Skip to content

AWS infra components and automations for web UI image deployment KANBAN-583 #502

AWS infra components and automations for web UI image deployment KANBAN-583

AWS infra components and automations for web UI image deployment KANBAN-583 #502

Workflow file for this run

name: PR validation
on:
pull_request:
types: [synchronize, opened, reopened, edited, labeled, unlabeled]
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
container-build-context:
name: define container image build context variables
runs-on: ubuntu-22.04
outputs:
tagname: ${{ steps.store_tagname.outputs.tagname }}
steps:
- name: Store image tag in env
id: store_tagname
shell: bash
run: |
echo "tagname=PR-${{ github.event.pull_request.number }}-validation" >> $GITHUB_OUTPUT
pipeline-seq-retrieval-update-dependency-lock-files:
name: pipeline/seq_retrieval update and upload dependency lock file
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./pipeline/seq_retrieval/
steps:
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/seq_retrieval/
- name: Update lock files
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }}
shell: bash
run: |
make pip-tools update-deps-lock update-test-deps-lock
- name: Upload updated (main) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: pipeline_seq_retrieval_deps_lock
path: pipeline/seq_retrieval/requirements.txt
if-no-files-found: error
- name: Upload updated (test) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: pipeline_seq_retrieval_tests_deps_lock
path: pipeline/seq_retrieval/tests/requirements.txt
if-no-files-found: error
api-update-dependency-lock-files:
name: api update and upload dependency lock file
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./api/
steps:
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
api/
- name: Update lock files
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }}
shell: bash
run: |
make pip-tools update-deps-lock update-test-deps-lock
- name: Upload updated (main) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: api_deps_lock
path: api/requirements.txt
if-no-files-found: error
- name: Upload updated (test) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: api_tests_deps_lock
path: api/tests/requirements.txt
if-no-files-found: error
webui-update-dependency-lock-files:
name: webui update and upload dependency lock file
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./webui/
steps:
- uses: actions/setup-node@v4
with:
node-version: "20"
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
webui/
- name: Update lock files
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }}
shell: bash
run: |
make update-deps-lock
- name: Upload updated lock file as artifact
uses: actions/upload-artifact@v4
with:
name: webui_deps_lock
path: webui/package-lock.json
if-no-files-found: error
shared-aws-infra-update-dependency-lock-files:
name: shared_aws_infra update and upload dependency lock file
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./shared_aws_infra/
steps:
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
shared_aws_infra/
- name: Update lock files
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }}
shell: bash
run: |
make pip-tools update-deps-lock update-test-deps-lock
- name: Upload updated (main) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: shared_aws_infra_deps_lock
path: shared_aws_infra/requirements.txt
if-no-files-found: error
- name: Upload updated (test) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: shared_aws_infra_test_deps_lock
path: shared_aws_infra/tests/requirements.txt
if-no-files-found: error
shared-aws-infra-code-checks:
name: shared_aws_infra code checks
needs:
- shared-aws-infra-update-dependency-lock-files
runs-on: ubuntu-22.04
defaults:
run:
working-directory: ./shared_aws_infra
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
shared_aws_infra/
- name: Download updated shared_aws_infra (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: shared_aws_infra_deps_lock
path: shared_aws_infra
- name: Download updated shared_aws_infra (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: shared_aws_infra_test_deps_lock
path: shared_aws_infra/tests
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Code typing test
run: |
make run-type-checks
- name: Code style test
run: |
make run-style-checks
- name: Unit tests
run: make run-unit-tests
shared-aws-infra-package-build:
name: shared_aws_infra python package build
needs:
- shared-aws-infra-code-checks
runs-on: ubuntu-22.04
defaults:
run:
working-directory: ./shared_aws_infra
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
shared_aws_infra/
- name: Download updated shared_aws_infra (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: shared_aws_infra_deps_lock
path: shared_aws_infra
- name: Download updated shared_aws_infra (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: shared_aws_infra_test_deps_lock
path: shared_aws_infra/tests
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Build package
run: |
make build
- name: Upload package as artifact
uses: actions/upload-artifact@v4
with:
name: shared_aws_infra_package
path: shared_aws_infra/dist/pavi_shared_aws_infra-0.0.0-py3-none-any.whl
pipeline-aws-infra-update-dependency-lock-files:
name: pipeline/aws_infra update and upload dependency lock file
needs:
- shared-aws-infra-package-build
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./pipeline/aws_infra/
steps:
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/aws_infra/
- name: Download shared AWS infra package
uses: actions/download-artifact@v4
with:
name: shared_aws_infra_package
path: /tmp/
- name: Update lock files
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }}
shell: bash
run: |
make pip-tools update-deps-lock update-test-deps-lock
- name: Upload updated (main) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: pipeline_aws_infra_deps_lock
path: pipeline/aws_infra/requirements.txt
if-no-files-found: error
- name: Upload updated (test) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: pipeline_aws_infra_tests_deps_lock
path: pipeline/aws_infra/tests/requirements.txt
if-no-files-found: error
api-aws-infra-update-dependency-lock-files:
name: api/aws_infra update and upload dependency lock file
needs:
- shared-aws-infra-package-build
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./api/aws_infra/
steps:
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
api/aws_infra/
- name: Download shared AWS infra package
uses: actions/download-artifact@v4
with:
name: shared_aws_infra_package
path: /tmp/
- name: Update lock files
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }}
shell: bash
run: |
make pip-tools update-deps-lock update-test-deps-lock
- name: Upload updated (main) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: api_aws_infra_deps_lock
path: api/aws_infra/requirements.txt
if-no-files-found: error
- name: Upload updated (test) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: api_aws_infra_tests_deps_lock
path: api/aws_infra/tests/requirements.txt
if-no-files-found: error
webui-aws-infra-update-dependency-lock-files:
name: webui/aws_infra update and upload dependency lock file
needs:
- shared-aws-infra-package-build
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./webui/aws_infra/
steps:
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
webui/aws_infra/
- name: Download shared AWS infra package
uses: actions/download-artifact@v4
with:
name: shared_aws_infra_package
path: /tmp/
- name: Update lock files
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }}
shell: bash
run: |
make pip-tools update-deps-lock update-test-deps-lock
- name: Upload updated (main) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: webui_aws_infra_deps_lock
path: webui/aws_infra/requirements.txt
if-no-files-found: error
- name: Upload updated (test) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: webui_aws_infra_tests_deps_lock
path: webui/aws_infra/tests/requirements.txt
if-no-files-found: error
pipeline-seq-retrieval-container-image-build:
name: pipeline/seq_retrieval container-image build
needs:
- container-build-context
- pipeline-seq-retrieval-update-dependency-lock-files
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-22.04
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/seq_retrieval/
- name: Download updated seq_retrieval (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_seq_retrieval_deps_lock
path: pipeline/seq_retrieval
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# This step will configure environment variables to be used by all steps
# involving AWS interaction further down
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GH_ACTIONS_AWS_ROLE }}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-seq-retrieval-image-upload
aws-region: us-east-1
- name: Amazon ECR login
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build container image
uses: docker/build-push-action@v5
with:
context: ./pipeline/seq_retrieval/
push: false
tags: agr_pavi/pipeline_seq_retrieval:latest
outputs: type=docker,dest=/tmp/pavi_seq_retrieval_docker_image.tar
- name: Upload image as artifact (share between jobs)
uses: actions/upload-artifact@v4
with:
name: seq_retrieval_image
path: /tmp/pavi_seq_retrieval_docker_image.tar
- name: Load, tag and push image to registry
run: |
docker load --input /tmp/pavi_seq_retrieval_docker_image.tar
docker tag agr_pavi/pipeline_seq_retrieval:latest ${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_seq_retrieval:${{needs.container-build-context.outputs.tagname}}
docker push ${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_seq_retrieval:${{needs.container-build-context.outputs.tagname}}
pipeline-seq-retrieval-code-checks:
name: pipeline/seq_retrieval code checks
needs:
- pipeline-seq-retrieval-update-dependency-lock-files
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./pipeline/seq_retrieval/
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/seq_retrieval/
- name: Download updated seq_retrieval (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_seq_retrieval_deps_lock
path: pipeline/seq_retrieval
- name: Download updated seq_retrieval (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_seq_retrieval_tests_deps_lock
path: pipeline/seq_retrieval/tests
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Code typing test
run: |
make run-type-checks
- name: Code style test
run: |
make run-style-checks
- name: Run unit tests
run: |
make run-unit-tests
pipeline-alignment-container-image-build:
name: pipeline/alignment container-image build
needs:
- container-build-context
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-22.04
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/alignment/
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# This step will configure environment variables to be used by all steps
# involving AWS interaction further down
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GH_ACTIONS_AWS_ROLE }}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-alignment-image-upload
aws-region: us-east-1
- name: Amazon ECR login
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build container image
uses: docker/build-push-action@v5
with:
context: ./pipeline/alignment/
push: false
tags: agr_pavi/pipeline_alignment:latest
outputs: type=docker,dest=/tmp/pavi_alignment_docker_image.tar
- name: Upload image as artifact (share between jobs)
uses: actions/upload-artifact@v4
with:
name: alignment_image
path: /tmp/pavi_alignment_docker_image.tar
- name: Load, tag and push image to registry
run: |
docker load --input /tmp/pavi_alignment_docker_image.tar
docker tag agr_pavi/pipeline_alignment:latest ${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_alignment:${{needs.container-build-context.outputs.tagname}}
docker push ${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_alignment:${{needs.container-build-context.outputs.tagname}}
pipeline-alignment-unit-testing:
name: pipeline/alignment unit testing
needs:
- pipeline-alignment-container-image-build
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./pipeline/alignment/
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/alignment/
- name: Download alignment image artifact (from previous job)
uses: actions/download-artifact@v4
with:
name: alignment_image
path: /tmp
- name: Load alignment Docker image
run: |
docker load --input /tmp/pavi_alignment_docker_image.tar
- name: Run unit test
run: |
make run-unit-tests
pipeline-workflow-integration-testing:
name: pipeline/workflow integration testing
needs:
- container-build-context
- pipeline-seq-retrieval-container-image-build
- pipeline-alignment-container-image-build
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./pipeline/workflow/
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/workflow/
tests/resources/
- name: Download seq_retrieval image artifact (from previous job)
uses: actions/download-artifact@v4
with:
name: seq_retrieval_image
path: /tmp
- name: Download alignment image artifact (from previous job)
uses: actions/download-artifact@v4
with:
name: alignment_image
path: /tmp
- name: Load seq_retrieval Docker image
run: |
docker load --input /tmp/pavi_seq_retrieval_docker_image.tar
- name: Load alignment Docker image
run: |
docker load --input /tmp/pavi_alignment_docker_image.tar
- name: Run local integration test
run: |
make run-integration-test-local
# This step will configure environment variables to be used by all steps
# involving AWS interaction further down
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GH_ACTIONS_AWS_ROLE }}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-workflow-aws-test
aws-region: us-east-1
- name: Run AWS integration test
run: |
make run-integration-test-aws TAG_NAME=${{needs.container-build-context.outputs.tagname}}
pipeline-aws-infra-code-checks:
name: pipeline/aws_infra code checks
needs:
- pipeline-aws-infra-update-dependency-lock-files
- shared-aws-infra-package-build
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-22.04
defaults:
run:
working-directory: ./pipeline/aws_infra
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/aws_infra/
- name: Download updated pipeline/aws_infra (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_aws_infra_deps_lock
path: pipeline/aws_infra
- name: Download updated aws_infra (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_aws_infra_tests_deps_lock
path: pipeline/aws_infra/tests
- name: Download shared AWS infra package
uses: actions/download-artifact@v4
with:
name: shared_aws_infra_package
path: /tmp/
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Code typing test
run: |
make run-type-checks
- name: Code style test
run: |
make run-style-checks
- name: Setup node.js (CDK requirement)
uses: actions/setup-node@v4
with:
node-version: "18"
- name: Install CDK CLI
run: npm install -g aws-cdk
- name: Install CDK stack dependencies
run: pip install -r requirements.txt
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-cdk-test
aws-region: us-east-1
- name: Validate production CDK stack code
run: make validate
api-code-checks:
name: API code checks
needs:
- api-update-dependency-lock-files
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./api/
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
api/
- name: Download updated api (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_deps_lock
path: api
- name: Download updated api (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_tests_deps_lock
path: api/tests
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Code typing test
run: |
make run-type-checks
- name: Code style test
run: |
make run-style-checks
api-container-image-build:
name: API container-image build
needs:
- api-update-dependency-lock-files
runs-on: ubuntu-22.04
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download updated api (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_deps_lock
path: api
- name: Download updated api (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_tests_deps_lock
path: api/tests
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build container image
uses: docker/build-push-action@v5
with:
context: ./
file: api/Dockerfile
push: false
tags: agr_pavi/api:latest
outputs: type=docker,dest=/tmp/pavi_api_docker_image.tar
- name: Upload image as artifact (share between jobs)
uses: actions/upload-artifact@v4
with:
name: api_image
path: /tmp/pavi_api_docker_image.tar
api-unit-integration-testing:
name: API unit and integration testing
needs:
- api-update-dependency-lock-files
- pipeline-seq-retrieval-container-image-build
- pipeline-alignment-container-image-build
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./api/
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download updated api (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_deps_lock
path: api
- name: Download updated api (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_tests_deps_lock
path: api/tests
- name: Download seq_retrieval image artifact (from previous job)
uses: actions/download-artifact@v4
with:
name: seq_retrieval_image
path: /tmp
- name: Download alignment image artifact (from previous job)
uses: actions/download-artifact@v4
with:
name: alignment_image
path: /tmp
- name: Load seq_retrieval Docker image
run: |
docker load --input /tmp/pavi_seq_retrieval_docker_image.tar
- name: Load alignment Docker image
run: |
docker load --input /tmp/pavi_alignment_docker_image.tar
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Run unit and integration tests
run: |
make run-tests
api-container-integration-testing:
name: API container integration testing (AWS batch execution)
needs:
- container-build-context
- pipeline-seq-retrieval-container-image-build
- pipeline-alignment-container-image-build
- api-container-image-build
- api-update-dependency-lock-files
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./api/
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
api/
tests/resources/
- name: Download updated api (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_deps_lock
path: api
- name: Download updated api (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_tests_deps_lock
path: api/tests
- name: Download API image artifact (from previous job)
uses: actions/download-artifact@v4
with:
name: api_image
path: /tmp
- name: Load API Docker image
run: |
docker load --input /tmp/pavi_api_docker_image.tar
- uses: actions/setup-python@v5
with:
python-version: '3.12'
# This step will configure environment variables to be used by all steps
# involving AWS interaction further down
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GH_ACTIONS_AWS_ROLE }}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-api-aws-test
aws-region: us-east-1
- name: Run container integration test (AWS execution)
run: |
make run-integration-test-container TAG_NAME=${{needs.container-build-context.outputs.tagname}}
api-aws-infra-code-checks:
name: api/aws_infra code checks
needs:
- api-aws-infra-update-dependency-lock-files
- shared-aws-infra-package-build
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-22.04
defaults:
run:
working-directory: ./api/aws_infra
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
api/aws_infra/
- name: Download updated api/aws_infra (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_aws_infra_deps_lock
path: api/aws_infra
- name: Download updated api/aws_infra (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_aws_infra_tests_deps_lock
path: api/aws_infra/tests
- name: Download shared AWS infra package
uses: actions/download-artifact@v4
with:
name: shared_aws_infra_package
path: /tmp/
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Code typing test
run: |
make run-type-checks
- name: Code style test
run: |
make run-style-checks
- name: Setup node.js (CDK requirement)
uses: actions/setup-node@v4
with:
node-version: "18"
- name: Install CDK CLI
run: npm install -g aws-cdk
- name: Install CDK stack dependencies
run: pip install -r requirements.txt
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-cdk-test
aws-region: us-east-1
- name: Validate production CDK stack code
run: make validate-all
webui-aws-infra-code-checks:
name: webui/aws_infra code checks
needs:
- webui-aws-infra-update-dependency-lock-files
- shared-aws-infra-package-build
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-22.04
defaults:
run:
working-directory: ./webui/aws_infra
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
webui/aws_infra/
- name: Download updated webui/aws_infra (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: webui_aws_infra_deps_lock
path: webui/aws_infra
- name: Download updated webui/aws_infra (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: webui_aws_infra_tests_deps_lock
path: webui/aws_infra/tests
- name: Download shared AWS infra package
uses: actions/download-artifact@v4
with:
name: shared_aws_infra_package
path: /tmp/
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Code typing test
run: |
make run-type-checks
- name: Code style test
run: |
make run-style-checks
- name: Setup node.js (CDK requirement)
uses: actions/setup-node@v4
with:
node-version: "18"
- name: Install CDK CLI
run: npm install -g aws-cdk
- name: Install CDK stack dependencies
run: pip install -r requirements.txt
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-cdk-test
aws-region: us-east-1
- name: Validate production CDK stack code
run: make validate-all
webui-code-checks:
name: webUI code checks
needs:
- webui-update-dependency-lock-files
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./webui/
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
webui/
- name: Download updated webui dependencies lock file
uses: actions/download-artifact@v4
with:
name: webui_deps_lock
path: webui
- uses: actions/setup-node@v4
with:
node-version: "20"
- name: Code typing test
run: |
make run-type-checks
- name: Code style test
run: |
make run-style-checks
webui-container-image-build:
name: webUI container-image build
needs:
- webui-update-dependency-lock-files
runs-on: ubuntu-22.04
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download updated webui dependencies lock file
uses: actions/download-artifact@v4
with:
name: webui_deps_lock
path: webui
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build container image
uses: docker/build-push-action@v5
with:
context: ./webui/
file: webui/Dockerfile
push: false
tags: agr_pavi/webui:latest
outputs: type=docker,dest=/tmp/pavi_webui_docker_image.tar
commit-deps-lock-updates:
#TODO: Moving the commit from before to after merge to prevent need for repetitive forced reruns of PR-validation.
# * Convert this job into job that tars up all updated dependency files and uploads them as a single artifact.
# * The new artifact should then be downloaded, unpacked and committed in the main-build-and-deploy workflow.
# * PR validation should get an additional job that reports in the open PR if dependency files have been updated,
# with a link to the updated files or summary report to enable inspection before merge (download and report git diff?).
runs-on: ubuntu-22.04
#Only commit updated lock files on successfull validation (to prevent PR cluttering)
needs:
- shared-aws-infra-update-dependency-lock-files
- shared-aws-infra-package-build
- api-aws-infra-update-dependency-lock-files
- api-aws-infra-code-checks
- pipeline-aws-infra-update-dependency-lock-files
- pipeline-aws-infra-code-checks
- webui-aws-infra-update-dependency-lock-files
- webui-aws-infra-code-checks
- api-update-dependency-lock-files
- api-container-integration-testing
- api-unit-integration-testing
- api-code-checks
- pipeline-seq-retrieval-update-dependency-lock-files
- pipeline-seq-retrieval-code-checks
- pipeline-workflow-integration-testing
- webui-update-dependency-lock-files
- webui-code-checks
- webui-container-image-build
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- name: Download updated seq_retrieval (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_seq_retrieval_deps_lock
path: pipeline/seq_retrieval
- name: Download updated seq_retrieval (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_seq_retrieval_tests_deps_lock
path: pipeline/seq_retrieval/tests
- name: Download updated api (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_deps_lock
path: api
- name: Download updated api (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_tests_deps_lock
path: api/tests
- name: Download updated pipeline/aws_infra (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_aws_infra_deps_lock
path: pipeline/aws_infra
- name: Download updated pipeline/aws_infra (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_aws_infra_tests_deps_lock
path: pipeline/aws_infra/tests
- name: Download updated shared_aws_infra (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: shared_aws_infra_deps_lock
path: shared_aws_infra
- name: Download updated shared_aws_infra (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: shared_aws_infra_test_deps_lock
path: shared_aws_infra/tests
- name: Download updated api/aws_infra (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_aws_infra_deps_lock
path: api/aws_infra
- name: Download updated api/aws_infra (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_aws_infra_tests_deps_lock
path: api/aws_infra/tests
- name: Download updated webui/aws_infra (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: webui_aws_infra_deps_lock
path: webui/aws_infra
- name: Download updated webui/aws_infra (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: webui_aws_infra_tests_deps_lock
path: webui/aws_infra/tests
- name: Download updated webui dependencies lock file
uses: actions/download-artifact@v4
with:
name: webui_deps_lock
path: webui
# Commit all shared_aws_infra dependency lock files back to the open PR
# (independent commit required to pin hash representing the package)
- uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: Auto-updated pavi_shared_aws_infra deps lock files
file_pattern: 'shared_aws_infra/requirements.txt shared_aws_infra/tests/requirements.txt'
disable_globbing: true
# Build pavi_shared_aws_infra package (to ensure hash includes latest commit date)
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Build and install the pavi_shared_aws_infra package
working-directory: shared_aws_infra/
run: |
make clean build install
- name: Update pavi_shared_aws_infra dependencies
run: |
make -C api/aws_infra/ pip-tools update-deps-lock-shared-aws-infra-only update-test-deps-lock-shared-aws-infra-only
make -C pipeline/aws_infra/ pip-tools update-deps-lock-shared-aws-infra-only update-test-deps-lock-shared-aws-infra-only
make -C webui/aws_infra/ pip-tools update-deps-lock-shared-aws-infra-only update-test-deps-lock-shared-aws-infra-only
# Commit all remaining changed dependency lock files back to the open PR
- uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: Auto-updated deps lock files
file_pattern: '*requirements.txt *package-lock.json'
disable_globbing: true