helpers/.github/workflows/common_dev_image_release.yml at master · causify-ai/helpers · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
name: Common Dev Image Release
on:
    workflow_call:
        inputs:
          container-dir-name:
            description: 'Container directory name - directory where Dockerfile and changelog.txt are located.'
            required: false
            type: string
            default: '.'
env:
  CSFY_CI: true
  # CSFY_ECR_BASE_PATH: ${{ vars.CSFY_ECR_BASE_PATH }}
  # CSFY_ECR_BASE_PATH is the source path for fetching the image.
  # If you prefer pulling the image from ECR, comment out the following
  # line and uncomment the one above.
  # TODO(Vlad): Rename the variable to CSFY_CR_BASE_PATH since it can be
  # either GHCR or ECR.
  CSFY_ECR_BASE_PATH: ghcr.io/${{ github.repository_owner }}
# Set up permissions for OIDC authentication.
permissions:
  # This is required for actions/checkout.
  contents: read
  # This is required for pulling the Docker image from GHCR.
  packages: read
jobs:
  dev_image_release:
    runs-on: ubuntu-latest

    steps:
      # Pass AWS credentials via GH secrets. This is needed to pull the Docker
      # image and in case the workflow needs to access AWS resources.
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.CSFY_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.CSFY_AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ vars.CSFY_AWS_DEFAULT_REGION }}

      # # To optimize costs, the image is fetched from GHCR registry by default.
      # # If you prefer pulling the image from ECR, enable this.
      # - name: Login to AWS ECR
      #   id: login-ecr
      #   uses: aws-actions/amazon-ecr-login@v1

      # This is needed to pull the Docker image.
      - name: Login to GHCR
        run: |
          echo "${{ secrets.GH_ACTION_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}" \
            | docker login ghcr.io -u ${{ github.actor }} --password-stdin

      # Make everything accessible by any user to avoid permission errors.
      - name: Cleanup
        run: sudo chmod 777 -R .

      # Check out the code from GitHub so that we can run the action inside
      # the Docker container.
      - name: Checkout code
        uses: actions/checkout@v2
        with:
          submodules: true
          # TODO(Samarth): Do we need to propagate this to other `repos/workflow`
          # make it a default behavior? For certain tests to pass, we need entire
          # commit history of the repo including sub-modules.
          fetch-depth: 0
          token: ${{ secrets.GH_ACTION_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}

      # To access modules in `amp` and `helpers_root`, make sure PYTHONPATH includes
      # them, just as it's set in `setenv.sh`.
      - name: Update PYTHONPATH
        run: |
          PYTHONPATH="$(realpath .)"
          # Add all submodule paths (recursively).
          SUBMODULES_PATHS=$(git submodule foreach --quiet --recursive 'echo $(pwd)' | paste -sd:)
          PYTHONPATH="$PYTHONPATH:$SUBMODULES_PATHS"
          # Export final PYTHONPATH to the environment.
          echo "PYTHONPATH=$PYTHONPATH" >> $GITHUB_ENV

      # Install packages that are required to run the job via GH.
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -r .github/gh_requirements.txt

      # Run the dev image release workflow.
      - name: Run 'docker_tag_push_dev_image' workflow
        env:
          CSFY_AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
          CSFY_AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
          CSFY_AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }}
          CSFY_AWS_DEFAULT_REGION: ${{ env.AWS_DEFAULT_REGION }}
          CSFY_AWS_S3_BUCKET: ${{ vars.CSFY_AWS_S3_BUCKET }}
          GH_ACTION_ACCESS_TOKEN: ${{ secrets.GH_ACTION_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
        run: invoke docker_tag_push_dev_image

      # Generate release message.
      - name: Generate release message
        id: release_message
        run: |
          # Get release message from script.
          # Use -m to run as module, Python will find it via PYTHONPATH.
          MESSAGE=$(python -m dev_scripts_helpers.docker.print_release_message \
            --container_dir_name "${{ inputs.container-dir-name }}")
          echo "message<<EOF" >> $GITHUB_OUTPUT
          echo "$MESSAGE" >> $GITHUB_OUTPUT
          echo "EOF" >> $GITHUB_OUTPUT

      # Send Slack notification for release.
      - name: Send Slack notification for release
        uses: slackapi/slack-github-action@v1.27.0
        with:
          # You can pass in multiple channels to post to by providing a
          # comma-delimited list of channel IDs: 'CHANNEL_ID,ANOTHER_CHANNEL_ID'
          channel-id: ${{ vars.SLACK_BUILD_NOTIF_CHANNEL_ID }}
          slack-message: ${{ steps.release_message.outputs.message }}
        env:
          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}