From dc07b45c2eb1d5affda4216becb105c56827ee72 Mon Sep 17 00:00:00 2001 From: Berry den Hartog <38954346+berrydenhartog@users.noreply.github.com> Date: Wed, 12 Jun 2024 09:08:47 +0200 Subject: [PATCH] # This is a combination of 5 commits. # This is the 1st commit message: Fix sonar badge # This is the commit message #2: Add deployment # This is the commit message #3: Add concurrency check # This is the commit message #4: Fix CI/CD deployment # This is the commit message #5: Add hash to build --- .github/workflows/ci.yml | 14 ++++ .github/workflows/deploy.yml | 106 ++++++++++++++++++++++++ .github/workflows/first-interaction.yml | 3 + .github/workflows/stale-pr-schedule.yml | 4 + README.md | 3 +- 5 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5cdd05e87..56135be7b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,6 +10,10 @@ on: branches: - 'main' +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + env: REGISTRY: ghcr.io POETRY_CACHE_DIR: ~/.cache/pypoetry @@ -138,6 +142,15 @@ jobs: steps: - uses: actions/checkout@v4 + - name: get commit hash + id: get_commit_hash + run: | + echo "commit_hash=$(git describe --tags)" >> "$GITHUB_OUTPUT" + + - name: Make changes to project to inject commit hash + run: | + sed -i 's/VERSION: str = .*$/VERSION: str = "${{ steps.get_commit_hash.outputs.commit_hash }}"/g' tad/core/config.py + - name: Log in to the Container registry uses: docker/login-action@v3 with: @@ -164,6 +177,7 @@ jobs: echo "tags: ${{ steps.meta.outputs.tags }}" echo "labels: ${{ steps.meta.outputs.labels }}" echo "annotations: ${{ steps.meta.outputs.annotations }}" + echo "hash: ${{ steps.get_commit_hash.outputs.commit_hash }}" - name: Build and push Docker image diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 000000000..26fea3431 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,106 @@ +name: deploy + + +on: + push: + branches: + - main + workflow_dispatch: + inputs: + image_tag: + description: 'Docker image tag to deploy' + required: true + default: 'main' + environment: + description: 'Environment to deploy too' + required: true + default: 'sandbox' + type: choice + options: + - sandbox + - production + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + path: 'source/tad/' + + - name: get commit hash + id: get_commit_hash + run: | + cd source/tad/ + echo "commit_hash=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" + + + - name: Get GHCR package hash + id: get_package_hash + run: | + if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then + container_id=$(gh api --paginate -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /orgs/MinBZK/packages/container/tad/versions | jq -r '.[] | select(.metadata.container.tags | contains(["${{ inputs.image_tag }}"])) | .name') + echo "container_id=$container_id" >> "$GITHUB_OUTPUT" + else + container_id=$(gh api --paginate -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /orgs/MinBZK/packages/container/tad/versions | jq -r '.[] | select(.metadata.container.tags | contains(["main"])) | .name') + echo "container_id=$container_id" >> "$GITHUB_OUTPUT" + fi + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get deploy environment + id: get_deploy_env + run: | + if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then + echo "env=${{ inputs.environment }}" >> "$GITHUB_OUTPUT" + else + echo "env=sandbox" >> "$GITHUB_OUTPUT" + fi + + - name: Print deploy hash and environment + run: | + echo "Container ID: ${{ steps.get_package_hash.outputs.container_id }}" + echo "Overlay: ${{ steps.get_deploy_env.outputs.env }}" + echo "Version: ${{ inputs.image_tag || 'main' }}" + echo "Actor: ${{ github.actor}}" + echo "Commit: ${{ steps.get_commit_hash.outputs.commit_hash }}" + + - name: check correct name + run: | + if [ -z "${{steps.get_package_hash.outputs.container_id}}" ]; then + echo "Variable is empty. Failing the workflow." + exit 1 + fi + + - uses: actions/checkout@v4 + with: + repository: 'minbzk/ai-validation-infra' + ref: main + token: ${{ secrets.GH_PAT }} + + - name: Configure Git + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + + + - name: Make changes to the file + run: | + sed -i 's/newTag: .*$/newTag: ${{inputs.image_tag || 'main' }}@${{ steps.get_package_hash.outputs.container_id }}/g' apps/tad/overlays/${{ steps.get_deploy_env.outputs.env }}/kustomization.yaml + sed -i 's/commithash: .*$/commithash: ${{ steps.get_commit_hash.outputs.commit_hash }}/g' apps/tad/overlays/${{ steps.get_deploy_env.outputs.env }}/kustomization.yaml + sed -i 's|minbzk.github.io/version: .*$|minbzk.github.io/version: ${{ inputs.image_tag || 'main' }} }|g' apps/tad/overlays/${{ steps.get_deploy_env.outputs.env }}/kustomization.yaml + git add apps/tad/overlays/${{ steps.get_deploy_env.outputs.env }}/kustomization.yaml + + - name: show changes + run: git diff --staged + + - name: push changes + run: | + git commit -m "Update tad overlay ${{ steps.get_deploy_env.outputs.env }} tag ${{ steps.get_package_hash.outputs.container_id }} by actor ${{ github.actor}}" + git push --force-with-lease + env: + GITHUB_TOKEN: ${{ secrets.GH_PAT }} diff --git a/.github/workflows/first-interaction.yml b/.github/workflows/first-interaction.yml index edad61194..9a34f7ed7 100644 --- a/.github/workflows/first-interaction.yml +++ b/.github/workflows/first-interaction.yml @@ -2,6 +2,9 @@ name: first-interaction on: [pull_request, issues] +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + jobs: greeting: runs-on: ubuntu-latest diff --git a/.github/workflows/stale-pr-schedule.yml b/.github/workflows/stale-pr-schedule.yml index a695d5bb9..dfaabad35 100644 --- a/.github/workflows/stale-pr-schedule.yml +++ b/.github/workflows/stale-pr-schedule.yml @@ -4,6 +4,10 @@ on: - cron: "0 4 * * *" workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: stale: runs-on: ubuntu-latest diff --git a/README.md b/README.md index adafb6c07..dff20f31c 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,11 @@ # Transparency of Algorithmic Decision making (TAD) ![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/minbzk/tad/ci.yml?label=tests) -![Sonar Coverage](https://img.shields.io/sonar/coverage/ai-validation-team_tad?server=https%3A%2F%2Fsonarcloud.io&label=coverage(sonar)) +[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=MinBZK_tad&metric=coverage)](https://sonarcloud.io/summary/new_code?id=MinBZK_tad) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=MinBZK_tad&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=MinBZK_tad) ![GitHub Release](https://img.shields.io/github/v/release/minbzk/tad?include_prereleases&sort=semver) ![GitHub License](https://img.shields.io/github/license/minbzk/tad) +[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=MinBZK_tad&metric=ncloc)](https://sonarcloud.io/summary/new_code?id=MinBZK_tad) TAD is a modern tool to apply technical and non-technical tests for an AI model.