-
Notifications
You must be signed in to change notification settings - Fork 5
176 lines (151 loc) · 6.3 KB
/
dea-intertidal-image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
name: Image build and test
env:
IMAGE_NAME: geoscienceaustralia/dea-intertidal
on:
push:
branches:
- develop
- tests
paths:
- 'intertidal/**'
- 'data/**'
- 'tests/**'
- '.github/workflows/dea-intertidal-image.yml'
- 'Dockerfile'
- 'requirements.in'
- 'setup.py'
- 'codecov.yaml'
pull_request:
branches:
- develop
paths:
- 'intertidal/**'
- 'data/**'
- 'tests/**'
- '.github/workflows/dea-intertidal-image.yml'
- 'Dockerfile'
- 'requirements.in'
- 'setup.py'
- 'codecov.yaml'
release:
types: [edited, published]
permissions:
id-token: write # Required for requesting Json web token
contents: write # Required for actions/checkout
pull-requests: write # Required for validation results comment bot
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::060378307146:role/github-actions-dea-notebooks--sandbox
aws-region: ap-southeast-2
role-duration-seconds: 7200 # 2 hours
- name: Get database credentials
run: |
username_password=$(aws ssm get-parameter --name /dea-sandbox-eks/sandbox_reader/db.creds --with-decryption --query Parameter.Value --output text)
echo DATACUBE_DB_URL=postgresql://${username_password}@localhost:5432/odc >> $GITHUB_ENV
- name: Open port forward to RDS
run: |
npx basti connect \
--custom-target-vpc vpc-086904199e505c1f6 \
--custom-target-host db-aurora-dea-sandbox-eks-1.cos5zfpkso9m.ap-southeast-2.rds.amazonaws.com \
--custom-target-port 5432 \
--local-port 5432 &
# Wait until the connection comes up, but, if it doesn't, don't hang forever.
npx wait-on --timeout 120000 --interval 1000 tcp:127.0.0.1:5432
echo "PGPORT=5432" >> $GITHUB_ENV
echo "PGHOST=localhost" >> $GITHUB_ENV
- name: Build DEA Intertidal docker image
timeout-minutes: 30
shell: bash
run: |
docker build -t dea_intertidal .
- name: Run integration tests
run: |
# Download tide modelling files and unzip
# TODO: Replace with S3 sync from dea-non-public-data
wget --no-verbose https://www.dropbox.com/s/uemd8ib2vfw5nad/tide_models.zip?dl=1 -O tide_models.zip
unzip -q tide_models.zip
# Run integration tests using Docker, setting up datacube access, AWS configuration and
# adding volumes that provide access to tide model data and allow us to export artifacts
# from the run
docker run \
--net=host \
--env DATACUBE_DB_URL \
--env AWS_SESSION_TOKEN \
--env AWS_REGION \
--env AWS_ACCESS_KEY_ID \
--env AWS_SECRET_ACCESS_KEY \
--env AWS_SESSION_TOKEN \
--volume ${GITHUB_WORKSPACE}:/code \
--volume ${GITHUB_WORKSPACE}/tide_models:/var/share/tide_models \
--volume ${GITHUB_WORKSPACE}/artifacts:/mnt/artifacts \
dea_intertidal pytest -v --cov=intertidal --cov-report=xml tests
# Copy out validation outputs produced by the integration tests and place them
# in correct output locations so they can be committed back into the repository
cp ./artifacts/validation.jpg ./tests/validation.jpg
cp ./artifacts/validation.csv ./tests/validation.csv
cp ./artifacts/README.md ./tests/README.md
# Commit validation results produced by integration tests back into repo
- name: Commit validation results into repository
uses: stefanzweifel/git-auto-commit-action@v4
if: github.event_name == 'pull_request'
continue-on-error: true
with:
commit_message: Automatically update integration test validation results
file_pattern: 'tests/validation.jpg tests/validation.csv tests/README.md'
# Post validation tesults as comment on PR
- name: Post validation results as comment
uses: mshick/add-pr-comment@v2
if: github.event_name == 'pull_request'
with:
message: |
![](https://github.com/GeoscienceAustralia/dea-intertidal/blob/${{ github.head_ref }}/tests/validation.jpg?raw=true")
For full integration test results, refer to the [Tests directory README](https://github.com/GeoscienceAustralia/dea-intertidal/tree/${{ github.head_ref }}/tests).
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v3
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
push_ecr:
needs: [test]
runs-on: ubuntu-latest
# Only run on a push to the develop branch OR a release
if: (github.event_name == 'push' && github.ref == 'refs/heads/develop') || (github.event_name == 'release')
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::538673716275:role/github-actions-role
aws-region: ap-southeast-2
- name: Get tag for this build if it exists
if: github.event_name == 'release'
run: |
echo "RELEASE=${GITHUB_REF/refs\/tags\/}" >> $GITHUB_ENV
- name: Push release image to ECR
uses: whoan/docker-build-with-cache-action@master
if: github.event_name == 'release'
with:
registry: 538673716275.dkr.ecr.ap-southeast-2.amazonaws.com
image_name: ${{ env.IMAGE_NAME }}
image_tag: ${{ env.RELEASE }}
- name: Get git commit hash for unstable image name
if: github.event_name != 'release'
run: |
echo "TAG=dev$(git rev-parse --short HEAD)" \
>> $GITHUB_ENV
- name: Push unstable image to ECR
uses: whoan/docker-build-with-cache-action@master
if: github.event_name != 'release'
with:
registry: 538673716275.dkr.ecr.ap-southeast-2.amazonaws.com
image_name: ${{ env.IMAGE_NAME }}
image_tag: latest,${{ env.TAG }}