Fix post-merge deps update bundle unpacking #82
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Main branch Build and Deployment | |
on: | |
pull_request: | |
types: [closed] | |
branches: | |
- main | |
jobs: | |
on-merge: | |
name: Skip on unmerged | |
if: github.event.pull_request.merged == true && !contains(github.event.pull_request.labels.*.name, 'no-deploy') | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Confirm execution | |
shell: bash | |
run: | | |
echo "PR merge detected and deployment wanted." | |
on-deploy: | |
name: Skip on 'no-deploy' PRs | |
needs: on-merge | |
if: github.event.pull_request.merged == true && !contains(github.event.pull_request.labels.*.name, 'no-deploy') | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Confirm execution | |
shell: bash | |
run: | | |
echo "PR merge detected and deployment wanted." | |
commit-deps-lock-updates: | |
runs-on: ubuntu-22.04 | |
needs: | |
- on-merge | |
permissions: | |
contents: write | |
steps: | |
- name: create token for committing and pushing as agr-github-actions app | |
uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ secrets.GH_ACTIONS_APP_ID }} | |
private-key: ${{ secrets.GH_ACTIONS_APP_PRIVATE_KEY }} | |
- name: Get GitHub App User ID | |
id: app-user-id | |
run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" | |
env: | |
GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.base_ref }} | |
fetch-depth: 0 | |
token: ${{ steps.app-token.outputs.token }} | |
- name: Download updated dependencies lock files bundle | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }} | |
uses: dawidd6/action-download-artifact@v6 | |
with: | |
name: deps_lock_files_bundle | |
pr: ${{ github.event.pull_request.number }} | |
workflow: PR-validation.yml | |
workflow_conclusion: success | |
workflow_search: false | |
allow_forks: false | |
if_no_artifact_found: fail | |
- name: Unpack the bundle | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }} | |
run: | | |
tar -xzv -f deps-lock-files.tar.gz | |
# Independent shared_aws_infra lock files commit required to pin hash representing the package | |
# to be included in depending aws_infra components' lock files. | |
- name: commit shared_aws_infra dependency lock file changes | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }} | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_user_name: ${{ steps.app-token.outputs.app-slug }}[bot] | |
commit_user_email: ${{ steps.app-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com> | |
commit_message: Auto-updated pavi_shared_aws_infra deps lock files [skip actions] | |
file_pattern: 'shared_aws_infra/requirements.txt shared_aws_infra/tests/requirements.txt' | |
disable_globbing: true | |
# Build pavi_shared_aws_infra package (to ensure hash includes latest commit date) | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Build and install the pavi_shared_aws_infra package | |
working-directory: ./shared_aws_infra | |
run: | | |
make clean build install | |
- name: Upload package as artifact | |
id: shared-aws-infra-package | |
uses: actions/upload-artifact@v4 | |
with: | |
name: shared_aws_infra_package | |
path: shared_aws_infra/dist/pavi_shared_aws_infra-0.0.0-py3-none-any.whl | |
- name: Update pavi_shared_aws_infra dependencies | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }} | |
run: | | |
make -C api/aws_infra/ pip-tools update-deps-lock-shared-aws-infra-only update-test-deps-lock-shared-aws-infra-only | |
make -C pipeline/aws_infra/ pip-tools update-deps-lock-shared-aws-infra-only update-test-deps-lock-shared-aws-infra-only | |
make -C webui/aws_infra/ pip-tools update-deps-lock-shared-aws-infra-only update-test-deps-lock-shared-aws-infra-only | |
- name: commit remaining dependency lock file changes | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }} | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_user_name: ${{ steps.app-token.outputs.app-slug }}[bot] | |
commit_user_email: ${{ steps.app-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com> | |
commit_message: Auto-updated deps lock files [skip actions] | |
file_pattern: '*requirements.txt *package-lock.json' | |
disable_globbing: true | |
pipeline-deploy-aws-infra: | |
name: Deploy/update AWS infrastructure for pipeline | |
needs: [commit-deps-lock-updates] | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: pipeline/aws_infra | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.base_ref }} | |
- name: Setup node.js (CDK requirement) | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18" | |
- name: Install CDK | |
run: npm install -g aws-cdk | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Download shared AWS infra package | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_package | |
path: /tmp/ | |
- name: Install CDK stack dependencies | |
run: pip install -r requirements.txt | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-cdk-deploy | |
aws-region: us-east-1 | |
- name: CDK validations (resource assertions and cdk diff) | |
run: make validate | |
- name: Deploy CDK Stack | |
run: make deploy ADD_CDK_ARGS="--require-approval never" | |
api-deploy-image-repo: | |
name: Deploy/update container image repository stack for API | |
needs: [commit-deps-lock-updates] | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: api/aws_infra | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.base_ref }} | |
- name: Setup node.js (CDK requirement) | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18" | |
- name: Install CDK | |
run: npm install -g aws-cdk | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Download shared AWS infra package | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_package | |
path: /tmp/ | |
- name: Install CDK stack dependencies | |
run: pip install -r requirements.txt | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-cdk-deploy | |
aws-region: us-east-1 | |
- name: CDK validations (resource assertions and cdk diff) | |
run: make validate-image-stack | |
- name: Deploy CDK stack | |
run: make deploy-image-stack ADD_CDK_ARGS="--require-approval never" | |
webui-deploy-image-repo: | |
name: Deploy/update container image repository stack for web UI | |
needs: [commit-deps-lock-updates] | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: webui/aws_infra | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.base_ref }} | |
- name: Setup node.js (CDK requirement) | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18" | |
- name: Install CDK | |
run: npm install -g aws-cdk | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Download shared AWS infra package | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_package | |
path: /tmp/ | |
- name: Install CDK stack dependencies | |
run: pip install -r requirements.txt | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-cdk-deploy | |
aws-region: us-east-1 | |
- name: CDK validations (resource assertions and cdk diff) | |
run: make validate-image-stack | |
- name: Deploy CDK stack | |
run: make deploy-image-stack ADD_CDK_ARGS="--require-approval never" | |
pipeline-seq-retrieval-build-and-push-docker-image: | |
needs: [on-deploy, pipeline-deploy-aws-infra, commit-deps-lock-updates] | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.base_ref }} | |
fetch-depth: 0 | |
sparse-checkout: | | |
pipeline/seq_retrieval/ | |
- name: Store release tag in env | |
shell: bash | |
run: | | |
echo "tagname=$(git describe --tags)" >> $GITHUB_ENV | |
# This step will configure environment variables to be used by all steps | |
# involving AWS interaction further down | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-build-image-pipeline-seq-retrieval | |
aws-region: us-east-1 | |
- name: Amazon ECR login | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Build and push container image | |
uses: docker/build-push-action@v6 | |
env: | |
DOCKER_BUILD_SUMMARY: false | |
with: | |
context: ./pipeline/seq_retrieval/ | |
push: true | |
tags: | | |
${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_seq_retrieval:${{ env.tagname }} | |
${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_seq_retrieval:${{ github.event.pull_request.base.ref }} | |
platforms: linux/amd64 | |
pipeline-alignment-build-and-push-docker-image: | |
needs: [on-deploy, pipeline-deploy-aws-infra, commit-deps-lock-updates] | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.base_ref }} | |
fetch-depth: 0 | |
sparse-checkout: | | |
pipeline/alignment/ | |
- name: Store release tag in env | |
shell: bash | |
run: | | |
echo "tagname=$(git describe --tags)" >> $GITHUB_ENV | |
# This step will configure environment variables to be used by all steps | |
# involving AWS interaction further down | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-build-image-pipeline-seq-retrieval | |
aws-region: us-east-1 | |
- name: Amazon ECR login | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Build and push container image | |
uses: docker/build-push-action@v6 | |
env: | |
DOCKER_BUILD_SUMMARY: false | |
with: | |
context: ./pipeline/alignment/ | |
push: true | |
tags: | | |
${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_alignment:${{ env.tagname }} | |
${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_alignment:${{ github.event.pull_request.base.ref }} | |
platforms: linux/amd64 | |
api-build-and-push-docker-image: | |
needs: [on-deploy, api-deploy-image-repo, commit-deps-lock-updates] | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.base_ref }} | |
fetch-depth: 0 | |
- name: Store release tag in env | |
shell: bash | |
run: | | |
echo "tagname=$(git describe --tags)" >> $GITHUB_ENV | |
# This step will configure environment variables to be used by all steps | |
# involving AWS interaction further down | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-build-image-api | |
aws-region: us-east-1 | |
- name: Amazon ECR login | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Build and push container image | |
uses: docker/build-push-action@v6 | |
env: | |
DOCKER_BUILD_SUMMARY: false | |
with: | |
context: ./ | |
file: api/Dockerfile | |
push: true | |
tags: | | |
${{ steps.login-ecr.outputs.registry }}/agr_pavi/api:${{ env.tagname }} | |
${{ steps.login-ecr.outputs.registry }}/agr_pavi/api:${{ github.event.pull_request.base.ref }} | |
platforms: linux/amd64 | |
webui-build-and-push-docker-image: | |
needs: [on-deploy, webui-deploy-image-repo, commit-deps-lock-updates] | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.base_ref }} | |
fetch-depth: 0 | |
- name: Store release tag in env | |
shell: bash | |
run: | | |
echo "tagname=$(git describe --tags)" >> $GITHUB_ENV | |
# This step will configure environment variables to be used by all steps | |
# involving AWS interaction further down | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-build-image-webui | |
aws-region: us-east-1 | |
- name: Amazon ECR login | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Build and push container image | |
uses: docker/build-push-action@v6 | |
env: | |
DOCKER_BUILD_SUMMARY: false | |
with: | |
context: ./webui/ | |
push: true | |
tags: | | |
${{ steps.login-ecr.outputs.registry }}/agr_pavi/webui:${{ env.tagname }} | |
${{ steps.login-ecr.outputs.registry }}/agr_pavi/webui:${{ github.event.pull_request.base.ref }} | |
platforms: linux/amd64 | |
api-deploy-application: | |
name: Deploy application (version) for API | |
needs: | |
- on-deploy | |
- commit-deps-lock-updates | |
- api-build-and-push-docker-image | |
- pipeline-alignment-build-and-push-docker-image | |
- pipeline-seq-retrieval-build-and-push-docker-image | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: api/aws_infra | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.base_ref }} | |
fetch-depth: 0 | |
- name: Store release tag in env | |
shell: bash | |
run: | | |
echo "tagname=$(git describe --tags)" >> $GITHUB_ENV | |
- name: Setup node.js (CDK requirement) | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18" | |
- name: Install CDK | |
run: npm install -g aws-cdk | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Download shared AWS infra package | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_package | |
path: /tmp/ | |
- name: Install CDK stack dependencies | |
run: pip install -r requirements.txt | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-api-cdk-deploy | |
aws-region: us-east-1 | |
- name: CDK validations (resource assertions and cdk diff) | |
run: make validate-application-stack validate-environment-stack PAVI_DEPLOY_VERSION_LABEL="${{ env.tagname }}" PAVI_IMAGE_TAG="${{ env.tagname }}" | |
- name: Deploy application (and version) | |
run: make deploy-application PAVI_DEPLOY_VERSION_LABEL="${{ env.tagname }}" ADD_CDK_ARGS="--require-approval never" | |
- name: Deploy to main environment | |
run: make deploy-environment PAVI_DEPLOY_VERSION_LABEL="${{ env.tagname }}" PAVI_IMAGE_TAG="${{ env.tagname }}" \ | |
EB_ENV_CDK_STACK_NAME=PaviApiEbMainStack ADD_CDK_ARGS="--require-approval never" | |
webui-deploy-application: | |
name: Deploy application (version) for web UI | |
needs: | |
- on-deploy | |
- commit-deps-lock-updates | |
- webui-build-and-push-docker-image | |
- api-deploy-application | |
permissions: | |
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
working-directory: webui/aws_infra | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.base_ref }} | |
fetch-depth: 0 | |
- name: Store release tag in env | |
shell: bash | |
run: | | |
echo "tagname=$(git describe --tags)" >> $GITHUB_ENV | |
- name: Setup node.js (CDK requirement) | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18" | |
- name: Install CDK | |
run: npm install -g aws-cdk | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
- name: Download shared AWS infra package | |
uses: actions/download-artifact@v4 | |
with: | |
name: shared_aws_infra_package | |
path: /tmp/ | |
- name: Install CDK stack dependencies | |
run: pip install -r requirements.txt | |
- name: AWS credentials configuration | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}} | |
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-webui-cdk-deploy | |
aws-region: us-east-1 | |
- name: CDK validations (resource assertions and cdk diff) | |
run: make validate-application-stack validate-environment-stack PAVI_API_ENV_NAME="PAVI-api-main" \ | |
PAVI_DEPLOY_VERSION_LABEL="${{ env.tagname }}" PAVI_IMAGE_TAG="${{ env.tagname }}" | |
- name: Deploy application (and version) | |
run: make deploy-application PAVI_DEPLOY_VERSION_LABEL="${{ env.tagname }}" ADD_CDK_ARGS="--require-approval never" | |
- name: Deploy to main environment | |
run: make deploy-environment PAVI_API_ENV_NAME="PAVI-api-main" \ | |
PAVI_DEPLOY_VERSION_LABEL="${{ env.tagname }}" PAVI_IMAGE_TAG="${{ env.tagname }}" \ | |
EB_ENV_CDK_STACK_NAME=PaviWebUiEbMainStack ADD_CDK_ARGS="--require-approval never" |