Merge pull request #60 from GeoscienceAustralia/release_update #173
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Image build and test | |
env: | |
IMAGE_NAME: geoscienceaustralia/dea-intertidal | |
on: | |
push: | |
branches: | |
- main | |
- tests | |
paths: | |
- 'intertidal/**' | |
- 'data/**' | |
- 'tests/**' | |
- '.github/workflows/dea-intertidal-image.yml' | |
- 'Dockerfile' | |
- 'requirements.in' | |
- 'setup.py' | |
- 'codecov.yaml' | |
pull_request: | |
branches: | |
- main | |
paths: | |
- 'intertidal/**' | |
- 'data/**' | |
- 'tests/**' | |
- '.github/workflows/dea-intertidal-image.yml' | |
- 'Dockerfile' | |
- 'requirements.in' | |
- 'setup.py' | |
- 'codecov.yaml' | |
release: | |
types: [created, edited, published] | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: write # This is required for actions/checkout | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::060378307146:role/github-actions-dea-notebooks--sandbox | |
aws-region: ap-southeast-2 | |
role-duration-seconds: 7200 # 2 hours | |
- name: Get database credentials | |
run: | | |
username_password=$(aws ssm get-parameter --name /dea-sandbox-eks/sandbox_reader/db.creds --with-decryption --query Parameter.Value --output text) | |
echo DATACUBE_DB_URL=postgresql://${username_password}@localhost:5432/odc >> $GITHUB_ENV | |
- name: Open port forward to RDS | |
run: | | |
npx basti connect \ | |
--custom-target-vpc vpc-086904199e505c1f6 \ | |
--custom-target-host db-aurora-dea-sandbox-eks-1.cos5zfpkso9m.ap-southeast-2.rds.amazonaws.com \ | |
--custom-target-port 5432 \ | |
--local-port 5432 & | |
# Wait until the connection comes up, but, if it doesn't, don't hang forever. | |
npx wait-on --timeout 120000 --interval 1000 tcp:127.0.0.1:5432 | |
echo "PGPORT=5432" >> $GITHUB_ENV | |
echo "PGHOST=localhost" >> $GITHUB_ENV | |
- name: Build DEA Intertidal docker image | |
timeout-minutes: 20 | |
shell: bash | |
run: | | |
docker build -t dea_intertidal . | |
- name: Run integration tests | |
run: | | |
# Download tide modelling files and unzip | |
# TODO: Replace with S3 sync from dea-non-public-data | |
wget --no-verbose https://www.dropbox.com/s/uemd8ib2vfw5nad/tide_models.zip?dl=1 -O tide_models.zip | |
unzip -q tide_models.zip | |
# Run integration tests using Docker, setting up datacube access, AWS configuration and | |
# adding volumes that provide access to tide model data and allow us to export artifacts | |
# from the run | |
docker run \ | |
--net=host \ | |
--env DATACUBE_DB_URL \ | |
--env AWS_SESSION_TOKEN \ | |
--env AWS_REGION \ | |
--env AWS_ACCESS_KEY_ID \ | |
--env AWS_SECRET_ACCESS_KEY \ | |
--env AWS_SESSION_TOKEN \ | |
--volume ${GITHUB_WORKSPACE}:/code \ | |
--volume ${GITHUB_WORKSPACE}/tide_models:/var/share/tide_models \ | |
--volume ${GITHUB_WORKSPACE}/artifacts:/mnt/artifacts \ | |
dea_intertidal pytest -v --cov=intertidal --cov-report=xml tests | |
# Copy out validation outputs produced by the integration tests and place them | |
# in correct output locations so they can be committed back into the repository | |
cp ./artifacts/validation.jpg ./tests/validation.jpg | |
cp ./artifacts/validation.csv ./tests/validation.csv | |
cp ./artifacts/README.md ./tests/README.md | |
# - name: Setup upterm session | |
# uses: lhotari/action-upterm@v1 | |
# Commit validation results produced by integration tests back into repo | |
- name: Commit validation results into repository | |
uses: stefanzweifel/git-auto-commit-action@v4 | |
if: github.event_name != 'release' | |
with: | |
commit_message: Automatically update integration test validation results | |
file_pattern: 'tests/validation.jpg tests/validation.csv tests/README.md' | |
- name: Upload coverage reports to Codecov | |
uses: codecov/codecov-action@v3 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
push_ecr: | |
needs: [test] | |
runs-on: ubuntu-latest | |
# Only run on a push to the main branch | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
role-to-assume: arn:aws:iam::538673716275:role/github-actions-role | |
aws-region: ap-southeast-2 | |
- name: Get tag for this build if it exists | |
if: github.event_name == 'release' | |
run: | | |
echo "RELEASE=${GITHUB_REF/refs\/tags\/}" >> $GITHUB_ENV | |
- name: Push release image to ECR | |
uses: whoan/docker-build-with-cache-action@master | |
if: github.event_name == 'release' | |
with: | |
registry: 538673716275.dkr.ecr.ap-southeast-2.amazonaws.com | |
image_name: ${{ env.IMAGE_NAME }} | |
image_tag: ${{ env.RELEASE }} | |
- name: Get git commit hash for push to main | |
if: github.event_name != 'release' | |
run: | | |
echo "TAG=dev$(git rev-parse --short HEAD)" \ | |
>> $GITHUB_ENV | |
- name: Push unstable image to ECR | |
uses: whoan/docker-build-with-cache-action@master | |
if: github.event_name != 'release' | |
with: | |
registry: 538673716275.dkr.ecr.ap-southeast-2.amazonaws.com | |
image_name: ${{ env.IMAGE_NAME }} | |
image_tag: latest,${{ env.TAG }} |