# This is a combination of 5 commits.

# This is the 1st commit message: Fix sonar badge # This is the commit message #2: Add deployment # This is the commit message #3: Add concurrency check # This is the commit message #4: Fix CI/CD deployment # This is the commit message #5: Add hash to build
MinBZK · Jul 3, 2024 · dc07b45 · dc07b45
1 parent 4128b66
commit dc07b45
Show file tree

Hide file tree

Showing 5 changed files with 129 additions and 1 deletion.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,6 +10,10 @@ on:
     branches:
       - 'main'
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 env:
   REGISTRY: ghcr.io
   POETRY_CACHE_DIR: ~/.cache/pypoetry
@@ -138,6 +142,15 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - name: get commit hash
+        id: get_commit_hash
+        run: |
+          echo "commit_hash=$(git describe --tags)" >> "$GITHUB_OUTPUT"
+
+      - name: Make changes to project to inject commit hash
+        run: |
+          sed -i 's/VERSION: str = .*$/VERSION: str = "${{ steps.get_commit_hash.outputs.commit_hash }}"/g' tad/core/config.py
+
       - name: Log in to the Container registry
         uses: docker/login-action@v3
         with:
@@ -164,6 +177,7 @@ jobs:
           echo "tags: ${{ steps.meta.outputs.tags }}"
           echo "labels: ${{ steps.meta.outputs.labels }}"
           echo "annotations: ${{ steps.meta.outputs.annotations }}"
+          echo "hash: ${{ steps.get_commit_hash.outputs.commit_hash }}"
 
 
       - name: Build and push Docker image

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,106 @@
+name: deploy
+
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+      inputs:
+        image_tag:
+          description: 'Docker image tag to deploy'
+          required: true
+          default: 'main'
+        environment:
+          description: 'Environment to deploy too'
+          required: true
+          default: 'sandbox'
+          type: choice
+          options:
+            - sandbox
+            - production
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          path: 'source/tad/'
+
+      - name: get commit hash
+        id: get_commit_hash
+        run: |
+          cd source/tad/
+          echo "commit_hash=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
+
+
+      - name: Get GHCR package hash
+        id: get_package_hash
+        run: |
+          if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
+            container_id=$(gh api --paginate -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /orgs/MinBZK/packages/container/tad/versions | jq -r '.[] | select(.metadata.container.tags | contains(["${{ inputs.image_tag }}"])) | .name')
+            echo "container_id=$container_id" >> "$GITHUB_OUTPUT"
+          else
+            container_id=$(gh api --paginate -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /orgs/MinBZK/packages/container/tad/versions | jq -r '.[] | select(.metadata.container.tags | contains(["main"])) | .name')
+            echo "container_id=$container_id" >> "$GITHUB_OUTPUT"
+          fi
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get deploy environment
+        id: get_deploy_env
+        run: |
+          if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
+              echo "env=${{ inputs.environment }}" >> "$GITHUB_OUTPUT"
+          else
+             echo "env=sandbox" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Print deploy hash and environment
+        run: |
+           echo "Container ID: ${{ steps.get_package_hash.outputs.container_id }}"
+           echo "Overlay: ${{ steps.get_deploy_env.outputs.env }}"
+           echo "Version:  ${{ inputs.image_tag || 'main' }}"
+           echo "Actor: ${{ github.actor}}"
+           echo "Commit: ${{ steps.get_commit_hash.outputs.commit_hash }}"
+
+      - name: check correct name
+        run: |
+            if [ -z "${{steps.get_package_hash.outputs.container_id}}" ]; then
+              echo "Variable is empty. Failing the workflow."
+              exit 1
+            fi
+
+      - uses: actions/checkout@v4
+        with:
+          repository: 'minbzk/ai-validation-infra'
+          ref: main
+          token: ${{ secrets.GH_PAT }}
+
+      - name: Configure Git
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+
+
+      - name: Make changes to the file
+        run: |
+          sed -i 's/newTag: .*$/newTag: ${{inputs.image_tag || 'main' }}@${{ steps.get_package_hash.outputs.container_id }}/g' apps/tad/overlays/${{ steps.get_deploy_env.outputs.env }}/kustomization.yaml
+          sed -i 's/commithash: .*$/commithash: ${{ steps.get_commit_hash.outputs.commit_hash }}/g' apps/tad/overlays/${{ steps.get_deploy_env.outputs.env }}/kustomization.yaml
+          sed -i 's|minbzk.github.io/version: .*$|minbzk.github.io/version: ${{ inputs.image_tag || 'main' }} }|g' apps/tad/overlays/${{ steps.get_deploy_env.outputs.env }}/kustomization.yaml
+          git add apps/tad/overlays/${{ steps.get_deploy_env.outputs.env }}/kustomization.yaml
+
+      - name: show changes
+        run: git diff --staged
+
+      - name: push changes
+        run: |
+          git commit -m "Update tad overlay ${{ steps.get_deploy_env.outputs.env }} tag ${{ steps.get_package_hash.outputs.container_id }} by actor ${{ github.actor}}"
+          git push --force-with-lease
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
diff --git a/.github/workflows/first-interaction.yml b/.github/workflows/first-interaction.yml
@@ -2,6 +2,9 @@ name: first-interaction
 
 on: [pull_request, issues]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+
 jobs:
   greeting:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/stale-pr-schedule.yml b/.github/workflows/stale-pr-schedule.yml
@@ -4,6 +4,10 @@ on:
     - cron: "0 4 * * *"
   workflow_dispatch:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   stale:
     runs-on: ubuntu-latest

diff --git a/README.md b/README.md
@@ -1,10 +1,11 @@
 # Transparency of Algorithmic Decision making (TAD)
 
 ![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/minbzk/tad/ci.yml?label=tests)
-![Sonar Coverage](https://img.shields.io/sonar/coverage/ai-validation-team_tad?server=https%3A%2F%2Fsonarcloud.io&label=coverage(sonar))
+[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=MinBZK_tad&metric=coverage)](https://sonarcloud.io/summary/new_code?id=MinBZK_tad)
 [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=MinBZK_tad&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=MinBZK_tad)
 ![GitHub Release](https://img.shields.io/github/v/release/minbzk/tad?include_prereleases&sort=semver)
 ![GitHub License](https://img.shields.io/github/license/minbzk/tad)
+[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=MinBZK_tad&metric=ncloc)](https://sonarcloud.io/summary/new_code?id=MinBZK_tad)
 
 TAD is a modern tool to apply technical and non-technical tests for an AI model.