Skip to content

Tyger

Tyger #152

Workflow file for this run

name: Tyger
on:
push:
branches: [main]
tags: ["v*.*.*"]
pull_request: # all branches
workflow_dispatch:
permissions:
id-token: write
contents: read
env:
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
jobs:
tyger-build-deploy:
runs-on: ["self-hosted", "1ES.Pool=tyger-gh-1es"]
container:
image: compimagdevcontainers.azurecr.io/tyger@sha256:3bb5632271f0f5361b39f22d1511ee7ffd59b736523726251d0bab974eadba02
options: -v /mnt/storage:/__w/tyger -v /mnt/storage:/workspaces
defaults:
run:
shell: bash
outputs:
TYGER_ENVIRONMENT_NAME: ${{ steps.set-variables.outputs.TYGER_ENVIRONMENT_NAME }}
TYGER_COMBINED_CONFIG: ${{ steps.set-variables.outputs.TYGER_COMBINED_CONFIG }}
steps:
- name: Login into Azure
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set variables
id: set-variables
run: |
set -eo pipefail
event_name="${{ github.event_name }}"
if [ "$event_name" == "pull_request" ]; then
environment_name="tyger-gpr${{ github.event.pull_request.number }}"
else
environment_name="tygerwestus2"
fi
export TYGER_ENVIRONMENT_NAME="${environment_name}"
tyger_uri=$(make -s get-tyger-uri)
echo "TYGER_ENVIRONMENT_NAME=$environment_name" >> "$GITHUB_OUTPUT"
echo "TYGER_ENVIRONMENT_NAME=$environment_name" >> "$GITHUB_ENV"
combined_config=$(scripts/get-context-environment-config.sh -e "" -o json | jq -c)
echo "TYGER_COMBINED_CONFIG=$combined_config" >> "$GITHUB_OUTPUT"
echo "TYGER_COMBINED_CONFIG=$combined_config" >> "$GITHUB_ENV"
- name: Verify devcontainer
shell: bash
env:
DEVCONTAINER_IMAGE: compimagdevcontainers.azurecr.io/tyger@sha256:3bb5632271f0f5361b39f22d1511ee7ffd59b736523726251d0bab974eadba02
run: |
set -euo pipefail
if [[ "$(.devcontainer/get-devcontainer-image.sh)" != "${DEVCONTAINER_IMAGE}" ]]; then
echo "The devcontainer image in azure-pipelines.yml and devcontainer.json must be the same"
fi
docker build -f .devcontainer/Dockerfile --target devcontainer -t devcontainer --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from ${DEVCONTAINER_IMAGE} .
if ! .devcontainer/diff-container-images.sh "${DEVCONTAINER_IMAGE}" devcontainer; then
echo 'Error: the "image" field in devcontainer.json does not reflect the current "devcontainer" target of the Dockerfile. Run .devcontainer/update-devcontainer-image.sh to correct this.'
exit 1
fi
# - name: Build and verify format
# run: |
# set -eo pipefail
# source /opt/conda/etc/profile.d/conda.sh
# conda activate /opt/conda/envs/tyger
# make restore
# make verify-format
# - name: Deploy and test
# run: |
# set -eo pipefail
# source /opt/conda/etc/profile.d/conda.sh
# conda activate /opt/conda/envs/tyger
# export TYGER_ENVIRONMENT_CONFIG_DIR="${GITHUB_WORKSPACE}/deploy/config/microsoft/ci"
# echo "TYGER_ENVIRONMENT_CONFIG_DIR=$TYGER_ENVIRONMENT_CONFIG_DIR"
# # We have mounted this location in the container, it is identical to the checkout location
# # We need to run the testdata generation from this path to make sure the testdata is generated in the right place.
# # Otherwise, checksums will change and dirty the path and that will cause publishing to fail.
# cd /workspaces/tyger
# set -euo pipefail
# make -s -j 8
# - name: Publish official images
# run: |
# source /opt/conda/etc/profile.d/conda.sh
# conda activate /opt/conda/envs/tyger
# set -euo pipefail
# cd /workspaces/tyger
# make publish-official-images
- name: Cleanup
if: ${{ always() }}
run: |
set -eo pipefail
source /opt/conda/etc/profile.d/conda.sh
conda activate /opt/conda/envs/tyger
# Point to scale-to-zero config
export TYGER_ENVIRONMENT_CONFIG_DIR="${GITHUB_WORKSPACE}/deploy/config/microsoft"
echo "scaling cluster back down"
make ensure-environment
windows-smoke-tests:
runs-on: windows-latest
needs:
- tyger-build-deploy
- publish-binaries
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: dist
path: dist
- name: Login into Azure
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
enable-AzPSSession: true
- name: Run smoke tests
env:
TYGER_COMBINED_CONFIG: ${{ needs.tyger-build-deploy.outputs.TYGER_COMBINED_CONFIG }}
shell: pwsh
run: |
$env:PATH = "$env:GITHUB_WORKSPACE\dist\tyger_windows_amd64_v1;" + $env:PATH
$combinedConfig = $env:TYGER_COMBINED_CONFIG | ConvertFrom-Json
$tygerUri = "https://" + $combinedConfig.config.api.domainName
$servicePrincipal = $combinedConfig.developerConfig.testAppUri
$keyVaultName = $combinedConfig.developerConfig.keyVault
$certificateName = $combinedConfig.developerConfig.pkcs12CertSecret.name
$certificateVersion = $combinedConfig.developerConfig.pkcs12CertSecret.version
# Run tests
.\scripts\Test-CertificateLoginOnWindows.ps1 \
-ServerUri $tygerUri \
-ServicePrincipal $servicePrincipal \
-KeyVaultName $keyVaultName \
-CertificateName $certificateName \
-CertificateVersion $certificateVersion
codeQL:
name: CodeQL
runs-on: ubuntu-latest
if: github.repository == 'microsoft/tyger'
container:
image: compimagdevcontainers.azurecr.io/tyger@sha256:3bb5632271f0f5361b39f22d1511ee7ffd59b736523726251d0bab974eadba02
options: -v /mnt/storage:/__w/tyger -v /mnt/storage:/workspaces
defaults:
run:
shell: bash
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: csharp, go
- name: "Build"
run: |
set -eo pipefail
source /opt/conda/etc/profile.d/conda.sh
conda activate /opt/conda/envs/tyger
cd /workspaces/tyger
TYGER_ENVIRONMENT_NAME="noenv" make -s build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
publish-binaries:
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-go@v4
with:
go-version-file: 'cli/go.mod'
- uses: cue-lang/[email protected]
with:
version: v0.6.0
name: install CUE
- name: get container registry
run: |
set -euo pipefail
official_container_registry=$(scripts/get-context-environment-config.sh -e developerConfig.officialContainerRegistry.fqdn)
echo "OFFICIAL_CONTAINER_REGISTRY=$(echo $official_container_registry)" >> $GITHUB_ENV
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
env:
# If this is a tag push, create a release
ARGS: ${{ startsWith(github.ref, 'refs/tags/') && 'release --clean' || 'release --clean --snapshot' }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
version: v1.21.2
workdir: cli
args: ${{ env.ARGS }}
- name: Upload binaries
uses: actions/upload-artifact@v3
with:
name: dist
path: cli/dist