.github/workflows/docker-img.yml

name: '[cd]docker images'

on:
  push:
    branches:
    - master
  release:
    types:
    - published

env:
  OKD_PROJECT: siibra-api
  OKD_PROD_ENDPOINT: https://okd.hbp.eu:443
  OKD_DEV_ENDPOINT: https://okd-dev.hbp.eu:443
  OKD_PROD_SECRET: ${{ secrets.OKD_PROD_SECRET }}
  OKD_DEV_SECRET: ${{ secrets.OKD_DEV_SECRET }}
  DOCKER_REGISTRY: 'docker-registry.ebrains.eu/siibra/'
  DOCKER_IMG: 'siibra-api'

jobs:
  build-docker-img:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        flavor: ['server', 'worker', 'all']
        include:
        - flavor: 'all'
          dockerfile: 'Dockerfile'
          tag_suffix: ''
        - flavor: 'worker'
          dockerfile: 'worker.dockerfile'
          tag_suffix: '-worker'
        - flavor: 'server'
          dockerfile: 'server.dockerfile'
          tag_suffix: '-server'

    steps:
    - name: "Sanity check github.ref"
      run: echo GITHUB_REF - $GITHUB_REF - github.ref - ${{ github.ref }}
    - uses: actions/checkout@v4
    - name: "Build docker image"
      run: |
        GIT_HASH=$(git rev-parse --short HEAD)
        cached_image=${{ env.DOCKER_REGISTRY }}${{ env.DOCKER_IMG }}:latest${{ matrix.tag_suffix }}
        echo "Pulling $cached_image to populate cached layers."
        docker pull $cached_image
        docker build --build-arg GIT_HASH=$GIT_HASH -t siibra-api-tmp-img -f ${{ matrix.dockerfile }} .

    - name: "Tag and Push (latest || rc)"
      if: ${{ (github.event_name == 'push') || contains(github.ref, 'rc') }}
      run: |
        if [[ "$GITHUB_REF" = *"rc"* ]]
        then
          TAG_BASE=rc
        else
          TAG_BASE=latest
        fi

        NEW_TAG=${{ env.DOCKER_REGISTRY }}${{ env.DOCKER_IMG }}:${TAG_BASE}${{ matrix.tag_suffix }}
        docker tag siibra-api-tmp-img ${NEW_TAG}
        
        echo "Login to docker registry"
        docker login \
          -u '${{ secrets.EBRAINS_DOCKER_REG_USER }}' \
          -p '${{ secrets.EBRAINS_DOCKER_REG_TOKEN }}' \
          docker-registry.ebrains.eu
        
        docker push $NEW_TAG

    - name: "Tag and Push (release)"
      if : ${{ (github.event_name == 'release') && !contains(github.ref, 'rc') }}
      run: |
      
        echo "Login to docker registry"
        docker login \
          -u '${{ secrets.EBRAINS_DOCKER_REG_USER }}' \
          -p '${{ secrets.EBRAINS_DOCKER_REG_TOKEN }}' \
          docker-registry.ebrains.eu
        
        VERSION=$(cat api/VERSION)
        while [[ "$VERSION" == *"."* ]]
        do
          if [[ "$BREAK" == "0" ]]
          then
            echo "Fuse broke!"
            exit 1
          fi
          VERSIONED_DOCKERTAG=${{ env.DOCKER_REGISTRY }}${{ env.DOCKER_IMG }}:${VERSION}${{ matrix.tag_suffix }}
          echo "tagging and pushing $VERSIONED_DOCKERTAG"
          docker tag siibra-api-tmp-img $VERSIONED_DOCKERTAG
          docker push $VERSIONED_DOCKERTAG

          echo "Push successful... Incrementing version & break"
          VERSION=$(echo $VERSION | sed -e 's/\.\w*$//g')
          BREAK=$(( "$BREAK" - 1 ))
        done
        echo "Done"

  setup-envvar:
    runs-on: ubuntu-latest
    outputs:
      queues: ${{ steps.set-env-var.outputs.queues }}
      version: ${{ steps.set-env-var.outputs.version }}
    needs: build-docker-img
    steps:
    - uses: actions/checkout@v4
    - uses: actions/setup-python@v5
      with:
        python-version: '3.10'
    - name: 'Setting env var'
      id: set-env-var
      run: |
        queues=$(python -c 'import api.siibra_api_config as cfg; print(" ".join([f"{q!r}" for q in cfg.queues]))') >> "$GITHUB_OUTPUT"
        version=$(python -c 'import api.siibra_api_config as cfg; print(cfg.__version__)') >> "$GITHUB_OUTPUT"
        
        if [[ -z "$version" ]]
        then
          echo "Version population failed: $version"
          exit 1
        fi
        if [[ -z "$queues" ]]
        then
          echo "Queues population failed: $queues"
          exit 1
        fi
        
        echo queues=$queues >> $GITHUB_OUTPUT
        echo version=$version >> $GITHUB_OUTPUT

  deploy-latest-on-okd:
    needs: setup-envvar
    if: ${{ github.event_name == 'push' }}

    uses: ./.github/workflows/deploy-on-okd.yml
    with:
      okd_endpoint: https://okd-dev.hbp.eu:443
      flavor: latest
      queues: ${{ needs.setup-envvar.outputs.queues }}
      version: ${{ needs.setup-envvar.outputs.version }}
      workerimage: docker-registry.ebrains.eu/siibra/siibra-api:latest-worker
    secrets:
      okd_token: ${{ secrets.OKD_DEV_SECRET }}

  deploy-rc-on-okd:
    needs: setup-envvar
    if:  ${{ github.event_name == 'release' && contains(github.ref, 'rc') }}
    
    uses: ./.github/workflows/deploy-on-okd.yml
    with:
      okd_endpoint: https://okd.hbp.eu:443
      flavor: rc
      queues: ${{ needs.setup-envvar.outputs.queues }}
      version: ${{ needs.setup-envvar.outputs.version }}
      workerimage: docker-registry.ebrains.eu/siibra/siibra-api:rc-worker
    secrets:
      okd_token: ${{ secrets.OKD_PROD_SECRET }}
  
  deploy-rc-on-data-validation:
    needs:
    - build-docker-img
    if: ${{ github.event_name == 'push' }}
    runs-on: siibra-data-validation
    steps:
    - run: |
        /bin/bash -c "cd /softwares/software && ./restart.sh"

  deploy-prod-on-okd:
    needs: setup-envvar
    if:  ${{ github.event_name == 'release' && !contains(github.ref, 'rc') }}
    strategy:
      fail-fast: false
      matrix:
        deploy-site: ['jsc', 'cscs']
        include:
        - deploy-site: 'jsc'
          okd-endpoint: https://okd.jsc.hbp.eu:443

        - deploy-site: 'cscs'
          okd-endpoint: https://okd.hbp.eu:443
          
    uses: ./.github/workflows/deploy-on-okd.yml
    with:
      okd_endpoint: ${{ matrix.okd-endpoint }}
      flavor: stable
      queues: ${{ needs.setup-envvar.outputs.queues }}
      version: ${{ needs.setup-envvar.outputs.version }}
      workerimage: docker-registry.ebrains.eu/siibra/siibra-api:0.3-worker
    secrets:
      okd_token: ${{ matrix.deploy-site == 'jsc' && secrets.OKD_JSC_SECRET || secrets.OKD_PROD_SECRET }}


  # rc
  warmup-rc-at-helm:
    needs: setup-envvar
    if:  ${{ github.event_name == 'release' && contains(github.ref, 'rc') }}
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - uses: ./.github/workflows/composite-set-k8s-cred
      with:
        secrets: ${{ secrets.KUBECONFIG }}
    - timeout-minutes: 15 # should not take more than 15 minutes to warmup cache
      run: |
        # Delete pod at the beginning of the workflow
        # This is so that logs can be inspected
        kubectl delete pod/warmup-pod || echo "Pod pod/warmup-pod not found." 

        # TODO Flaky
        # see .helm/siibra-api/templates/_helpers.tpl how siibra-api.cache-dir is defined

        WARM_CACHE_YML=$(SIIBRA_CACHEDIR=/siibra-api-volume/${{ needs.setup-envvar.outputs.version }}-rc/ envsubst < .helm/adhoc/warm-cache.yaml)
        echo -e "WARM_CACHE_YML: \n$WARM_CACHE_YML"

        echo "$WARM_CACHE_YML" | kubectl apply -f -
        
        while true
        do
          sleep 10
          POD_PHASE=$(kubectl get pod warmup-pod -o json | jq -r '.status.phase')

          echo Possible phases: Pending, Running, Succeeded, Failed, Unknown
          echo Found phase: $POD_PHASE

          if [[ "$POD_PHASE" == "Failed" ]] || [[ "$POD_PHASE" == "Unknown" ]]
          then
            exit 1
          fi

          if [[ "$POD_PHASE" == "Succeeded" ]]
          then
            exit 0
          fi
        done
  
  clear-rc-redis-cache:
    runs-on: ubuntu-latest
    timeout-minutes: 1 # should not take more than 1 minute to clear the cache
    needs:
    - warmup-rc-at-helm
    - setup-envvar
    steps:
    - uses: actions/checkout@v4
    - uses: ./.github/workflows/composite-set-k8s-cred
      with:
        secrets: ${{ secrets.KUBECONFIG }}
    - run: |
        REDIS_POD=$(kubectl get pod -l app=cache-redis | grep Running | awk '{print $1}')
        echo kubectl exec $REDIS_POD -- /bin/ash -c 'redis-cli --scan --pattern "*\[${{ needs.setup-envvar.outputs.version }}\]*" | while IFS= read -r line; do redis-cli del "$line"; done'
        kubectl exec $REDIS_POD -- /bin/ash -c 'redis-cli --scan --pattern "*\[${{ needs.setup-envvar.outputs.version }}\]*" | while IFS= read -r line; do redis-cli del "$line"; done'

  deploy-rc-via-helm:
    needs: warmup-rc-at-helm
    if:  ${{ github.event_name == 'release' && contains(github.ref, 'rc') }}
    uses: ./.github/workflows/deploy-helm.yml
    with:
      DEPLOYMENT_NAME: rc
    secrets:
      KUBECONFIG: ${{ secrets.KUBECONFIG }}
  
  # prod
  copy-by-helm:
    needs: setup-envvar
    if:  ${{ github.event_name == 'release' && !contains(github.ref, 'rc') }}
    runs-on: ubuntu-latest
    timeout-minutes: 15 # should not take more than 15 minutes to copy cache
    steps:
    - uses: actions/checkout@v4
    - uses: ./.github/workflows/composite-set-k8s-cred
      with:
        secrets: ${{ secrets.KUBECONFIG }}
    - name: 'set FROM_DIR TO_DIR'
      run: |
        VERSION=${{ needs.setup-envvar.outputs.version }}

        # TODO use label exclusively in the future
        POD=$(kubectl get pod -l role=server | grep rc-siibra-api | awk '{print $1}')
        echo POD: $POD

        cache_str=$(kubectl exec $POD env | grep SIIBRA_CACHEDIR)
        FROM_DIR=${cache_str//SIIBRA_CACHEDIR=/}
        TO_DIR=${FROM_DIR//-rc/}
        POD_NAME=copy-cache

        echo FROM_DIR: $FROM_DIR, TO_DIR: $TO_DIR, POD_NAME: $POD_NAME

        echo "FROM_DIR=$FROM_DIR" >> $GITHUB_ENV
        echo "TO_DIR=$TO_DIR" >> $GITHUB_ENV
        echo "POD_NAME=$POD_NAME" >> $GITHUB_ENV

    - name: 'start container'
      run: |
        # delete pod before workflow, so that logs can be inspected
        kubectl delete pod/$POD_NAME || echo "Pod pod/$POD_NAME not found." 
        FROM_DIR=$FROM_DIR TO_DIR=$TO_DIR envsubst < .helm/adhoc/copy-cache.yaml | kubectl apply -f -
    - name: 'Ensure copy completes'
      run: |
        while true
        do
          sleep 10
          POD_PHASE=$(kubectl get pod $POD_NAME -o json | jq -r '.status.phase')

          echo Possible phases: Pending, Running, Succeeded, Failed, Unknown
          echo Found phase: $POD_PHASE

          if [[ "$POD_PHASE" == "Failed" ]] || [[ "$POD_PHASE" == "Unknown" ]]
          then
            exit 1
          fi

          if [[ "$POD_PHASE" == "Succeeded" ]]
          then
            exit 0
          fi
        done

  deploy-prod-via-helm:
    needs: copy-by-helm
    if:  ${{ github.event_name == 'release' && !contains(github.ref, 'rc') }}
    uses: ./.github/workflows/deploy-helm.yml
    with:
      DEPLOYMENT_NAME: prod
    secrets:
      KUBECONFIG: ${{ secrets.KUBECONFIG }}