v0.3.19 RC #476
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: '[cd]docker images' | |
on: | |
release: | |
types: | |
- published | |
env: | |
OKD_PROJECT: siibra-api | |
OKD_PROD_ENDPOINT: https://okd.hbp.eu:443 | |
OKD_DEV_ENDPOINT: https://okd-dev.hbp.eu:443 | |
OKD_PROD_SECRET: ${{ secrets.OKD_PROD_SECRET }} | |
OKD_DEV_SECRET: ${{ secrets.OKD_DEV_SECRET }} | |
DOCKER_REGISTRY: 'docker-registry.ebrains.eu/siibra/' | |
DOCKER_IMG: 'siibra-api' | |
jobs: | |
build-docker-img: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- flavor: 'all' | |
dockerfile: 'Dockerfile' | |
tag_suffix: '' | |
- flavor: 'worker' | |
dockerfile: 'worker.dockerfile' | |
tag_suffix: '-worker' | |
- flavor: 'server' | |
dockerfile: 'server.dockerfile' | |
tag_suffix: '-server' | |
- flavor: 'worker' | |
dockerfile: 'worker-v4.dockerfile' | |
tag_suffix: '-worker-v4' | |
steps: | |
- name: "Sanity check github.ref" | |
run: echo GITHUB_REF - $GITHUB_REF - github.ref - ${{ github.ref }} | |
- uses: actions/checkout@v4 | |
- name: "Build docker image" | |
run: | | |
GIT_HASH=$(git rev-parse --short HEAD) | |
cached_image=${{ env.DOCKER_REGISTRY }}${{ env.DOCKER_IMG }}:latest${{ matrix.tag_suffix }} | |
echo "Pulling $cached_image to populate cached layers." | |
docker pull $cached_image || true | |
docker build --build-arg GIT_HASH=$GIT_HASH -t siibra-api-tmp-img -f ${{ matrix.dockerfile }} . | |
- name: "Tag and Push (rc)" | |
if: ${{ contains(github.ref, 'rc') }} | |
run: | | |
TAG_BASE=rc | |
NEW_TAG=${{ env.DOCKER_REGISTRY }}${{ env.DOCKER_IMG }}:${TAG_BASE}${{ matrix.tag_suffix }} | |
docker tag siibra-api-tmp-img ${NEW_TAG} | |
echo "Login to docker registry" | |
docker login \ | |
-u '${{ secrets.EBRAINS_DOCKER_REG_USER }}' \ | |
-p '${{ secrets.EBRAINS_DOCKER_REG_TOKEN }}' \ | |
docker-registry.ebrains.eu | |
docker push $NEW_TAG | |
- name: "Tag and Push (release)" | |
if : ${{ (github.event_name == 'release') && !contains(github.ref, 'rc') }} | |
run: | | |
echo "Login to docker registry" | |
docker login \ | |
-u '${{ secrets.EBRAINS_DOCKER_REG_USER }}' \ | |
-p '${{ secrets.EBRAINS_DOCKER_REG_TOKEN }}' \ | |
docker-registry.ebrains.eu | |
VERSION=$(cat VERSION) | |
while [[ "$VERSION" == *"."* ]] | |
do | |
if [[ "$BREAK" == "0" ]] | |
then | |
echo "Fuse broke!" | |
exit 1 | |
fi | |
VERSIONED_DOCKERTAG=${{ env.DOCKER_REGISTRY }}${{ env.DOCKER_IMG }}:${VERSION}${{ matrix.tag_suffix }} | |
echo "tagging and pushing $VERSIONED_DOCKERTAG" | |
docker tag siibra-api-tmp-img $VERSIONED_DOCKERTAG | |
docker push $VERSIONED_DOCKERTAG | |
echo "Push successful... Incrementing version & break" | |
VERSION=$(echo $VERSION | sed -e 's/\.\w*$//g') | |
BREAK=$(( "$BREAK" - 1 )) | |
done | |
echo "Done" | |
setup-envvar: | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.set-env-var.outputs.version }} | |
needs: build-docker-img | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name: 'Setting env var' | |
id: set-env-var | |
run: | | |
version=$(cat VERSION) | |
if [[ -z "$version" ]] | |
then | |
echo "Version population failed: $version" | |
exit 1 | |
fi | |
echo version=$version >> $GITHUB_OUTPUT | |
deploy-rc-on-data-validation: | |
needs: | |
- build-docker-img | |
if: ${{ github.event_name == 'push' }} | |
runs-on: self-hosted | |
steps: | |
- run: | | |
/bin/bash -c "cd /softwares/software && ./restart.sh" | |
# rc | |
rm-cache-rc-at-helm: | |
needs: setup-envvar | |
if: ${{ github.event_name == 'release' && contains(github.ref, 'rc') }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/composite-set-k8s-cred | |
with: | |
secrets: ${{ secrets.KUBECONFIG }} | |
- run: | | |
prod_server_pod=$(kubectl get pod | grep server | grep prod | awk '{print $1}') | |
echo exec on $prod_server_pod | |
kubectl exec $prod_server_pod -- rm -rf /siibra-api-volume/${{ needs.setup-envvar.outputs.version }}-rc/* | |
REDIS_POD=$(kubectl get pod -l app=cache-redis | grep Running | awk '{print $1}') | |
echo kubectl exec $REDIS_POD -- /bin/ash -c 'redis-cli --scan --pattern "*\[${{ needs.setup-envvar.outputs.version }}\]*" | while IFS= read -r line; do redis-cli del "$line"; done' | |
kubectl exec $REDIS_POD -- /bin/ash -c 'redis-cli --scan --pattern "*\[${{ needs.setup-envvar.outputs.version }}\]*" | while IFS= read -r line; do redis-cli del "$line"; done' | |
warmup-rc-at-helm: | |
needs: | |
- setup-envvar | |
- rm-cache-rc-at-helm | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: true | |
max-parallel: 1 | |
matrix: | |
include: | |
- yml-file: .helm/adhoc/warm-cache.yaml | |
podname: warmup-pod | |
- yml-file: .helm/adhoc/warm-cache-v4.yaml | |
podname: warmup-pod-v4 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/composite-set-k8s-cred | |
with: | |
secrets: ${{ secrets.KUBECONFIG }} | |
- timeout-minutes: 120 # should not take more than 2h to warmup cache | |
run: | | |
# Delete pod at the beginning of the workflow | |
# This is so that logs can be inspected | |
kubectl delete pod/${{ matrix.podname }} || echo "Pod pod/${{ matrix.podname }} not found." | |
# TODO Flaky | |
# see .helm/siibra-api/templates/_helpers.tpl how siibra-api.cache-dir is defined | |
WARM_CACHE_YML=$(SIIBRA_CACHEDIR=/siibra-api-volume/${{ needs.setup-envvar.outputs.version }}-rc/ envsubst < ${{ matrix.yml-file }}) | |
echo -e "WARM_CACHE_YML: \n$WARM_CACHE_YML" | |
echo "$WARM_CACHE_YML" | kubectl apply -f - | |
while true | |
do | |
sleep 10 | |
POD_PHASE=$(kubectl get pod ${{ matrix.podname }} -o json | jq -r '.status.phase') | |
echo Possible phases: Pending, Running, Succeeded, Failed, Unknown | |
echo Found phase: $POD_PHASE | |
if [[ "$POD_PHASE" == "Failed" ]] || [[ "$POD_PHASE" == "Unknown" ]] | |
then | |
exit 1 | |
fi | |
if [[ "$POD_PHASE" == "Succeeded" ]] | |
then | |
exit 0 | |
fi | |
done | |
deploy-rc-via-helm: | |
needs: warmup-rc-at-helm | |
if: ${{ github.event_name == 'release' && contains(github.ref, 'rc') }} | |
uses: ./.github/workflows/deploy-helm.yml | |
with: | |
DEPLOYMENT_NAME: rc | |
secrets: | |
KUBECONFIG: ${{ secrets.KUBECONFIG }} | |
# prod | |
copy-by-helm: | |
needs: setup-envvar | |
if: ${{ github.event_name == 'release' && !contains(github.ref, 'rc') }} | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 # should not take more than 15 minutes to copy cache | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/composite-set-k8s-cred | |
with: | |
secrets: ${{ secrets.KUBECONFIG }} | |
- name: 'set FROM_DIR TO_DIR' | |
run: | | |
VERSION=${{ needs.setup-envvar.outputs.version }} | |
# TODO use label exclusively in the future | |
POD=$(kubectl get pod -l role=server -l app-flavor=rc -o json | jq -r '.items[0].metadata.name') | |
echo POD: $POD | |
cache_str=$(kubectl exec $POD -- env | grep SIIBRA_CACHEDIR) | |
FROM_DIR=${cache_str//SIIBRA_CACHEDIR=/} | |
TO_DIR=${FROM_DIR//-rc/} | |
POD_NAME=copy-cache | |
echo FROM_DIR: $FROM_DIR, TO_DIR: $TO_DIR, POD_NAME: $POD_NAME | |
echo "FROM_DIR=$FROM_DIR" >> $GITHUB_ENV | |
echo "TO_DIR=$TO_DIR" >> $GITHUB_ENV | |
echo "POD_NAME=$POD_NAME" >> $GITHUB_ENV | |
- name: 'start container' | |
run: | | |
# delete pod before workflow, so that logs can be inspected | |
kubectl delete pod/$POD_NAME || echo "Pod pod/$POD_NAME not found." | |
FROM_DIR=$FROM_DIR TO_DIR=$TO_DIR envsubst < .helm/adhoc/copy-cache.yaml | kubectl apply -f - | |
- name: 'Ensure copy completes' | |
run: | | |
while true | |
do | |
sleep 10 | |
POD_PHASE=$(kubectl get pod $POD_NAME -o json | jq -r '.status.phase') | |
echo Possible phases: Pending, Running, Succeeded, Failed, Unknown | |
echo Found phase: $POD_PHASE | |
if [[ "$POD_PHASE" == "Failed" ]] || [[ "$POD_PHASE" == "Unknown" ]] | |
then | |
exit 1 | |
fi | |
if [[ "$POD_PHASE" == "Succeeded" ]] | |
then | |
exit 0 | |
fi | |
done | |
deploy-prod-via-helm: | |
needs: copy-by-helm | |
if: ${{ github.event_name == 'release' && !contains(github.ref, 'rc') }} | |
uses: ./.github/workflows/deploy-helm.yml | |
with: | |
DEPLOYMENT_NAME: prod | |
secrets: | |
KUBECONFIG: ${{ secrets.KUBECONFIG }} |