Skip to content

CD - Kubernetes - Dev #840

CD - Kubernetes - Dev

CD - Kubernetes - Dev #840

Workflow file for this run

name: CD - Kubernetes - Dev
on:
schedule:
- cron: "0 */3 * * *"
workflow_dispatch:
inputs:
check-cache:
type: boolean
description: "Check workflow cache"
default: false
deploy-helm:
type: boolean
description: "Deploy Helm Charts"
default: false
jobs:
check-last-run:
# runs-on: [self-hosted, Linux]
runs-on: ubuntu-latest
outputs:
same-commit: ${{ steps.cache.outputs.cache-hit }}
steps:
- name: Check for new changes
if: github.event_name == 'schedule' || github.event.inputs.check-cache == 'true'
id: cache
uses: actions/cache@v4
with:
path: /tmp/k8s_dev_hash.txt # we don't care about the file, just the key
key: k8s-dev-${{ github.sha }}
lookup-only: true
- name: Save Commit SHA
if: github.event_name == 'schedule' || github.event.inputs.check-cache == 'true'
# only for making the cache action happy
run: echo "${{ github.sha }}" > /tmp/k8s_dev_hash.txt
deploy-syft-dev:
needs: check-last-run
if: needs.check-last-run.outputs.same-commit != 'true'
# runs-on: [self-hosted, Linux]
runs-on: ubuntu-latest
steps:
- name: Permission to home directory
run: |
sudo chown -R $USER:$USER $HOME
- uses: actions/checkout@v4
# Checkout Infra repo (nested)
- name: Checkout Infra Repo
uses: actions/checkout@v4
with:
repository: ${{ secrets.INFRA_REPO }}
ref: "main"
token: ${{ secrets.INFRA_BOT_COMMIT_TOKEN }}
path: infrastructure
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Login to Azure Container Registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.ACR_SERVER }}
username: ${{ secrets.ACR_USERNAME }}
password: ${{ secrets.ACR_PASSWORD }}
- name: Set Server package version
id: server
shell: bash
run: |
echo "SERVER_VERSION=$(python packages/grid/VERSION)" >> $GITHUB_OUTPUT
- name: Build and push `syft` image to registry
uses: docker/build-push-action@v6
with:
context: ./packages
file: ./packages/grid/syft-client/syft.Dockerfile
push: true
tags: |
${{ secrets.ACR_SERVER }}/openmined/syft-client:dev
${{ secrets.ACR_SERVER }}/openmined/syft-client:dev-${{ github.sha }}
${{ secrets.ACR_SERVER }}/openmined/syft-client:${{ steps.server.outputs.SERVER_VERSION }}
- name: Build and push `syft-backend` image to registry
uses: docker/build-push-action@v6
with:
context: ./packages
file: ./packages/grid/backend/backend.dockerfile
push: true
target: backend
tags: |
${{ secrets.ACR_SERVER }}/openmined/syft-backend:dev
${{ secrets.ACR_SERVER }}/openmined/syft-backend:dev-${{ github.sha }}
${{ secrets.ACR_SERVER }}/openmined/syft-backend:${{ steps.server.outputs.SERVER_VERSION }}
- name: Build and push `syft-frontend` image to registry
uses: docker/build-push-action@v6
with:
context: ./packages/grid/frontend
file: ./packages/grid/frontend/frontend.dockerfile
push: true
tags: |
${{ secrets.ACR_SERVER }}/openmined/syft-frontend:dev
${{ secrets.ACR_SERVER }}/openmined/syft-frontend:dev-${{ github.sha }}
${{ secrets.ACR_SERVER }}/openmined/syft-frontend:${{ steps.server.outputs.SERVER_VERSION }}
target: syft-ui-development
- name: Build and push `syft-seaweedfs` image to registry
uses: docker/build-push-action@v6
with:
context: ./packages/grid/seaweedfs
file: ./packages/grid/seaweedfs/seaweedfs.dockerfile
push: true
tags: |
${{ secrets.ACR_SERVER }}/openmined/syft-seaweedfs:dev
${{ secrets.ACR_SERVER }}/openmined/syft-seaweedfs:dev-${{ github.sha }}
${{ secrets.ACR_SERVER }}/openmined/syft-seaweedfs:${{ steps.server.outputs.SERVER_VERSION }}
- name: Build and push `syft-enclave-attestation` image to registry
uses: docker/build-push-action@v6
with:
context: ./packages/grid/enclave/attestation
file: ./packages/grid/enclave/attestation/attestation.dockerfile
push: true
tags: |
${{ secrets.ACR_SERVER }}/openmined/syft-enclave-attestation:dev
${{ secrets.ACR_SERVER }}/openmined/syft-enclave-attestation:dev-${{ github.sha }}
${{ secrets.ACR_SERVER }}/openmined/syft-enclave-attestation:${{ steps.server.outputs.SERVER_VERSION }}
- name: Build Helm Chart & Copy to infra
if: github.ref == 'refs/heads/dev' || github.event.inputs.deploy-helm == 'true'
shell: bash
run: |
K3D_VERSION=v5.6.3
DEVSPACE_VERSION=v6.3.12
# install k3d
wget https://github.com/k3d-io/k3d/releases/download/${K3D_VERSION}/k3d-linux-amd64
mv k3d-linux-amd64 k3d
chmod +x k3d
export PATH=`pwd`:$PATH
k3d version
# Install devspace
curl -sSL https://github.com/loft-sh/devspace/releases/download/${DEVSPACE_VERSION}/devspace-linux-amd64 -o ./devspace
chmod +x devspace
devspace version
# Install helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
helm version
# install tox
python -m pip install --upgrade pip
pip install tox
tox -e syft.build.helm
rm -rf infrastructure/gitops/environments/dev/
mkdir -p infrastructure/gitops/environments/dev/
cp -R packages/grid/helm/syft/. infrastructure/gitops/environments/dev/
# write version to VERSION.txt file
echo "dev-${{github.sha}}" > infrastructure/gitops/environments/dev/VERSION.txt
- name: Commit & push changes to Infra Repo
if: github.ref == 'refs/heads/dev' || github.event.inputs.deploy-helm == 'true'
uses: EndBug/add-and-commit@v9
with:
author_name: ${{ secrets.OM_BOT_NAME }}
author_email: ${{ secrets.OM_BOT_EMAIL }}
message: "[env] Update dev helm charts"
add: "."
push: "origin main"
cwd: "./infrastructure/"