Add guardrails orchestrator controller #1163
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Push | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- v* | |
paths-ignore: | |
- 'LICENSE' | |
- '**/.gitignore' | |
- '**.md' | |
- '**.adoc' | |
- '*.txt' | |
pull_request_target: | |
paths-ignore: | |
- 'LICENSE' | |
- '**/.gitignore' | |
- '**.md' | |
- '**.adoc' | |
- '*.txt' | |
types: [labeled, opened, synchronize, reopened] | |
jobs: | |
# Ensure that tests pass before publishing a new image. | |
build-and-push-ci: | |
runs-on: ubuntu-latest | |
steps: # Assign context variable for various action contexts (tag, main, CI) | |
- name: Assigning CI context | |
if: github.head_ref != '' && github.head_ref != 'main' && !startsWith(github.ref, 'refs/tags/v') | |
run: echo "BUILD_CONTEXT=ci" >> $GITHUB_ENV | |
- name: Assigning tag context | |
if: github.head_ref == '' && startsWith(github.ref, 'refs/tags/v') | |
run: echo "BUILD_CONTEXT=tag" >> $GITHUB_ENV | |
- name: Assigning main context | |
if: github.head_ref == '' && github.ref == 'refs/heads/main' | |
run: echo "BUILD_CONTEXT=main" >> $GITHUB_ENV | |
# | |
# Run checkouts | |
- uses: mheap/github-action-required-labels@v4 | |
if: env.BUILD_CONTEXT == 'ci' | |
with: | |
mode: minimum | |
count: 1 | |
labels: "ok-to-test, lgtm, approved" | |
- uses: actions/checkout@v3 | |
if: env.BUILD_CONTEXT == 'ci' | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: actions/checkout@v3 | |
if: env.BUILD_CONTEXT == 'main' || env.BUILD_CONTEXT == 'tag' | |
# | |
# Print variables for debugging | |
- name: Log reference variables | |
run: | | |
echo "CONTEXT: ${{ env.BUILD_CONTEXT }}" | |
echo "GITHUB.REF: ${{ github.ref }}" | |
echo "GITHUB.HEAD_REF: ${{ github.head_ref }}" | |
echo "SHA: ${{ github.event.pull_request.head.sha }}" | |
echo "MAIN IMAGE AT: ${{ vars.QUAY_RELEASE_REPO }}:latest" | |
echo "LMES DRIVER IMAGE AT: ${{ vars.QUAY_RELEASE_LMES_DRIVER_REPO }}:latest" | |
echo "LMES JOB IMAGE AT: ${{ vars.QUAY_RELEASE_LMES_JOB_REPO }}:latest" | |
echo "GUARDRAILS ORCH IMAGE AT: ${{ vars.QUAY_RELEASE_GUARDRAILS_REPO }}:latest" | |
echo "CI IMAGE AT: quay.io/trustyai/trustyai-service-operator-ci:${{ github.event.pull_request.head.sha }}" | |
# | |
# Set environments depending on context | |
- name: Set CI environment | |
if: env.BUILD_CONTEXT == 'ci' | |
run: | | |
echo "TAG=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV | |
echo "IMAGE_NAME=quay.io/trustyai/trustyai-service-operator-ci" >> $GITHUB_ENV | |
echo "DRIVER_IMAGE_NAME=quay.io/trustyai/ta-lmes-driver-ci" >> $GITHUB_ENV | |
echo "JOB_IMAGE_NAME=quay.io/trustyai/ta-lmes-job-ci" >> $GITHUB_ENV | |
echo "ORCH_IMAGE_NAME=quay.io/trustyai/ta-guardrails-orchestrator-ci" >> $GITHUB_ENV | |
- name: Set main-branch environment | |
if: env.BUILD_CONTEXT == 'main' | |
run: | | |
echo "TAG=latest" >> $GITHUB_ENV | |
echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV | |
echo "DRIVER_IMAGE_NAME=${{ vars.QUAY_RELEASE_LMES_DRIVER_REPO }}" >> $GITHUB_ENV | |
echo "JOB_IMAGE_NAME=${{ vars.QUAY_RELEASE_LMES_JOB_REPO }}" >> $GITHUB_ENV | |
echo "ORCH_IMAGE_NAME=${{ vars.QUAY_RELEASE_GUARDRAILS_REPO }}" >> $GITHUB_ENV | |
- name: Set tag environment | |
if: env.BUILD_CONTEXT == 'tag' | |
run: | | |
echo "TAG=${{ github.ref_name }}" >> $GITHUB_ENV | |
echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV | |
echo "DRIVER_IMAGE_NAME=${{ vars.QUAY_RELEASE_LMES_DRIVER_REPO }}" >> $GITHUB_ENV | |
echo "JOB_IMAGE_NAME=${{ vars.QUAY_RELEASE_LMES_JOB_REPO }}" >> $GITHUB_ENV | |
echo "ORCH_IMAGE_NAME=${{ vars.QUAY_RELEASE_GUARDRAILS_REPO }}" >> $GITHUB_ENV | |
# Run docker commands | |
- name: Put expiry date on CI-tagged image | |
if: env.BUILD_CONTEXT == 'ci' | |
run: sed -i 's#summary="odh-trustyai-service-operator\"#summary="odh-trustyai-service-operator" \\ \n quay.expires-after=7d#' Dockerfile | |
- name: Log in to Quay | |
run: docker login -u ${{ secrets.QUAY_ROBOT_USERNAME }} -p ${{ secrets.QUAY_ROBOT_SECRET }} quay.io | |
- name: Build main image | |
run: docker build -t ${{ env.IMAGE_NAME }}:$TAG . | |
- name: Push main image to Quay | |
run: docker push ${{ env.IMAGE_NAME }}:$TAG | |
- name: Build LMES driver image | |
run: docker build -f Dockerfile.driver -t ${{ env.DRIVER_IMAGE_NAME }}:$TAG . | |
- name: Push LMES driver image to Quay | |
run: docker push ${{ env.DRIVER_IMAGE_NAME }}:$TAG | |
- name: Build LMES job image | |
run: docker build -f Dockerfile.lmes-job -t ${{ env.JOB_IMAGE_NAME }}:$TAG . | |
- name: Push LMES job image to Quay | |
run: docker push ${{ env.JOB_IMAGE_NAME }}:$TAG | |
- name: Build Guardrails orchestrator image | |
run: docker build -f Dockerfile.guardrails -t ${{ env.ORCH_IMAGE_NAME }}:$TAG . | |
- name: Push Guardrails orchestrator image to Quay | |
run: docker push ${{ env.ORCH_IMAGE_NAME }}:$TAG | |
# Create CI Manifests | |
- name: Set up manifests for CI | |
if: env.BUILD_CONTEXT == 'ci' | |
run: | | |
sed -i "s#quay.io/trustyai/trustyai-service-operator:latest#${{ env.IMAGE_NAME }}:$TAG#" ./config/base/params.env | |
sed -i "s#quay.io/trustyai/trustyai-service-operator:latest#${{ env.IMAGE_NAME }}:$TAG#" ./config/overlays/odh/params.env | |
sed -i "s#quay.io/trustyai/trustyai-service-operator:latest#${{ env.IMAGE_NAME }}:$TAG#" ./config/overlays/rhoai/params.env | |
rm -Rf $(ls . | grep -v config) | |
rm -Rf .gitignore .dockerignore .github .git .yamllint.yaml | |
# pysh to ci-manifest repo | |
- uses: cpina/github-action-push-to-another-repository@main | |
if: env.BUILD_CONTEXT == 'ci' | |
env: | |
SSH_DEPLOY_KEY: ${{ secrets.TRUSTYAI_CI_BOT_SSH_KEY}} | |
with: | |
source-directory: '.' | |
destination-github-username: 'trustyai-ci-bot' | |
destination-repository-username: 'trustyai-explainability' | |
destination-repository-name: 'trustyai-service-operator-ci' | |
target-branch: operator-${{ env.TAG }} | |
create-target-branch-if-needed: 'true' | |
# Leave comment | |
- uses: peter-evans/find-comment@v3 | |
name: Find Comment | |
id: fc | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
comment-author: 'github-actions[bot]' | |
body-includes: PR image build and manifest generation completed successfully | |
- uses: peter-evans/create-or-update-comment@v4 | |
name: Generate/update success message comment | |
with: | |
comment-id: ${{ steps.fc.outputs.comment-id }} | |
issue-number: ${{ github.event.pull_request.number }} | |
edit-mode: replace | |
body: | | |
PR image build and manifest generation completed successfully! | |
📦 [PR image](https://quay.io/trustyai/trustyai-service-operator-ci:${{ github.event.pull_request.head.sha }}): `quay.io/trustyai/trustyai-service-operator-ci:${{ github.event.pull_request.head.sha }}` | |
📦 [LMES driver image](https://quay.io/trustyai/ta-lmes-driver:${{ github.event.pull_request.head.sha }}): `quay.io/trustyai/ta-lmes-driver:${{ github.event.pull_request.head.sha }}` | |
📦 [LMES job image](https://quay.io/trustyai/ta-lmes-job:${{ github.event.pull_request.head.sha }}): `quay.io/trustyai/ta-lmes-job:${{ github.event.pull_request.head.sha }}` | |
📦 [Guardrails orchestrator image](https://quay.io/trustyai/ta-guardrails-orchestrator:${{ github.event.pull_request.head.sha }}): `quay.io/trustyai/ta-guardrails-orchestrator:${{ github.event.pull_request.head.sha }}` | |
🗂️ [CI manifests](https://github.com/trustyai-explainability/trustyai-service-operator-ci/tree/operator-${{ env.TAG }}) | |
``` | |
devFlags: | |
manifests: | |
- contextDir: config | |
sourcePath: '' | |
uri: https://api.github.com/repos/trustyai-explainability/trustyai-service-operator-ci/tarball/operator-${{ env.TAG }} | |
``` | |