-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GH docker based reusable CI workflows. #993
Changes from all commits
5b9d135
e6a8c6b
68f1644
fdb73a2
4b340b8
3b75d4b
070714f
63851e2
80c7819
47f666a
d9eb1fd
f07cae0
ea91f6b
aca77bb
2c17b38
7f7f3dc
0923eb6
ae5c4a9
a7a92e5
bf0aae9
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
.gitignore |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
on: | ||
workflow_call: | ||
inputs: | ||
build-target: | ||
required: true | ||
type: string | ||
sha: | ||
required: true | ||
type: string | ||
|
||
jobs: | ||
build: | ||
name: "Build cunumeric (with ${{ inputs.build-target }} legate) on GH" | ||
uses: | ||
./.github/workflows/gh-build.yml | ||
with: | ||
build-target: ${{ inputs.build-target }} | ||
# Ref: https://docs.rapids.ai/resources/github-actions/#cpu-labels for `linux-amd64-cpu4` | ||
runs-on: ${{ github.repository_owner == 'nv-legate' && 'linux-amd64-cpu4' || 'ubuntu-latest' }} | ||
sha: ${{ inputs.sha }} | ||
|
||
cleanup: | ||
needs: | ||
- build | ||
|
||
# This ensures the cleanup job runs even if previous jobs fail or the workflow is cancelled. | ||
if: always() | ||
uses: | ||
./.github/workflows/gh-cleanup.yml | ||
with: | ||
build-target: ${{ inputs.build-target }} | ||
sha: ${{ inputs.sha }} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,123 @@ | ||
name: Build cunumeric on GH | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
build-target: | ||
required: true | ||
type: string | ||
runs-on: | ||
required: true | ||
type: string | ||
sha: | ||
required: true | ||
type: string | ||
|
||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
BASE_IMAGE: rapidsai/devcontainers:23.06-cpp-cuda11.8-mambaforge-ubuntu22.04 | ||
IMAGE_NAME_LEGATE: legate.core-${{ inputs.build-target }} | ||
IMAGE_NAME_CUNUMERIC: cunumeric-${{ inputs.build-target }} | ||
USE_CUDA: ${{ (inputs.build-target == 'cpu' && 'OFF') || 'ON' }} | ||
|
||
jobs: | ||
build: | ||
name: build-${{ inputs.build-target }}-sub-workflow | ||
|
||
permissions: | ||
id-token: write # This is required for configure-aws-credentials | ||
contents: read # This is required for actions/checkout | ||
packages: write # This is required to push docker image to ghcr.io | ||
|
||
runs-on: ${{ inputs.runs-on }} | ||
|
||
steps: | ||
- name: Checkout legate.core | ||
uses: actions/checkout@v3 | ||
with: | ||
repository: nv-legate/legate.core | ||
fetch-depth: 0 | ||
path: legate | ||
|
||
- name: Checkout cunumeric (= this repo) | ||
uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
path: cunumeric | ||
|
||
- if: github.repository_owner == 'nv-legate' | ||
name: Get AWS credentials for sccache bucket | ||
uses: aws-actions/configure-aws-credentials@v2 | ||
with: | ||
aws-region: us-east-2 | ||
role-duration-seconds: 28800 # 8 hours | ||
role-to-assume: arn:aws:iam::279114543810:role/gha-oidc-nv-legate | ||
|
||
- name: Docker system prune | ||
run: | | ||
docker version | ||
docker system prune --all --force | ||
|
||
- name: Build legate.core using docker build | ||
run: | | ||
echo BUILD_TARGET: ${{ inputs.build-target }} | ||
echo USE_CUDA: ${{ env.USE_CUDA }} | ||
|
||
export LEGATE_SHA=$(cat cunumeric/cmake/versions.json | jq -r '.packages.legate_core.git_tag') | ||
echo "Checking out LEGATE_SHA: ${LEGATE_SHA}" | ||
git -C legate checkout $LEGATE_SHA | ||
|
||
IMAGE_TAG_LEGATE=${{ env.IMAGE_NAME_LEGATE }}:${{ inputs.sha }} | ||
|
||
chmod +x legate/continuous_integration/build-docker-image | ||
legate/continuous_integration/build-docker-image \ | ||
--base-image "$BASE_IMAGE" \ | ||
--image-tag "$IMAGE_TAG_LEGATE" \ | ||
--source-dir legate | ||
|
||
- name: Build cunumeric using docker build | ||
run: | | ||
IMAGE_TAG_CUNUMERIC=${{ env.IMAGE_NAME_CUNUMERIC }}:${{ inputs.sha }} | ||
IMAGE_TAG_LEGATE=${{ env.IMAGE_NAME_LEGATE }}:${{ inputs.sha }} | ||
|
||
legate/continuous_integration/build-docker-image \ | ||
--base-image "$IMAGE_TAG_LEGATE" \ | ||
--image-tag "$IMAGE_TAG_CUNUMERIC" \ | ||
--source-dir cunumeric | ||
|
||
- name: Dump docker history of image before upload | ||
run: | | ||
IMAGE_TAG=${{ env.IMAGE_NAME_CUNUMERIC }}:${{ inputs.sha }} | ||
docker history $IMAGE_TAG | ||
|
||
- name: Log in to container image registry | ||
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | ||
|
||
- name: Push cunumeric image | ||
run: | | ||
IMAGE_TAG=${{ env.IMAGE_NAME_CUNUMERIC }}:${{ inputs.sha }} | ||
|
||
IMAGE_ID=ghcr.io/${{ github.repository_owner }} | ||
|
||
# Change all uppercase to lowercase | ||
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') | ||
|
||
IMAGE_ID=$IMAGE_ID/$IMAGE_TAG | ||
|
||
docker tag $IMAGE_TAG $IMAGE_ID | ||
docker push $IMAGE_ID | ||
|
||
- name: Copy artifacts back to the host | ||
run: | | ||
IMAGE_TAG=${{ env.IMAGE_NAME_CUNUMERIC }}:${{ inputs.sha }} | ||
mkdir -p artifacts | ||
docker run -v "$(pwd)/artifacts:/home/coder/.artifacts" --rm -t $IMAGE_TAG copy-artifacts | ||
|
||
- name: Display structure of workdir | ||
run: ls -R | ||
|
||
- name: Upload build artifacts | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: "cunumeric-${{ inputs.build-target }}-${{ inputs.sha }}" | ||
path: artifacts |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
name: Clean up | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
build-target: | ||
required: true | ||
type: string | ||
sha: | ||
required: true | ||
type: string | ||
|
||
env: | ||
IMAGE_NAME: cunumeric-${{ inputs.build-target }} | ||
|
||
jobs: | ||
cleanup: | ||
permissions: | ||
packages: write | ||
|
||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Delete docker image | ||
run: | | ||
set -xeuo pipefail | ||
|
||
PACKAGE_NAME=${{ env.IMAGE_NAME }} | ||
PACKAGE_VERSION_ID=$( | ||
curl -L \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "Authorization: Bearer ${{ github.token }}"\ | ||
-H "X-GitHub-Api-Version: 2022-11-28" \ | ||
https://api.github.com/orgs/${{ github.repository_owner }}/packages/container/$PACKAGE_NAME/versions | | ||
jq '.[] | select(.metadata.container.tags[] == "${{ inputs.sha }}") | .id' - | ||
) | ||
|
||
curl -L \ | ||
-X DELETE \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "Authorization: Bearer ${{ github.token }}"\ | ||
-H "X-GitHub-Api-Version: 2022-11-28" \ | ||
https://api.github.com/orgs/${{ github.repository_owner }}/packages/container/$PACKAGE_NAME/versions/$PACKAGE_VERSION_ID | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am not 100% sure I understand what is going on. So in the build step, we build the image and push it. Is this the same image we delete in this step? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Yes. We don't need the image if all the tests succeed. After I have submitted #1022 if some test does not succeed you will be able to download the image and reproduce the problem locally. In addition to this I will create a separate CI job to delete any unused images after a certain period of time. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I see. How is this job prevented from running if the tests fail? I see that the cleanup call says There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I have removed |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,7 +5,7 @@ | |
"git_url" : "https://github.com/nv-legate/legate.core.git", | ||
"git_shallow": false, | ||
"always_download": false, | ||
"git_tag" : "a405f595603238c8557cb5fefd3981d190a2fb1d" | ||
"git_tag" : "4b79075eb5d7035d501c334c87a87939af79abc2" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is there something in legate that needs to be updated for this? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It looks like we do need a later version of legate.core than what is currently specified in versions.json.: https://github.com/nv-legate/cunumeric/pull/993/checks#step:7:50. To be more specific we need the file The selected SHA does not directly point to the specific change which introduced the aforementioned dependency but it advances legate.core to the point where we know we have a successful build using build-docker-image. Hope that makes sense. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yup, that makes sense. Please proceed. |
||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
ARG BASE_IMAGE | ||
FROM ${BASE_IMAGE} as stage0 | ||
|
||
COPY --chown=coder:coder continuous_integration/home/coder/.local/bin/* /home/coder/.local/bin/ | ||
COPY --chown=coder:coder . /home/coder/cunumeric | ||
|
||
RUN chmod a+x /home/coder/.local/bin/* | ||
|
||
#--------------------------------------------------- | ||
FROM stage0 as setup | ||
|
||
USER coder | ||
WORKDIR /home/coder | ||
|
||
RUN set -x && . conda-utils && \ | ||
get_yaml_and_make_conda_env && \ | ||
install_legate_core_with_war | ||
|
||
#--------------------------------------------------- | ||
FROM setup as build | ||
USER coder | ||
WORKDIR /home/coder | ||
|
||
ARG GITHUB_TOKEN | ||
ENV GITHUB_TOKEN=${GITHUB_TOKEN} | ||
ARG AWS_SESSION_TOKEN | ||
ENV AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} | ||
ARG AWS_ACCESS_KEY_ID | ||
ENV AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} | ||
ARG AWS_SECRET_ACCESS_KEY | ||
ENV AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} | ||
|
||
COPY --chown=coder:coder .creds /run/secrets | ||
|
||
RUN entrypoint build-cunumeric-all | ||
|
||
#--------------------------------------------------- | ||
FROM stage0 as final | ||
USER coder | ||
WORKDIR /home/coder | ||
|
||
COPY --from=build --chown=coder:coder /tmp/out /tmp/out | ||
COPY --from=build --chown=coder:coder /tmp/conda-build /tmp/conda-build | ||
COPY --from=build --chown=coder:coder /tmp/env_yaml /tmp/env_yaml |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#!/usr/bin/env bash | ||
|
||
|
||
build_cunumeric_all() { | ||
set -x | ||
cd ~/; | ||
|
||
conda info | ||
|
||
set -euo pipefail; | ||
|
||
build-cunumeric-cpp; | ||
build-cunumeric-wheel; | ||
build-cunumeric-conda; | ||
} | ||
|
||
(build_cunumeric_all "$@"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like 23.10 is the current version of devcontainer. We can update it here or in a separate PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will update it in a separate PR.