CD - Kubernetes - Dev #775
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CD - Kubernetes - Dev | |
on: | |
schedule: | |
- cron: "0 */3 * * *" | |
workflow_dispatch: | |
inputs: | |
check-cache: | |
type: boolean | |
description: "Check workflow cache" | |
default: false | |
deploy-helm: | |
type: boolean | |
description: "Deploy Helm Charts" | |
default: false | |
jobs: | |
check-last-run: | |
# runs-on: [self-hosted, Linux] | |
runs-on: ubuntu-latest | |
outputs: | |
same-commit: ${{ steps.cache.outputs.cache-hit }} | |
steps: | |
- name: Check for new changes | |
if: github.event_name == 'schedule' || github.event.inputs.check-cache == 'true' | |
id: cache | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/k8s_dev_hash.txt # we don't care about the file, just the key | |
key: k8s-dev-${{ github.sha }} | |
lookup-only: true | |
- name: Save Commit SHA | |
if: github.event_name == 'schedule' || github.event.inputs.check-cache == 'true' | |
# only for making the cache action happy | |
run: echo "${{ github.sha }}" > /tmp/k8s_dev_hash.txt | |
deploy-syft-dev: | |
needs: check-last-run | |
if: needs.check-last-run.outputs.same-commit != 'true' | |
# runs-on: [self-hosted, Linux] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Permission to home directory | |
run: | | |
sudo chown -R $USER:$USER $HOME | |
- uses: actions/checkout@v4 | |
# Checkout Infra repo (nested) | |
- name: Checkout Infra Repo | |
uses: actions/checkout@v4 | |
with: | |
repository: ${{ secrets.INFRA_REPO }} | |
ref: "main" | |
token: ${{ secrets.INFRA_BOT_COMMIT_TOKEN }} | |
path: infrastructure | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Azure Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ secrets.ACR_SERVER }} | |
username: ${{ secrets.ACR_USERNAME }} | |
password: ${{ secrets.ACR_PASSWORD }} | |
- name: Set Server package version | |
id: server | |
shell: bash | |
run: | | |
echo "SERVER_VERSION=$(python packages/grid/VERSION)" >> $GITHUB_OUTPUT | |
- name: Build and push `syft` image to registry | |
uses: docker/build-push-action@v6 | |
with: | |
context: ./packages | |
file: ./packages/grid/syft-client/syft.Dockerfile | |
push: true | |
tags: | | |
${{ secrets.ACR_SERVER }}/openmined/syft-client:dev | |
${{ secrets.ACR_SERVER }}/openmined/syft-client:dev-${{ github.sha }} | |
${{ secrets.ACR_SERVER }}/openmined/syft-client:${{ steps.server.outputs.SERVER_VERSION }} | |
- name: Build and push `syft-backend` image to registry | |
uses: docker/build-push-action@v6 | |
with: | |
context: ./packages | |
file: ./packages/grid/backend/backend.dockerfile | |
push: true | |
target: backend | |
tags: | | |
${{ secrets.ACR_SERVER }}/openmined/syft-backend:dev | |
${{ secrets.ACR_SERVER }}/openmined/syft-backend:dev-${{ github.sha }} | |
${{ secrets.ACR_SERVER }}/openmined/syft-backend:${{ steps.server.outputs.SERVER_VERSION }} | |
- name: Build and push `syft-frontend` image to registry | |
uses: docker/build-push-action@v6 | |
with: | |
context: ./packages/grid/frontend | |
file: ./packages/grid/frontend/frontend.dockerfile | |
push: true | |
tags: | | |
${{ secrets.ACR_SERVER }}/openmined/syft-frontend:dev | |
${{ secrets.ACR_SERVER }}/openmined/syft-frontend:dev-${{ github.sha }} | |
${{ secrets.ACR_SERVER }}/openmined/syft-frontend:${{ steps.server.outputs.SERVER_VERSION }} | |
target: syft-ui-development | |
- name: Build and push `syft-seaweedfs` image to registry | |
uses: docker/build-push-action@v6 | |
with: | |
context: ./packages/grid/seaweedfs | |
file: ./packages/grid/seaweedfs/seaweedfs.dockerfile | |
push: true | |
tags: | | |
${{ secrets.ACR_SERVER }}/openmined/syft-seaweedfs:dev | |
${{ secrets.ACR_SERVER }}/openmined/syft-seaweedfs:dev-${{ github.sha }} | |
${{ secrets.ACR_SERVER }}/openmined/syft-seaweedfs:${{ steps.server.outputs.SERVER_VERSION }} | |
- name: Build and push `syft-enclave-attestation` image to registry | |
uses: docker/build-push-action@v6 | |
with: | |
context: ./packages/grid/enclave/attestation | |
file: ./packages/grid/enclave/attestation/attestation.dockerfile | |
push: true | |
tags: | | |
${{ secrets.ACR_SERVER }}/openmined/syft-enclave-attestation:dev | |
${{ secrets.ACR_SERVER }}/openmined/syft-enclave-attestation:dev-${{ github.sha }} | |
${{ secrets.ACR_SERVER }}/openmined/syft-enclave-attestation:${{ steps.server.outputs.SERVER_VERSION }} | |
- name: Build Helm Chart & Copy to infra | |
if: github.ref == 'refs/heads/dev' || github.event.inputs.deploy-helm == 'true' | |
shell: bash | |
run: | | |
K3D_VERSION=v5.6.3 | |
DEVSPACE_VERSION=v6.3.12 | |
# install k3d | |
wget https://github.com/k3d-io/k3d/releases/download/${K3D_VERSION}/k3d-linux-amd64 | |
mv k3d-linux-amd64 k3d | |
chmod +x k3d | |
export PATH=`pwd`:$PATH | |
k3d version | |
# Install devspace | |
curl -sSL https://github.com/loft-sh/devspace/releases/download/${DEVSPACE_VERSION}/devspace-linux-amd64 -o ./devspace | |
chmod +x devspace | |
devspace version | |
# Install helm | |
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | |
helm version | |
# install tox | |
python -m pip install --upgrade pip | |
pip install tox | |
tox -e syft.build.helm | |
rm -rf infrastructure/gitops/environments/dev/ | |
mkdir -p infrastructure/gitops/environments/dev/ | |
cp -R packages/grid/helm/syft/. infrastructure/gitops/environments/dev/ | |
# write version to VERSION.txt file | |
echo "dev-${{github.sha}}" > infrastructure/gitops/environments/dev/VERSION.txt | |
- name: Commit & push changes to Infra Repo | |
if: github.ref == 'refs/heads/dev' || github.event.inputs.deploy-helm == 'true' | |
uses: EndBug/add-and-commit@v9 | |
with: | |
author_name: ${{ secrets.OM_BOT_NAME }} | |
author_email: ${{ secrets.OM_BOT_EMAIL }} | |
message: "[env] Update dev helm charts" | |
add: "." | |
push: "origin main" | |
cwd: "./infrastructure/" |