ${{ secrets.REPLICATED_PLATFORM_EXAMPLES_TOKEN }}
+          cluster-id: ${{ steps.create-cluster.outputs.cluster-id }}
+
+  create-release:
+    runs-on: ubuntu-22.04
+    needs: [test]
+    if: github.event_name == 'push' || github.event_name == 'release'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v4.3.0
+
+      - name: Package infra chart
+        run: |
+          helm package applications/mlflow/charts/infra -d applications/mlflow/kots/ -u
+          if [ ! -f applications/mlflow/kots/infra-*.tgz ]; then
+            echo "Error: Infra chart packaging failed"
+            exit 1
+          fi
+
+      - name: Package mlflow chart
+        run: |
+          helm package applications/mlflow/charts/mlflow -d applications/mlflow/kots/ -u
+          if [ ! -f applications/mlflow/kots/mlflow-*.tgz ]; then
+            echo "Error: MLflow chart packaging failed"
+            exit 1
+          fi
+
+      # The following steps implement our versioning strategy:
+      # 1. We extract the chart version from mlflow-chart.yaml
+      # 2. We use this version for the Replicated release
+      # This ensures that the Replicated release version always matches the MLflow chart version
+      - name: Extract MLflow chart version
+        id: chart-version
+        run: |
+          CHART_VERSION=$(grep 'chartVersion:' applications/mlflow/kots/mlflow-chart.yaml | awk '{print $2}')
+          echo "CHART_VERSION=$CHART_VERSION" >> $GITHUB_ENV
+          echo "Using MLflow chart version: $CHART_VERSION"
+
+      - name: Create release
+        id: create-release
+        uses: replicatedhq/replicated-actions/[email protected]
+        with:
+          app-slug: ${{ env.APP_SLUG }}
+          api-token: ${{ secrets.REPLICATED_PLATFORM_EXAMPLES_TOKEN }}
+          yaml-dir: applications/mlflow/kots/
+          promote-channel: ci-automation-${{ github.run_id }}
+          version: ${{ env.CHART_VERSION }}
+
+  cleanup-test-release:
+    runs-on: ubuntu-22.04
+    needs: [test, create-release]
+    steps:
+      - name: Archive Customer
+        if: ${{ needs.create-release.outputs.customer-id != '' }}
+        uses: replicatedhq/replicated-actions/[email protected]
+        with:
+          api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} 
+          customer-id: ${{ needs.create-release.outputs.customer-id }}
+
+      - name: Archive Channel
+        if: ${{ needs.create-release.outputs.channel-slug != '' }}
+        uses: replicatedhq/replicated-actions/[email protected]
+        with:
+          app-slug: ${{ env.APP_SLUG }}
+          api-token: ${{ secrets.C11Y_MATRIX_TOKEN }} 
+          channel-slug: ${{ needs.create-release.outputs.channel-slug }}

applications/mlflow/README.md

@@ -1,4 +1,4 @@
-# Mlflow
+# MLflow
 
 ## Get Started
 
@@ -8,4 +8,19 @@
 
 ## Embedded Cluster
 
-## Running the Mlflow Quickstart Example
+## Running the MLflow Quickstart Example
+
+## CI/CD Pipeline
+
+This application includes a CI/CD pipeline implemented with GitHub Actions. The pipeline handles:
+
+- Linting and testing the Helm chart
+- Installing the chart in a test cluster
+- Creating releases in Replicated channels
+- Generating Kubernetes installers
+
+The pipeline is triggered on:
+- Pull requests affecting the MLflow application
+- Pushes to the main branch
+
+For more details, see [planning.md](./planning.md) and the workflow definition in [.github/workflows/mlflow-ci.yml](../../.github/workflows/mlflow-ci.yml).

applications/mlflow/charts/mlflow/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: replicated
   repository: oci://registry.replicated.com/library
-  version: 1.1.0
-digest: sha256:9debf14266b4425bcc68a80da11527f8d0c5e68f678cae676179557bab423ae6
-generated: "2025-02-09T00:40:36.875661-05:00"
+  version: 1.5.0
+digest: sha256:47a29e041d280e6e5db79c0dcf469b5c43cef2d780169fa7cd40e9b02e9b1fd5
+generated: "2025-04-07T10:50:18.860452-04:00"

applications/mlflow/charts/mlflow/values.yaml

@@ -87,20 +87,20 @@ mlflow:
     #     secretKeyRef:
     #       name: extra-env-secret
     #       key: extra-env-key-3
- 
+
   # -- Extra initialization containers belonging to the mlflow pod.
   extraInitContainers: []
- 
+
   # -- Extra containers belonging to the mlflow pod.
   extraContainers: []
-  
+
   # -- Extra environment variable sources in mlflow container
   extraEnvFrom: []
   # - configMapRef:
   #     name: extra-env-configmap
   # - secretRef:
   #     name: extra-env-secret
-  
+
   # -- Extra volumes that can be mounted by containers belonging to the mlflow pod
   extraVolumes: []
   # - name: mlflow-volume
@@ -109,7 +109,7 @@ mlflow:
   # - name: mlflow-configmap-volume
   #   configMap:
   #     name: mlflow-configmap
-  
+
   # -- Extra volume mounts to mount into the mlflow container's file system
   extraVolumeMounts: []
   # - name: mlflow-volume
@@ -172,7 +172,7 @@ mlflow:
   # -- Enable/disable the generation of environment variables for services.
   # [[ref]](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service)
   enableServiceLinks: true
-  
+
   # -- Configure the lifecycle for the container
   lifecycle: {}
   termination:
@@ -200,7 +200,7 @@ mlflow:
     name: http
     # -- Annotations to add to the service
     annotations: {}
-  
+
   # -- Mlflow Ingress configuration
   # [[ref]](https://kubernetes.io/docs/concepts/services-networking/ingress/)
   ingress:
@@ -262,7 +262,7 @@ mlflow:
     # - --expose-prometheus /metrics
     # If enabled, run the server with debug logging and auto-reload
     - --dev
-  
+
     # Basic authentication configuration,
     # for more information, please visit https://mlflow.org/docs/latest/auth/index.html#configuration
     basicAuth:
@@ -349,7 +349,7 @@ minio:
       pullPolicy: IfNotPresent
     # -- Image pull secrets
     imagePullSecret: {}
-    # -- 
+    # --
     scheduler: {}
     # -- The Kubernetes secret name that contains MinIO environment variable configurations.
     # The secret is expected to have a key named config.env containing environment variables exports.
@@ -389,7 +389,7 @@ minio:
         # [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
         podAntiAffinityMode: "soft"
         # -- The `Requests or Limits <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/>`__ for resources to associate to Tenant pods.
-        resources: { }
+        resources: {}
         # -- The Kubernetes `SecurityContext <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/>`__ to use for deploying Tenant resources.
         securityContext:
           runAsUser: 1000
@@ -409,7 +409,7 @@ minio:
           seccompProfile:
             type: RuntimeDefault
         # -- An array of `Topology Spread Constraints <https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/>`__ to associate to Operator Console pods.
-        topologySpreadConstraints: [ ]
+        topologySpreadConstraints: []
         # -- The name of a custom `Container Runtime <https://kubernetes.io/docs/concepts/containers/runtime-class/>`__ to use for the Operator Console pods.
         runtimeClassName: ""
     # -- The mount path where Persistent Volumes are mounted inside Tenant container(s).
@@ -428,7 +428,7 @@ minio:
       externalCaCertSecret: []
       # -- Specify an array of Kubernetes secrets, where each entry corresponds to a secret contains the TLS private key and public certificate pair.
       # See `Operator CRD: TenantSpec <https://min.io/docs/minio/kubernetes/upstream/reference/operator-crd.html#tenantspec>`__.
-      externalCertSecret: [ ]
+      externalCertSecret: []
       # Enable automatic Kubernetes based `certificate generation and signing <https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster>`__
       requestAutoCert: true
       # -- See `Operator CRD: CertificateConfig <https://min.io/docs/minio/kubernetes/upstream/reference/operator-crd.html#certificateconfig>`__
@@ -445,25 +445,25 @@ minio:
     # -- Array of Kubernetes secrets from which the Operator generates MinIO users during tenant provisioning.
     # Each secret should specify the ``CONSOLE_ACCESS_KEY`` and ``CONSOLE_SECRET_KEY`` as the access key and secret key for that user.
     users: []
-    # -- The `PodManagement <https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy>`__ policy for MinIO Tenant Pods. 
+    # -- The `PodManagement <https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy>`__ policy for MinIO Tenant Pods.
     # Can be "OrderedReady" or "Parallel"
     podManagementPolicy: Parallel
-    # -- The `Liveness Probe <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes>`__ for monitoring Tenant pod liveness. 
+    # -- The `Liveness Probe <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes>`__ for monitoring Tenant pod liveness.
     # Tenant pods will be restarted if the probe fails.
     liveness: {}
     # -- `Readiness Probe <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>`__ for monitoring Tenant container readiness.
     # Tenant pods will be removed from service endpoints if the probe fails.
-    # -- `Startup Probe <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>`__ for monitoring container startup. 
+    # -- `Startup Probe <https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/>`__ for monitoring container startup.
     # Tenant pods will be restarted if the probe fails.
     startup: {}
     # -- The `Lifecycle hooks <https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/>`__ for container.
-    lifecycle: { }
+    lifecycle: {}
     # -- Directs the Operator to deploy the MinIO S3 API and Console services as LoadBalancer objects.
     # If the Kubernetes cluster has a configured LoadBalancer, it can attempt to route traffic to those services automatically.
     # Specify ``minio: true`` to expose the MinIO S3 API.
     # Specify ``console: true`` to expose the Console.
     # Both fields default to ``false``.
-    exposeServices: { }
+    exposeServices: {}
     # -- The `Kubernetes Service Account <https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/>`__ associated with the Tenant.
     serviceAccountName: ""
     # -- Directs the Operator to add the Tenant's metric scrape configuration to an existing Kubernetes Prometheus deployment managed by the Prometheus Operator.
@@ -472,24 +472,24 @@ minio:
     # Specify ``json`` for JSON-formatted logs.
     # Specify ``anonymous`` for anonymized logs.
     # Specify ``quiet`` to supress logging.
-    logging: { }
+    logging: {}
     # -- serviceMetadata allows passing additional labels and annotations to MinIO and Console specific
     # services created by the operator.
-    serviceMetadata: { }
+    serviceMetadata: {}
     # -- Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)
-    env: [ ]
+    env: []
     # -- PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods.
     # This is applied to MinIO pods only.
     # Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/
     priorityClassName: ""
     # -- An array of `Volumes <https://kubernetes.io/docs/concepts/storage/volumes/>`__ which the Operator can mount to Tenant pods.
     # The volumes must exist *and* be accessible to the Tenant pods.
-    additionalVolumes: [ ]
+    additionalVolumes: []
     # -- An array of volume mount points associated to each Tenant container.
-    additionalVolumeMounts: [ ]
+    additionalVolumeMounts: []
     # Define configuration for KES (stateless and distributed key-management system)
     # Refer https://github.com/minio/kes
-    #kes:
+    # kes:
     #  ## Image field:
     #  # Image from tag (original behavior), for example:
     #  # image:
@@ -660,7 +660,7 @@ postgres:
     # and then blank the password of the postgres user by setting it to NULL.
     enableSuperuserAccess: true
     superuserSecret: ""
-  
+
     # -- This feature enables declarative management of existing roles, as well as the creation of new roles if they are not
     # already present in the database.
     # See: https://cloudnative-pg.io/documentation/current/declarative_role_management/