AWS infra components and automations for web UI image deployment KANBAN-583 #504
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR validation | |
on: | |
pull_request: | |
types: [synchronize, opened, reopened, edited, labeled, unlabeled] | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number }} | |
cancel-in-progress: true | |
jobs: | |
container-build-context: | |
name: define container image build context variables | |
runs-on: ubuntu-22.04 | |
outputs: | |
tagname: ${{ steps.store_tagname.outputs.tagname }} | |
steps: | |
- name: Store image tag in env | |
id: store_tagname | |
shell: bash | |
run: | | |
echo "tagname=PR-${{ github.event.pull_request.number }}-validation" >> $GITHUB_OUTPUT | |
pipeline-seq-retrieval-update-dependency-lock-files: | |
name: pipeline/seq_retrieval update and upload dependency lock file | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./pipeline/seq_retrieval/ | |
steps: | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
pipeline/seq_retrieval/ | |
- name: Update lock files | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }} | |
shell: bash | |
run: | | |
make pip-tools update-deps-lock update-test-deps-lock | |
- name: Upload updated (main) lock file as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: pipeline_seq_retrieval_deps_lock | |
path: pipeline/seq_retrieval/requirements.txt | |
if-no-files-found: error | |
- name: Upload updated (test) lock file as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: pipeline_seq_retrieval_tests_deps_lock | |
path: pipeline/seq_retrieval/tests/requirements.txt | |
if-no-files-found: error | |
api-update-dependency-lock-files: | |
name: api update and upload dependency lock file | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./api/ | |
steps: | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
api/ | |
- name: Update lock files | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }} | |
shell: bash | |
run: | | |
make pip-tools update-deps-lock update-test-deps-lock | |
- name: Upload updated (main) lock file as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: api_deps_lock | |
path: api/requirements.txt | |
if-no-files-found: error | |
- name: Upload updated (test) lock file as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: api_tests_deps_lock | |
path: api/tests/requirements.txt | |
if-no-files-found: error | |
webui-update-dependency-lock-files: | |
name: webui update and upload dependency lock file | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./webui/ | |
steps: | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "20" | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
webui/ | |
- name: Update lock files | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }} | |
shell: bash | |
run: | | |
make update-deps-lock | |
- name: Upload updated lock file as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: webui_deps_lock | |
path: webui/package-lock.json | |
if-no-files-found: error | |
shared-aws-infra-update-dependency-lock-files: | |
name: shared_aws_infra update and upload dependency lock file | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./shared_aws_infra/ | |
steps: | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
shared_aws_infra/ | |
- name: Update lock files | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }} | |
shell: bash | |
run: | | |
make pip-tools update-deps-lock update-test-deps-lock | |
- name: Upload updated (main) lock file as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: shared_aws_infra_deps_lock | |
path: shared_aws_infra/requirements.txt | |
if-no-files-found: error | |
- name: Upload updated (test) lock file as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: shared_aws_infra_test_deps_lock | |
path: shared_aws_infra/tests/requirements.txt | |
if-no-files-found: error | |
shared-aws-infra-code-checks: | |
name: shared_aws_infra code checks | |
needs: | |
- shared-aws-infra-update-dependency-lock-files | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: ./shared_aws_infra | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
shared_aws_infra/ | |
- name: Download updated shared_aws_infra (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_deps_lock | |
path: shared_aws_infra | |
- name: Download updated shared_aws_infra (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_test_deps_lock | |
path: shared_aws_infra/tests | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Code typing test | |
run: | | |
make run-type-checks | |
- name: Code style test | |
run: | | |
make run-style-checks | |
- name: Unit tests | |
run: make run-unit-tests | |
shared-aws-infra-package-build: | |
name: shared_aws_infra python package build | |
needs: | |
- shared-aws-infra-code-checks | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: ./shared_aws_infra | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
shared_aws_infra/ | |
- name: Download updated shared_aws_infra (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_deps_lock | |
path: shared_aws_infra | |
- name: Download updated shared_aws_infra (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_test_deps_lock | |
path: shared_aws_infra/tests | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Build package | |
run: | | |
make build | |
- name: Upload package as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: shared_aws_infra_package | |
path: shared_aws_infra/dist/pavi_shared_aws_infra-0.0.0-py3-none-any.whl | |
pipeline-aws-infra-update-dependency-lock-files: | |
name: pipeline/aws_infra update and upload dependency lock file | |
needs: | |
- shared-aws-infra-package-build | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./pipeline/aws_infra/ | |
steps: | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
pipeline/aws_infra/ | |
- name: Download shared AWS infra package | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_package | |
path: /tmp/ | |
- name: Update lock files | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }} | |
shell: bash | |
run: | | |
make pip-tools update-deps-lock update-test-deps-lock | |
- name: Upload updated (main) lock file as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: pipeline_aws_infra_deps_lock | |
path: pipeline/aws_infra/requirements.txt | |
if-no-files-found: error | |
- name: Upload updated (test) lock file as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: pipeline_aws_infra_tests_deps_lock | |
path: pipeline/aws_infra/tests/requirements.txt | |
if-no-files-found: error | |
api-aws-infra-update-dependency-lock-files: | |
name: api/aws_infra update and upload dependency lock file | |
needs: | |
- shared-aws-infra-package-build | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./api/aws_infra/ | |
steps: | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
api/aws_infra/ | |
- name: Download shared AWS infra package | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_package | |
path: /tmp/ | |
- name: Update lock files | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }} | |
shell: bash | |
run: | | |
make pip-tools update-deps-lock update-test-deps-lock | |
- name: Upload updated (main) lock file as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: api_aws_infra_deps_lock | |
path: api/aws_infra/requirements.txt | |
if-no-files-found: error | |
- name: Upload updated (test) lock file as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: api_aws_infra_tests_deps_lock | |
path: api/aws_infra/tests/requirements.txt | |
if-no-files-found: error | |
webui-aws-infra-update-dependency-lock-files: | |
name: webui/aws_infra update and upload dependency lock file | |
needs: | |
- shared-aws-infra-package-build | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./webui/aws_infra/ | |
steps: | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
webui/aws_infra/ | |
- name: Download shared AWS infra package | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_package | |
path: /tmp/ | |
- name: Update lock files | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }} | |
shell: bash | |
run: | | |
make pip-tools update-deps-lock update-test-deps-lock | |
- name: Upload updated (main) lock file as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: webui_aws_infra_deps_lock | |
path: webui/aws_infra/requirements.txt | |
if-no-files-found: error | |
- name: Upload updated (test) lock file as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: webui_aws_infra_tests_deps_lock | |
path: webui/aws_infra/tests/requirements.txt | |
if-no-files-found: error | |
pipeline-seq-retrieval-container-image-build: | |
name: pipeline/seq_retrieval container-image build | |
needs: | |
- container-build-context | |
- pipeline-seq-retrieval-update-dependency-lock-files | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
pipeline/seq_retrieval/ | |
- name: Download updated seq_retrieval (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: pipeline_seq_retrieval_deps_lock | |
path: pipeline/seq_retrieval | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
# This step will configure environment variables to be used by all steps | |
# involving AWS interaction further down | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.GH_ACTIONS_AWS_ROLE }} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-seq-retrieval-image-upload | |
aws-region: us-east-1 | |
- name: Amazon ECR login | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Build container image | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./pipeline/seq_retrieval/ | |
push: false | |
tags: agr_pavi/pipeline_seq_retrieval:latest | |
outputs: type=docker,dest=/tmp/pavi_seq_retrieval_docker_image.tar | |
- name: Upload image as artifact (share between jobs) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: seq_retrieval_image | |
path: /tmp/pavi_seq_retrieval_docker_image.tar | |
- name: Load, tag and push image to registry | |
run: | | |
docker load --input /tmp/pavi_seq_retrieval_docker_image.tar | |
docker tag agr_pavi/pipeline_seq_retrieval:latest ${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_seq_retrieval:${{needs.container-build-context.outputs.tagname}} | |
docker push ${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_seq_retrieval:${{needs.container-build-context.outputs.tagname}} | |
pipeline-seq-retrieval-code-checks: | |
name: pipeline/seq_retrieval code checks | |
needs: | |
- pipeline-seq-retrieval-update-dependency-lock-files | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./pipeline/seq_retrieval/ | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
pipeline/seq_retrieval/ | |
- name: Download updated seq_retrieval (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: pipeline_seq_retrieval_deps_lock | |
path: pipeline/seq_retrieval | |
- name: Download updated seq_retrieval (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: pipeline_seq_retrieval_tests_deps_lock | |
path: pipeline/seq_retrieval/tests | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Code typing test | |
run: | | |
make run-type-checks | |
- name: Code style test | |
run: | | |
make run-style-checks | |
- name: Run unit tests | |
run: | | |
make run-unit-tests | |
pipeline-alignment-container-image-build: | |
name: pipeline/alignment container-image build | |
needs: | |
- container-build-context | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
pipeline/alignment/ | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
# This step will configure environment variables to be used by all steps | |
# involving AWS interaction further down | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.GH_ACTIONS_AWS_ROLE }} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-alignment-image-upload | |
aws-region: us-east-1 | |
- name: Amazon ECR login | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Build container image | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./pipeline/alignment/ | |
push: false | |
tags: agr_pavi/pipeline_alignment:latest | |
outputs: type=docker,dest=/tmp/pavi_alignment_docker_image.tar | |
- name: Upload image as artifact (share between jobs) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: alignment_image | |
path: /tmp/pavi_alignment_docker_image.tar | |
- name: Load, tag and push image to registry | |
run: | | |
docker load --input /tmp/pavi_alignment_docker_image.tar | |
docker tag agr_pavi/pipeline_alignment:latest ${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_alignment:${{needs.container-build-context.outputs.tagname}} | |
docker push ${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_alignment:${{needs.container-build-context.outputs.tagname}} | |
pipeline-alignment-unit-testing: | |
name: pipeline/alignment unit testing | |
needs: | |
- pipeline-alignment-container-image-build | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./pipeline/alignment/ | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
pipeline/alignment/ | |
- name: Download alignment image artifact (from previous job) | |
uses: actions/download-artifact@v4 | |
with: | |
name: alignment_image | |
path: /tmp | |
- name: Load alignment Docker image | |
run: | | |
docker load --input /tmp/pavi_alignment_docker_image.tar | |
- name: Run unit test | |
run: | | |
make run-unit-tests | |
pipeline-workflow-integration-testing: | |
name: pipeline/workflow integration testing | |
needs: | |
- container-build-context | |
- pipeline-seq-retrieval-container-image-build | |
- pipeline-alignment-container-image-build | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./pipeline/workflow/ | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
pipeline/workflow/ | |
tests/resources/ | |
- name: Download seq_retrieval image artifact (from previous job) | |
uses: actions/download-artifact@v4 | |
with: | |
name: seq_retrieval_image | |
path: /tmp | |
- name: Download alignment image artifact (from previous job) | |
uses: actions/download-artifact@v4 | |
with: | |
name: alignment_image | |
path: /tmp | |
- name: Load seq_retrieval Docker image | |
run: | | |
docker load --input /tmp/pavi_seq_retrieval_docker_image.tar | |
- name: Load alignment Docker image | |
run: | | |
docker load --input /tmp/pavi_alignment_docker_image.tar | |
- name: Run local integration test | |
run: | | |
make run-integration-test-local | |
# This step will configure environment variables to be used by all steps | |
# involving AWS interaction further down | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.GH_ACTIONS_AWS_ROLE }} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-workflow-aws-test | |
aws-region: us-east-1 | |
- name: Run AWS integration test | |
run: | | |
make run-integration-test-aws TAG_NAME=${{needs.container-build-context.outputs.tagname}} | |
pipeline-aws-infra-code-checks: | |
name: pipeline/aws_infra code checks | |
needs: | |
- pipeline-aws-infra-update-dependency-lock-files | |
- shared-aws-infra-package-build | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: ./pipeline/aws_infra | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
pipeline/aws_infra/ | |
- name: Download updated pipeline/aws_infra (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: pipeline_aws_infra_deps_lock | |
path: pipeline/aws_infra | |
- name: Download updated aws_infra (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: pipeline_aws_infra_tests_deps_lock | |
path: pipeline/aws_infra/tests | |
- name: Download shared AWS infra package | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_package | |
path: /tmp/ | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Code typing test | |
run: | | |
make run-type-checks | |
- name: Code style test | |
run: | | |
make run-style-checks | |
- name: Setup node.js (CDK requirement) | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18" | |
- name: Install CDK CLI | |
run: npm install -g aws-cdk | |
- name: Install CDK stack dependencies | |
run: pip install -r requirements.txt | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-cdk-test | |
aws-region: us-east-1 | |
- name: Validate production CDK stack code | |
run: make validate | |
api-code-checks: | |
name: API code checks | |
needs: | |
- api-update-dependency-lock-files | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./api/ | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
api/ | |
- name: Download updated api (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_deps_lock | |
path: api | |
- name: Download updated api (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_tests_deps_lock | |
path: api/tests | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Code typing test | |
run: | | |
make run-type-checks | |
- name: Code style test | |
run: | | |
make run-style-checks | |
api-container-image-build: | |
name: API container-image build | |
needs: | |
- api-update-dependency-lock-files | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Download updated api (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_deps_lock | |
path: api | |
- name: Download updated api (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_tests_deps_lock | |
path: api/tests | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build container image | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./ | |
file: api/Dockerfile | |
push: false | |
tags: agr_pavi/api:latest | |
outputs: type=docker,dest=/tmp/pavi_api_docker_image.tar | |
- name: Upload image as artifact (share between jobs) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: api_image | |
path: /tmp/pavi_api_docker_image.tar | |
api-unit-integration-testing: | |
name: API unit and integration testing | |
needs: | |
- api-update-dependency-lock-files | |
- pipeline-seq-retrieval-container-image-build | |
- pipeline-alignment-container-image-build | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./api/ | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Download updated api (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_deps_lock | |
path: api | |
- name: Download updated api (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_tests_deps_lock | |
path: api/tests | |
- name: Download seq_retrieval image artifact (from previous job) | |
uses: actions/download-artifact@v4 | |
with: | |
name: seq_retrieval_image | |
path: /tmp | |
- name: Download alignment image artifact (from previous job) | |
uses: actions/download-artifact@v4 | |
with: | |
name: alignment_image | |
path: /tmp | |
- name: Load seq_retrieval Docker image | |
run: | | |
docker load --input /tmp/pavi_seq_retrieval_docker_image.tar | |
- name: Load alignment Docker image | |
run: | | |
docker load --input /tmp/pavi_alignment_docker_image.tar | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Run unit and integration tests | |
run: | | |
make run-tests | |
api-container-integration-testing: | |
name: API container integration testing (AWS batch execution) | |
needs: | |
- container-build-context | |
- pipeline-seq-retrieval-container-image-build | |
- pipeline-alignment-container-image-build | |
- api-container-image-build | |
- api-update-dependency-lock-files | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./api/ | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
api/ | |
tests/resources/ | |
- name: Download updated api (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_deps_lock | |
path: api | |
- name: Download updated api (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_tests_deps_lock | |
path: api/tests | |
- name: Download API image artifact (from previous job) | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_image | |
path: /tmp | |
- name: Load API Docker image | |
run: | | |
docker load --input /tmp/pavi_api_docker_image.tar | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
# This step will configure environment variables to be used by all steps | |
# involving AWS interaction further down | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.GH_ACTIONS_AWS_ROLE }} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-api-aws-test | |
aws-region: us-east-1 | |
- name: Run container integration test (AWS execution) | |
run: | | |
make run-integration-test-container TAG_NAME=${{needs.container-build-context.outputs.tagname}} | |
api-aws-infra-code-checks: | |
name: api/aws_infra code checks | |
needs: | |
- api-aws-infra-update-dependency-lock-files | |
- shared-aws-infra-package-build | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: ./api/aws_infra | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
api/aws_infra/ | |
- name: Download updated api/aws_infra (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_aws_infra_deps_lock | |
path: api/aws_infra | |
- name: Download updated api/aws_infra (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_aws_infra_tests_deps_lock | |
path: api/aws_infra/tests | |
- name: Download shared AWS infra package | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_package | |
path: /tmp/ | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Code typing test | |
run: | | |
make run-type-checks | |
- name: Code style test | |
run: | | |
make run-style-checks | |
- name: Setup node.js (CDK requirement) | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18" | |
- name: Install CDK CLI | |
run: npm install -g aws-cdk | |
- name: Install CDK stack dependencies | |
run: pip install -r requirements.txt | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-cdk-test | |
aws-region: us-east-1 | |
- name: Validate production CDK stack code | |
run: make validate-all | |
webui-aws-infra-code-checks: | |
name: webui/aws_infra code checks | |
needs: | |
- webui-aws-infra-update-dependency-lock-files | |
- shared-aws-infra-package-build | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: ./webui/aws_infra | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
webui/aws_infra/ | |
- name: Download updated webui/aws_infra (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: webui_aws_infra_deps_lock | |
path: webui/aws_infra | |
- name: Download updated webui/aws_infra (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: webui_aws_infra_tests_deps_lock | |
path: webui/aws_infra/tests | |
- name: Download shared AWS infra package | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_package | |
path: /tmp/ | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Code typing test | |
run: | | |
make run-type-checks | |
- name: Code style test | |
run: | | |
make run-style-checks | |
- name: Setup node.js (CDK requirement) | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18" | |
- name: Install CDK CLI | |
run: npm install -g aws-cdk | |
- name: Install CDK stack dependencies | |
run: pip install -r requirements.txt | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-cdk-test | |
aws-region: us-east-1 | |
- name: Validate production CDK stack code | |
run: make validate-all | |
webui-code-checks: | |
name: webUI code checks | |
needs: | |
- webui-update-dependency-lock-files | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./webui/ | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
sparse-checkout: | | |
webui/ | |
- name: Download updated webui dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: webui_deps_lock | |
path: webui | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "20" | |
- name: Code typing test | |
run: | | |
make run-type-checks | |
- name: Code style test | |
run: | | |
make run-style-checks | |
webui-container-image-build: | |
name: webUI container-image build | |
needs: | |
- webui-update-dependency-lock-files | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Download updated webui dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: webui_deps_lock | |
path: webui | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build container image | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./webui/ | |
file: webui/Dockerfile | |
push: false | |
tags: agr_pavi/webui:latest | |
outputs: type=docker,dest=/tmp/pavi_webui_docker_image.tar | |
commit-deps-lock-updates: | |
#TODO: Moving the commit from before to after merge to prevent need for repetitive forced reruns of PR-validation. | |
# * Convert this job into job that tars up all updated dependency files and uploads them as a single artifact. | |
# * The new artifact should then be downloaded, unpacked and committed in the main-build-and-deploy workflow. | |
# * PR validation should get an additional job that reports in the open PR if dependency files have been updated, | |
# with a link to the updated files or summary report to enable inspection before merge (download and report git diff?). | |
runs-on: ubuntu-22.04 | |
#Only commit updated lock files on successfull validation (to prevent PR cluttering) | |
needs: | |
- shared-aws-infra-update-dependency-lock-files | |
- shared-aws-infra-package-build | |
- api-aws-infra-update-dependency-lock-files | |
- api-aws-infra-code-checks | |
- pipeline-aws-infra-update-dependency-lock-files | |
- pipeline-aws-infra-code-checks | |
- webui-aws-infra-update-dependency-lock-files | |
- webui-aws-infra-code-checks | |
- api-update-dependency-lock-files | |
- api-container-integration-testing | |
- api-unit-integration-testing | |
- api-code-checks | |
- pipeline-seq-retrieval-update-dependency-lock-files | |
- pipeline-seq-retrieval-code-checks | |
- pipeline-workflow-integration-testing | |
- webui-update-dependency-lock-files | |
- webui-code-checks | |
- webui-container-image-build | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.head_ref }} | |
- name: Download updated seq_retrieval (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: pipeline_seq_retrieval_deps_lock | |
path: pipeline/seq_retrieval | |
- name: Download updated seq_retrieval (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: pipeline_seq_retrieval_tests_deps_lock | |
path: pipeline/seq_retrieval/tests | |
- name: Download updated api (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_deps_lock | |
path: api | |
- name: Download updated api (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_tests_deps_lock | |
path: api/tests | |
- name: Download updated pipeline/aws_infra (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: pipeline_aws_infra_deps_lock | |
path: pipeline/aws_infra | |
- name: Download updated pipeline/aws_infra (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: pipeline_aws_infra_tests_deps_lock | |
path: pipeline/aws_infra/tests | |
- name: Download updated shared_aws_infra (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_deps_lock | |
path: shared_aws_infra | |
- name: Download updated shared_aws_infra (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_test_deps_lock | |
path: shared_aws_infra/tests | |
- name: Download updated api/aws_infra (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_aws_infra_deps_lock | |
path: api/aws_infra | |
- name: Download updated api/aws_infra (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: api_aws_infra_tests_deps_lock | |
path: api/aws_infra/tests | |
- name: Download updated webui/aws_infra (main) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: webui_aws_infra_deps_lock | |
path: webui/aws_infra | |
- name: Download updated webui/aws_infra (test) dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: webui_aws_infra_tests_deps_lock | |
path: webui/aws_infra/tests | |
- name: Download updated webui dependencies lock file | |
uses: actions/download-artifact@v4 | |
with: | |
name: webui_deps_lock | |
path: webui | |
# Commit all shared_aws_infra dependency lock files back to the open PR | |
# (independent commit required to pin hash representing the package) | |
- uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_message: Auto-updated pavi_shared_aws_infra deps lock files | |
file_pattern: 'shared_aws_infra/requirements.txt shared_aws_infra/tests/requirements.txt' | |
disable_globbing: true | |
# Build pavi_shared_aws_infra package (to ensure hash includes latest commit date) | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Build and install the pavi_shared_aws_infra package | |
working-directory: shared_aws_infra/ | |
run: | | |
make clean build install | |
- name: Update pavi_shared_aws_infra dependencies | |
run: | | |
make -C api/aws_infra/ pip-tools update-deps-lock-shared-aws-infra-only update-test-deps-lock-shared-aws-infra-only | |
make -C pipeline/aws_infra/ pip-tools update-deps-lock-shared-aws-infra-only update-test-deps-lock-shared-aws-infra-only | |
make -C webui/aws_infra/ pip-tools update-deps-lock-shared-aws-infra-only update-test-deps-lock-shared-aws-infra-only | |
# Commit all remaining changed dependency lock files back to the open PR | |
- uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_message: Auto-updated deps lock files | |
file_pattern: '*requirements.txt *package-lock.json' | |
disable_globbing: true |