Set CHEO worker timeout to 10 min from 30 sec #1338
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, test, and deploy backend | |
on: | |
push: | |
branches: | |
- master | |
paths: | |
- .github/workflows/flask.yml | |
- flask/**/* | |
- Dockerfile | |
- docker-compose*.yaml | |
pull_request: | |
branches: | |
- '*' | |
paths: | |
- .github/workflows/flask.yml | |
- flask/**/* | |
- Dockerfile | |
- docker-compose*.yaml | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
# Cancel in-progress build jobs for the current workflow so we're not wasting | |
# time on outdated builds. This isn't scoped to the entire workflow as cancelling | |
# an in-progress deploy could have unforeseen consequences. | |
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-only-cancel-in-progress-jobs-or-runs-for-the-current-workflow | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
COMPOSE_FILE: docker-compose.test.yaml | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: docker/setup-buildx-action@v2 | |
- uses: actions/cache@v3 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Infer metadata (development image) | |
uses: docker/metadata-action@v4 | |
id: meta-dev | |
with: | |
images: ghcr.io/${{ github.repository }} | |
tags: | | |
dev | |
- uses: docker/login-action@v2 | |
if: github.event_name == 'push' | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build development image | |
uses: docker/build-push-action@v3 | |
with: | |
tags: ${{ steps.meta-dev.outputs.tags }} | |
labels: ${{ steps.meta-dev.outputs.labels }} | |
context: flask | |
pull: true | |
load: true | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache,mode=max | |
- run: cp sample.env .env | |
- name: Pytest | |
run: docker-compose run --rm app pytest --cov=app --cov-report term-missing --cov-report xml | |
- uses: codecov/codecov-action@v3 | |
with: | |
fail_ci_if_error: true | |
files: ./flask/coverage.xml | |
flags: pytest | |
- name: Black | |
run: docker-compose run --rm app black --check | |
- name: Stop services | |
run: docker-compose down | |
- name: Push development image | |
uses: docker/build-push-action@v3 | |
if: github.event_name == 'push' | |
with: | |
push: true | |
tags: ${{ steps.meta-dev.outputs.tags }} | |
labels: ${{ steps.meta-dev.outputs.labels }} | |
context: flask | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache,mode=max | |
- name: Infer metadata (production image) | |
uses: docker/metadata-action@v4 | |
if: github.event_name == 'push' | |
id: meta-prod | |
with: | |
images: ghcr.io/${{ github.repository }} | |
flavor: latest=${{ github.ref == 'refs/heads/master' }} | |
tags: | | |
type=ref,event=tag | |
type=sha,format=long | |
- name: Build production image | |
uses: docker/build-push-action@v3 | |
if: github.event_name == 'push' | |
with: | |
push: true | |
tags: ${{ steps.meta-prod.outputs.tags }} | |
labels: ${{ steps.meta-prod.outputs.labels }} | |
context: flask | |
file: "{context}/../Dockerfile" | |
build-args: GIT_SHA=${{ github.sha }} | |
pull: true | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache,mode=max | |
deploy: | |
needs: build | |
if: github.event_name == 'push' | |
strategy: | |
matrix: | |
include: | |
- runner: cheo-ri | |
environment: CHEO-RI_backend | |
- runner: ccm | |
environment: CCM_backend | |
runs-on: [self-hosted, "${{ matrix.runner }}"] | |
environment: ${{ matrix.environment }} | |
concurrency: ${{ matrix.environment }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Configure SSH | |
id: configure | |
# The self-hosted runner is not ephemeral, so we load the secret key into | |
# an agent instead in memory. Keep track of it for further workflow steps | |
# and so we can clean it up and not leave orphaned processes hanging around. | |
# | |
# https://docs.docker.com/engine/context/working-with-contexts/ | |
# This avoids passing an -H parameter to every Docker CLI call. | |
run: | | |
SSH_AGENT_EVAL=$(ssh-agent -s) | |
eval "$SSH_AGENT_EVAL" | |
ssh-add - <<< "${{ secrets.DEPLOY_PRIVATE_KEY }}" | |
echo "::set-output name=ssh-agent-eval::$SSH_AGENT_EVAL" | |
echo "::set-output name=ssh-agent-pid::$SSH_AGENT_PID" | |
mkdir -p ~/.ssh | |
echo "${{ secrets.DEPLOY_HOST_KEY }}" > ~/.ssh/known_hosts | |
chmod -R g-rwx,o-rwx ~/.ssh | |
docker context create deploy-target --docker host=ssh://${{ secrets.DEPLOY_SSH_HOST }} | |
docker context use deploy-target | |
# The secret mapping to environment variables is different, but the script is the same | |
- name: Deploy (CHEO-RI) | |
if: matrix.runner == 'cheo-ri' | |
# Even though this is deploying to a remote Docker Engine, | |
# Compose uses the registry credentials of the client | |
env: | |
COMPOSE_FILE: docker-compose.cheo.yaml | |
ST_VERSION: latest | |
ST_SECRET_KEY: ${{ secrets.ST_SECRET_KEY }} | |
MYSQL_CONNECTION_STRING: ${{ secrets.MYSQL_CONNECTION_STRING }} | |
MINIO_ENDPOINT: ${{ secrets.MINIO_ENDPOINT }} | |
MINIO_ACCESS_KEY: ${{ secrets.MINIO_ACCESS_KEY }} | |
MINIO_SECRET_KEY: ${{ secrets.MINIO_SECRET_KEY }} | |
MSTEAMS_WEBHOOK_URL: ${{ secrets.MSTEAMS_WEBHOOK }} | |
SENDGRID_API_KEY: ${{ secrets.SENDGRID_API_KEY }} | |
SENDGRID_EMAIL_TEMPLATE_ID: ${{ secrets.SENDGRID_EMAIL_TEMPLATE_ID }} | |
SENDGRID_TO_EMAIL: ${{ secrets.SENDGRID_TO_EMAIL }} | |
SENDGRID_FROM_EMAIL: ${{ secrets.SENDGRID_FROM_EMAIL }} | |
SLURM_ENDPOINT: ${{ secrets.SLURM_ENDPOINT }} | |
SLURM_USER: ${{ secrets.SLURM_USER }} | |
SLURM_JWT: ${{ secrets.SLURM_JWT }} | |
run: | | |
eval "${{ steps.configure.outputs.ssh-agent-eval }}" | |
export GUNICORN_WORKERS=$( ssh ${{ secrets.DEPLOY_SSH_HOST }} 'echo $(( $(nproc) * 2 + 1 ))' ) | |
docker-compose pull | |
docker-compose up -d --remove-orphans | |
- name: Deploy (CCM) | |
if: matrix.runner == 'ccm' | |
# Even though this is deploying to a remote Docker Engine, | |
# Compose uses the registry credentials of the client | |
env: | |
COMPOSE_FILE: docker-compose.ccm.yaml | |
ST_VERSION: latest | |
MSTEAMS_WEBHOOK_URL: ${{ secrets.MSTEAMS_WEBHOOK }} | |
PROJECT_ROOT: /opt/stager | |
HIRAKI_ST_SECRET_KEY: ${{ secrets.HIRAKI_ST_SECRET_KEY }} | |
HIRAKI_MYSQL_CONNECTION_STRING: ${{ secrets.HIRAKI_MYSQL_CONNECTION_STRING }} | |
HIRAKI_MINIO_ENDPOINT: ${{ secrets.HIRAKI_MINIO_ENDPOINT }} | |
HIRAKI_MINIO_ACCESS_KEY: ${{ secrets.HIRAKI_MINIO_ACCESS_KEY }} | |
HIRAKI_MINIO_SECRET_KEY: ${{ secrets.HIRAKI_MINIO_SECRET_KEY }} | |
MUISE_ST_SECRET_KEY: ${{ secrets.MUISE_ST_SECRET_KEY }} | |
MUISE_MYSQL_CONNECTION_STRING: ${{ secrets.MUISE_MYSQL_CONNECTION_STRING }} | |
MUISE_MINIO_ENDPOINT: ${{ secrets.MUISE_MINIO_ENDPOINT }} | |
MUISE_MINIO_ACCESS_KEY: ${{ secrets.MUISE_MINIO_ACCESS_KEY }} | |
MUISE_MINIO_SECRET_KEY: ${{ secrets.MUISE_MINIO_SECRET_KEY }} | |
run: | | |
eval "${{ steps.configure.outputs.ssh-agent-eval }}" | |
export GUNICORN_WORKERS=$( ssh ${{ secrets.DEPLOY_SSH_HOST }} 'echo $(( $(nproc) + 1 ))' ) | |
docker-compose pull | |
docker-compose up -d --remove-orphans | |
- name: Clean up | |
if: always() | |
run: | | |
docker context rm -f deploy-target | |
eval "${{ steps.configure.outputs.ssh-agent-eval }}" | |
SSH_AGENT_PID="${{ steps.configure.outputs.ssh-agent-pid }}" ssh-agent -k |