[draft] ignore #157
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tyger | |
| on: | |
| push: | |
| branches: [main] | |
| tags: ["v*.*.*"] | |
| pull_request: # all branches | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| jobs: | |
| tyger-build-deploy: | |
| runs-on: ["self-hosted", "1ES.Pool=tyger-gh-1es"] | |
| container: | |
| image: compimagdevcontainers.azurecr.io/tyger@sha256:3bb5632271f0f5361b39f22d1511ee7ffd59b736523726251d0bab974eadba02 | |
| options: -v /mnt/storage:/__w/tyger -v /mnt/storage:/workspaces | |
| defaults: | |
| run: | |
| shell: bash | |
| outputs: | |
| TYGER_ENVIRONMENT_NAME: ${{ steps.set-variables.outputs.TYGER_ENVIRONMENT_NAME }} | |
| TYGER_URI: ${{ steps.set-variables.outputs.TYGER_URI }} | |
| DEVELOPER_CONFIG: ${{ steps.set-variables.outputs.DEVELOPER_CONFIG }} | |
| steps: | |
| - name: Login into Azure | |
| uses: azure/login@v1 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set variables | |
| id: set-variables | |
| run: | | |
| set -eo pipefail | |
| event_name="${{ github.event_name }}" | |
| if [ "$event_name" == "pull_request" ]; then | |
| environment_name="tyger-gpr${{ github.event.pull_request.number }}" | |
| else | |
| environment_name="tygerwestus2" | |
| fi | |
| export TYGER_ENVIRONMENT_NAME="${environment_name}" | |
| tyger_uri=$(make -s get-tyger-uri) | |
| echo "TYGER_URI=$tyger_uri" >> "$GITHUB_OUTPUT" | |
| echo "TYGER_ENVIRONMENT_NAME=$environment_name" >> "$GITHUB_OUTPUT" | |
| echo "TYGER_ENVIRONMENT_NAME=$environment_name" >> "$GITHUB_ENV" | |
| developer_config=$(scripts/get-context-environment-config.sh -e "developerConfig" -o json | jq -c) | |
| echo "DEVELOPER_CONFIG=$developer_config" >> "$GITHUB_OUTPUT" | |
| echo "DEVELOPER_CONFIG=$developer_config" >> "$GITHUB_ENV" | |
| - name: Verify devcontainer | |
| shell: bash | |
| env: | |
| DEVCONTAINER_IMAGE: compimagdevcontainers.azurecr.io/tyger@sha256:3bb5632271f0f5361b39f22d1511ee7ffd59b736523726251d0bab974eadba02 | |
| run: | | |
| set -euo pipefail | |
| if [[ "$(.devcontainer/get-devcontainer-image.sh)" != "${DEVCONTAINER_IMAGE}" ]]; then | |
| echo "The devcontainer image in azure-pipelines.yml and devcontainer.json must be the same" | |
| fi | |
| docker build -f .devcontainer/Dockerfile --target devcontainer -t devcontainer --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from ${DEVCONTAINER_IMAGE} . | |
| if ! .devcontainer/diff-container-images.sh "${DEVCONTAINER_IMAGE}" devcontainer; then | |
| echo 'Error: the "image" field in devcontainer.json does not reflect the current "devcontainer" target of the Dockerfile. Run .devcontainer/update-devcontainer-image.sh to correct this.' | |
| exit 1 | |
| fi | |
| # - name: Build and verify format | |
| # run: | | |
| # set -eo pipefail | |
| # source /opt/conda/etc/profile.d/conda.sh | |
| # conda activate /opt/conda/envs/tyger | |
| # make restore | |
| # make verify-format | |
| # - name: Deploy and test | |
| # run: | | |
| # set -eo pipefail | |
| # source /opt/conda/etc/profile.d/conda.sh | |
| # conda activate /opt/conda/envs/tyger | |
| # export TYGER_ENVIRONMENT_CONFIG_DIR="${GITHUB_WORKSPACE}/deploy/config/microsoft/ci" | |
| # echo "TYGER_ENVIRONMENT_CONFIG_DIR=$TYGER_ENVIRONMENT_CONFIG_DIR" | |
| # # We have mounted this location in the container, it is identical to the checkout location | |
| # # We need to run the testdata generation from this path to make sure the testdata is generated in the right place. | |
| # # Otherwise, checksums will change and dirty the path and that will cause publishing to fail. | |
| # cd /workspaces/tyger | |
| # set -euo pipefail | |
| # make -s -j 8 | |
| # - name: Publish official images | |
| # run: | | |
| # source /opt/conda/etc/profile.d/conda.sh | |
| # conda activate /opt/conda/envs/tyger | |
| # set -euo pipefail | |
| # cd /workspaces/tyger | |
| # make publish-official-images | |
| - name: Cleanup | |
| if: ${{ always() }} | |
| run: | | |
| set -eo pipefail | |
| source /opt/conda/etc/profile.d/conda.sh | |
| conda activate /opt/conda/envs/tyger | |
| # Point to scale-to-zero config | |
| export TYGER_ENVIRONMENT_CONFIG_DIR="${GITHUB_WORKSPACE}/deploy/config/microsoft" | |
| echo "scaling cluster back down" | |
| make ensure-environment | |
| windows-smoke-tests: | |
| runs-on: windows-latest | |
| needs: | |
| - tyger-build-deploy | |
| - publish-binaries | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: dist | |
| path: dist | |
| - name: Login into Azure | |
| uses: azure/login@v1 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| enable-AzPSSession: true | |
| - name: Run smoke tests | |
| env: | |
| DEVELOPER_CONFIG: ${{ needs.tyger-build-deploy.outputs.DEVELOPER_CONFIG }} | |
| TYGER_URI: ${{ needs.tyger-build-deploy.outputs.TYGER_URI }} | |
| shell: pwsh | |
| run: | | |
| $env:PATH = "$env:GITHUB_WORKSPACE\dist\tyger_windows_amd64_v1;" + $env:PATH | |
| $developerConfig = $env:DEVELOPER_CONFIG | ConvertFrom-Json | |
| $servicePrincipal = $developerConfig.testAppUri | |
| $keyVaultName = $developerConfig.keyVault | |
| $certificateName = $developerConfig.pkcs12CertSecret.name | |
| $certificateVersion = $developerConfig.pkcs12CertSecret.version | |
| # Run tests | |
| .\scripts\Test-CertificateLoginOnWindows.ps1 \ | |
| -ServerUri $env:TYGER_URI \ | |
| -ServicePrincipal $servicePrincipal \ | |
| -KeyVaultName $keyVaultName \ | |
| -CertificateName $certificateName \ | |
| -CertificateVersion $certificateVersion | |
| codeQL: | |
| name: CodeQL | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'microsoft/tyger' | |
| container: | |
| image: compimagdevcontainers.azurecr.io/tyger@sha256:3bb5632271f0f5361b39f22d1511ee7ffd59b736523726251d0bab974eadba02 | |
| options: -v /mnt/storage:/__w/tyger -v /mnt/storage:/workspaces | |
| defaults: | |
| run: | |
| shell: bash | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: csharp, go | |
| - name: "Build" | |
| run: | | |
| set -eo pipefail | |
| source /opt/conda/etc/profile.d/conda.sh | |
| conda activate /opt/conda/envs/tyger | |
| cd /workspaces/tyger | |
| TYGER_ENVIRONMENT_NAME="noenv" make -s build | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 | |
| publish-binaries: | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version-file: 'cli/go.mod' | |
| - uses: cue-lang/[email protected] | |
| with: | |
| version: v0.6.0 | |
| name: install CUE | |
| - name: get container registry | |
| run: | | |
| set -euo pipefail | |
| official_container_registry=$(scripts/get-context-environment-config.sh -e developerConfig.officialContainerRegistry.fqdn) | |
| echo "OFFICIAL_CONTAINER_REGISTRY=$(echo $official_container_registry)" >> $GITHUB_ENV | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v5 | |
| env: | |
| # If this is a tag push, create a release | |
| ARGS: ${{ startsWith(github.ref, 'refs/tags/') && 'release --clean' || 'release --clean --snapshot' }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| version: v1.21.2 | |
| workdir: cli | |
| args: ${{ env.ARGS }} | |
| - name: Upload binaries | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: dist | |
| path: cli/dist |