-
Notifications
You must be signed in to change notification settings - Fork 171
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improvements to Container CD #385
Closed
Closed
Changes from 8 commits
Commits
Show all changes
20 commits
Select commit
Hold shift + click to select a range
8bcac10
init ci and add audioqna example
tylertitsworth 108cb34
scope down pr to just audioqna and build+scan
tylertitsworth 2f26d16
remove excess changes
tylertitsworth 1c8f287
remove no_start input
tylertitsworth 0def4a4
add simple tesst execution job
tylertitsworth cddd538
remove matrix strategy from build
tylertitsworth 70ebb93
remove rogue if statement
tylertitsworth 014f98d
pull comps rather than build them
tylertitsworth 7337a55
finish cd
tylertitsworth 63a64ca
add hw label to test case
tylertitsworth daf424b
update name change to reusable wf
tylertitsworth 8af9746
downstream to composite
tylertitsworth c4e1873
debug matrix
tylertitsworth fc6e5f7
re-fix repo name casing in scan wf
tylertitsworth 9b695e3
Update README.md
tylertitsworth 87e79cd
restore ci
tylertitsworth 398bae0
merge main
tylertitsworth d02bc88
add k8s envs
tylertitsworth b4b4ee5
correct source name
tylertitsworth 54c6712
merge main
tylertitsworth File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
# Copyright (C) 2024 Intel Corporation | ||
# SPDX-License-Identifier: Apache-2.0 | ||
|
||
# Source: https://github.com/intel/ai-containers/blob/main/.github/action.yml | ||
|
||
--- | ||
name: Build Container Group | ||
description: Given the inputs found below, build all containers found in a docker-compose.yaml file for a given configuration | ||
author: tyler.titsworth@intel.com | ||
inputs: | ||
group_dir: | ||
description: Directory with docker-compose.yaml to build | ||
required: true | ||
type: string | ||
env_overrides: | ||
description: Bash Env Variable Overrides in `KEY=VAL && KEY2=VAL2` format | ||
required: false | ||
type: string | ||
registry: | ||
description: Container Registry URL | ||
required: false | ||
default: 'opea-project' | ||
type: string | ||
outputs: | ||
container-group: | ||
description: "Container Group" | ||
value: ${{ steps.container-output.outputs.group }} | ||
runs: | ||
using: composite | ||
steps: | ||
# This step generates a random number to use as the project number | ||
# which can help avoid collisions with parallel builds on the same system | ||
- name: Generate Project Number | ||
shell: bash | ||
run: echo "project-number=$(shuf -i 0-10000 -n1)" >> $GITHUB_ENV | ||
- name: Build Containers | ||
shell: bash | ||
run: | | ||
REGISTRY=${{ inputs.registry }} \ | ||
COMPOSE_PROJECT_NAME=${{ env.project-number }} \ | ||
${{ inputs.env_overrides }} docker compose -p ${{ env.project-number }} up --build --force-recreate --always-recreate-deps --no-start | ||
working-directory: ${{ inputs.group_dir }} | ||
- name: Print Containers | ||
id: container-output | ||
shell: bash | ||
run: | | ||
mkdir matrix | ||
images=$(REGISTRY=${{ inputs.registry }} \ | ||
COMPOSE_PROJECT_NAME=${{ env.project-number }} \ | ||
${{ inputs.env_overrides }} docker compose -p ${{ env.project-number }} images --format json) | ||
for image in $(echo $images | jq -r --arg registry "$REGISTRY" '.[] | select(.Repository | contains($registry)) | .Tag'); do | ||
echo "$image" > matrix/$image.txt | ||
done | ||
echo "group=${{ inputs.group_dir }}" | tr '/' '_' >> $GITHUB_OUTPUT | ||
working-directory: ${{ inputs.group_dir }} | ||
- uses: actions/upload-artifact@v4 | ||
with: | ||
name: ${{ env.project-number }}-${{ steps.container-output.outputs.group }} | ||
path: ${{ inputs.group_dir }}/matrix/* | ||
retention-days: 1 | ||
overwrite: true | ||
- name: Push Containers | ||
shell: bash | ||
run: | | ||
REGISTRY=${{ inputs.registry }} \ | ||
COMPOSE_PROJECT_NAME=${{ env.project-number }} \ | ||
${{ inputs.env_overrides }} docker compose -p ${{ env.project-number }} push | ||
working-directory: ${{ inputs.group_dir }} | ||
- name: Un-Tag Containers | ||
if: ${{ always() }} | ||
shell: bash | ||
run: | | ||
REGISTRY=${{ inputs.registry }} \ | ||
COMPOSE_PROJECT_NAME=${{ env.project-number }} \ | ||
${{ inputs.env_overrides }} docker compose -p ${{ env.project-number }} down --rmi all | ||
working-directory: ${{ inputs.group_dir }} | ||
- name: Remove Containers | ||
if: ${{ always() }} | ||
shell: bash | ||
run: docker system prune --force |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# Copyright (C) 2024 Intel Corporation | ||
# SPDX-License-Identifier: Apache-2.0 | ||
|
||
# Source: https://github.com/intel/ai-containers/blob/main/.github/scan/action.yml | ||
|
||
name: 'Aqua Security Trivy' | ||
description: 'Scans container images for vulnerabilities with Trivy without building the image. For use behind firewalls.' | ||
author: 'tyler.titsworth@intel.com' | ||
inputs: | ||
image-ref: | ||
description: 'image reference(for backward compatibility)' | ||
required: true | ||
output: | ||
description: 'writes results to a file with the specified file name' | ||
required: true | ||
runs: | ||
using: 'docker' | ||
image: "docker://ghcr.io/aquasecurity/trivy" | ||
entrypoint: trivy | ||
args: | ||
- '--timeout=30m' | ||
- image | ||
- '--format=sarif' | ||
- '--no-progress' | ||
- '--output=${{ inputs.output }}' | ||
- ${{ inputs.image-ref }} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
# Copyright (C) 2024 Intel Corporation | ||
# SPDX-License-Identifier: Apache-2.0 | ||
|
||
name: Container Integration Tests | ||
on: | ||
pull_request | ||
permissions: read-all | ||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | ||
cancel-in-progress: true | ||
jobs: | ||
group-diff: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
groups: ${{ steps.group-list.outputs.FOLDERS }} | ||
steps: | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | ||
with: | ||
egress-policy: audit | ||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
with: | ||
fetch-depth: 0 | ||
- name: Output Modified Group Directories | ||
id: group-list | ||
run: | | ||
# Get diff array filtered by specific filetypes | ||
DIFF=$(git diff --diff-filter=d \ | ||
--name-only ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }} \ | ||
-- '*/*Dockerfile' '*.py' '*.yaml' '*.yml' '*.sh' '*/*requirements.txt' '*.json' '*.ts' '*.js' | \ | ||
jq -R '.' | jq -sc '.' \ | ||
) | ||
# Search for compose files in each file to determine the container groups | ||
DOCKER_COMPOSE_PATHS=() | ||
for path in $(echo $DIFF | jq -r '.[]'); do | ||
while [[ "$path" != "." ]]; do | ||
DIR_PATH=$(dirname "$path") | ||
if [ -n "$(find "$DIR_PATH" -maxdepth 1 -name 'docker-compose.yaml' -print -quit)" ] && [ "$DIR_PATH" != "." ]; then | ||
DOCKER_COMPOSE_PATHS+=("$DIR_PATH") | ||
path="." | ||
else | ||
path="$DIR_PATH" | ||
fi | ||
done | ||
done | ||
# Convert the array to a JSON array | ||
DOCKER_COMPOSE_PATHS_JSON=$(printf '%s\n' "${DOCKER_COMPOSE_PATHS[@]}" | jq -R '.' | jq -sc 'unique_by(.)') | ||
echo "FOLDERS=$DOCKER_COMPOSE_PATHS_JSON" >> $GITHUB_OUTPUT | ||
pipeline-ci: | ||
needs: group-diff | ||
if: needs.group-diff.outputs.groups != '[""]' | ||
strategy: | ||
matrix: | ||
group: ${{ fromJson(needs.group-diff.outputs.groups) }} | ||
experimental: [true] | ||
fail-fast: false | ||
uses: opea/genaiexamples/.github/workflows/reuse-container-ci.yaml@main | ||
with: | ||
group_dir: ${{ matrix.group }} | ||
secrets: inherit | ||
status-check: | ||
needs: [group-diff, pipeline-ci] | ||
runs-on: ubuntu-latest | ||
if: always() | ||
steps: | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | ||
with: | ||
egress-policy: audit | ||
- run: exit 1 | ||
if: >- | ||
${{ | ||
contains(needs.*.result, 'failure') | ||
|| contains(needs.*.result, 'cancelled') | ||
|| contains(needs.*.result, 'skipped') | ||
&& needs.group-diff.outputs.groups != '[""]' | ||
}} |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there may be a few more file types and extensions:
*.dockerfile, *Dockerfile*, *.cjs, *.svelte and etc