diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml index 3d16e137c1..6863b3770b 100644 --- a/.github/workflows/helm-release.yaml +++ b/.github/workflows/helm-release.yaml @@ -23,7 +23,7 @@ jobs: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout - uses: h2oai/workflows-library/.github/workflows/wave-bundle-helm-release.yaml@main + uses: ./.github/workflows/wave-bundle-helm-release.yaml with: build-version: ${{ needs.retrieve-metadata.outputs.build-version }} helm-chart-artifact: wave-bundle-helm diff --git a/.github/workflows/wave-bundle-docker-build-publish.yaml b/.github/workflows/wave-bundle-docker-build-publish.yaml new file mode 100644 index 0000000000..b3c10449f6 --- /dev/null +++ b/.github/workflows/wave-bundle-docker-build-publish.yaml @@ -0,0 +1,110 @@ +name: Build and Publish Docker image from generated Dockerfile + +on: + workflow_call: + inputs: + build-version: + type: string + description: The version of the application/image to be pushed + required: true + bundle-artifact: + type: string + description: The name of the artifact containing the generated Dockerfiles and the wave bundle + required: true + working-directory: + type: string + description: Path to the working directory, where docker build will be executed + default: . + +jobs: + docker: + name: Build and Publish App Docker Image + runs-on: ubuntu-latest + permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + + steps: + - uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Download Wave bundle and Dockerfiles + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.bundle-artifact }} + path: ./ + + - name: Rename Dockerfiles + run: | + mv ./*bundle.Dockerfile ./generated.bundle.Dockerfile + mv ./*runtime.Dockerfile ./generated.runtime.Dockerfile + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: arn:aws:iam::524466471676:role/workflows-library-wave-bundling-github-actions + role-session-name: GitHub_to_AWS_via_FederatedOIDC + aws-region: us-east-1 + + - name: "Login to Amazon ECR" + uses: aws-actions/amazon-ecr-login@v1 + + - name: "Ensure ECR Repository for the bundle" + # Tries to describe the repository and if it fails, creates it + run: | + aws ecr describe-repositories \ + --repository-names h2oai/${{ github.event.repository.name }}-bundle 2>/dev/null || + aws ecr create-repository \ + --repository-name h2oai/${{ github.event.repository.name }}-bundle \ + --image-tag-mutability IMMUTABLE \ + --tag \ + Key=GithubRepo,Value=github.com/h2oai/${{ github.event.repository.name }} \ + Key=ManagedBy,Value=GitHubActions \ + Key=CreatedByWorkflow,Value=${{ github.workflow_ref }} + + - name: "Ensure ECR Repository for the runtime" + # Tries to describe the repository and if it fails, creates it + run: | + aws ecr describe-repositories \ + --repository-names h2oai/${{ github.event.repository.name }} 2>/dev/null || + aws ecr create-repository \ + --repository-name h2oai/${{ github.event.repository.name }} \ + --image-tag-mutability IMMUTABLE \ + --tag \ + Key=GithubRepo,Value=github.com/h2oai/${{ github.event.repository.name }} \ + Key=ManagedBy,Value=GitHubActions \ + Key=CreatedByWorkflow,Value=${{ github.workflow_ref }} + + - name: Build and Export Bundle Image + uses: docker/build-push-action@v4 + id: bundle-build + with: + push: true + context: ${{ inputs.working-directory }} + file: ./generated.bundle.Dockerfile + platforms: linux/amd64 + provenance: false + tags: | + 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/${{ github.event.repository.name }}-bundle:${{ inputs.build-version }} + + - name: Build and Export Runtime Image + uses: docker/build-push-action@v4 + id: runtime-build + with: + push: true + context: ${{ inputs.working-directory }} + file: ./generated.runtime.Dockerfile + platforms: linux/amd64 + provenance: false + tags: | + 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/${{ github.event.repository.name }}:${{ inputs.build-version }} + + - name: Published Images Summary + run: | + echo "#### Image Tags" >> $GITHUB_STEP_SUMMARY + echo "\`\`\`" >> $GITHUB_STEP_SUMMARY + echo "docker image push 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/${{ github.event.repository.name }}-bundle:${{ inputs.build-version }}" >> $GITHUB_STEP_SUMMARY + echo "docker image push 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/${{ github.event.repository.name }}:${{ inputs.build-version }}" >> $GITHUB_STEP_SUMMARY + echo "\`\`\`" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/wave-bundle-helm-release.yaml b/.github/workflows/wave-bundle-helm-release.yaml new file mode 100644 index 0000000000..684d969f42 --- /dev/null +++ b/.github/workflows/wave-bundle-helm-release.yaml @@ -0,0 +1,88 @@ +name: Release Helm Chart + +on: + workflow_call: + inputs: + build-version: + type: string + description: The version of the application + required: true + helm-version: + type: string + description: The version of the Helm Chart to be pushed. If not provided `build-version` will be used. + required: false + helm-chart-artifact: + type: string + description: The name of the artifact containing the generated Helm chart + required: true + +jobs: + helm: + name: Helm Release + runs-on: ubuntu-latest + permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + + steps: + - uses: actions/checkout@v3 + + - name: Download Wave bundle and Dockerfile + uses: actions/download-artifact@v3 + id: helm-chart-download + with: + name: ${{ inputs.helm-chart-artifact }} + path: helm/ + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: arn:aws:iam::524466471676:role/workflows-library-wave-bundling-github-actions + role-session-name: GitHub_to_AWS_via_FederatedOIDC + aws-region: us-east-1 + + - name: "Ensure ECR Repository" + # Tires to describe the repository and if it fails, creates it + run: | + aws ecr describe-repositories \ + --repository-names charts/${{ github.event.repository.name }} 2>/dev/null || + aws ecr create-repository \ + --repository-name charts/${{ github.event.repository.name }} \ + --image-tag-mutability IMMUTABLE \ + --tag \ + Key=GithubRepo,Value=github.com/h2oai/${{ github.event.repository.name }} \ + Key=ManagedBy,Value=GitHubActions \ + Key=CreatedByWorkflow,Value=${{ github.workflow_ref }} + + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + token: ${{ github.token }} + + - name: Helm Login to ECR + run: | + aws ecr get-login-password --region us-east-1 \ + | helm registry login --username AWS --password-stdin \ + 524466471676.dkr.ecr.us-east-1.amazonaws.com + + - name: Locate Chart.yaml + id: locate-chart-dir + run: | + echo "PATH=$(dirname $(find ${{ steps.helm-chart-download.outputs.download-path }} -name Chart.yaml))" >> "$GITHUB_OUTPUT" + + - name: Package Helm Chart + run: | + helm package \ + ${{ steps.locate-chart-dir.outputs.PATH }} \ + --version ${{ inputs.helm-version || inputs.build-version }} \ + --app-version ${{ inputs.build-version }} \ + --dependency-update + + - name: Locate Helm package + id: locate-helm-package + run: | + echo "PATH=$(find . -name *-${{ inputs.build-version }}.tgz -type f -exec basename {} \; | tr -d '[:space:]')" >> "$GITHUB_OUTPUT" + + - name: Push Helm Chart to ECR + run: | + helm push ${{ steps.locate-helm-package.outputs.PATH }} oci://524466471676.dkr.ecr.us-east-1.amazonaws.com/charts diff --git a/.github/workflows/wave-publish.yaml b/.github/workflows/wave-publish.yaml index 58ce20b841..aaaa162a08 100644 --- a/.github/workflows/wave-publish.yaml +++ b/.github/workflows/wave-publish.yaml @@ -23,7 +23,7 @@ jobs: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout - uses: h2oai/workflows-library/.github/workflows/wave-bundle-docker-build-publish.yaml@main + uses: ./.github/workflows/wave-bundle-docker-build-publish.yaml with: build-version: ${{ needs.retrieve-metadata.outputs.build-version }} bundle-artifact: wave-bundle