This repository has been archived by the owner on Feb 15, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 33
212 lines (175 loc) · 8.36 KB
/
nightly-snapshot-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
name: nightly-snapshot-release
on:
schedule:
- cron: "0 8 * * *" # Runs daily at 12 AM PST
workflow_dispatch: # trigger manually as needed
pull_request:
types:
- opened # default trigger
- reopened # default trigger
- synchronize # default trigger
- ready_for_review # don't run on draft PRs
- milestoned # allows us to trigger on bot PRs
paths:
- .github/workflows/nightly-snapshot-release.yaml
concurrency:
group: nightly-snapshot-release-${{ github.ref }}
cancel-in-progress: true
defaults:
run:
shell: bash
env:
SNAPSHOT_VERSION: snapshot-latest
SNAPSHOT_SUB_REPOSITORY: /uds/snapshots/
permissions:
contents: read
packages: write
id-token: write # This is needed for OIDC federation.
jobs:
snapshot-release:
runs-on: ai-ubuntu-big-boy-8-core
name: nightly_snapshot_release
if: ${{ !github.event.pull_request.draft }}
steps:
- name: Checkout Repo
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Release LeapfrogAI ${{ env.SNAPSHOT_VERSION }}
uses: ./.github/actions/release
with:
releaseTag: ${{ env.SNAPSHOT_VERSION }}
subRepository: ${{ env.SNAPSHOT_SUB_REPOSITORY }}
registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
ghToken: ${{ secrets.GITHUB_TOKEN }}
chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }}
test-snapshot:
runs-on: ai-ubuntu-big-boy-8-core
name: nightly_test_snapshot
if: ${{ !github.event.pull_request.draft }}
needs: snapshot-release
permissions:
contents: read
packages: write
id-token: write # This is needed for OIDC federation.
steps:
# Checkout main just to see the latest release in the release-please manifest
- name: Checkout Repo (main)
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
ref: main
- name: Get Latest Release Version
id: get_version
run: |
LFAI_VERSION=$(jq -r '.["."]' .github/.release-please-manifest.json)
echo "LFAI_VERSION=$LFAI_VERSION" >> $GITHUB_OUTPUT
################
# LATEST RELEASE
################
# Checkout the latest release in the release-please manifest
- name: Checkout Repo (v${{ steps.get_version.outputs.LFAI_VERSION }})
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
ref: v${{ steps.get_version.outputs.LFAI_VERSION }}
- name: Setup UDS Cluster (v${{ steps.get_version.outputs.LFAI_VERSION }})
uses: ./.github/actions/uds-cluster
with:
registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
ghToken: ${{ secrets.GITHUB_TOKEN }}
chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }}
# This is needed due to delay in tagged releases versus the version refs within the UDS bundles
- name: Mutation of the UDS Bundle (v${{ steps.get_version.outputs.LFAI_VERSION }})
run: |
uds zarf tools yq -i '.metadata.version = "v${{ steps.get_version.outputs.LFAI_VERSION }}"' bundles/latest/cpu/uds-bundle.yaml
uds zarf tools yq -i '.packages[].ref |= sub("^[^ ]+-upstream$", "${{ steps.get_version.outputs.LFAI_VERSION }}-upstream")' bundles/latest/cpu/uds-bundle.yaml
- name: Create and Deploy UDS Bundle (v${{ steps.get_version.outputs.LFAI_VERSION }})
run: |
cd bundles/latest/cpu
uds create . --confirm && \
uds deploy uds-bundle-leapfrogai-amd64-v${{ steps.get_version.outputs.LFAI_VERSION }}.tar.zst --confirm --no-progress && \
rm -rf uds-bundle-leapfrogai-amd64-v${{ steps.get_version.outputs.LFAI_VERSION }}.tar.zst && \
docker system prune -af
#################
# MAIN (SNAPSHOT)
#################
- name: Checkout Repo (main)
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
ref: main
- name: Print the Commit SHA (main)
run: |
COMMIT_SHA=$(git rev-parse HEAD)
echo "The latest commit on the main branch is: $COMMIT_SHA"
- name: Setup Python (main)
uses: ./.github/actions/python
# Set UDS CPU bundle refs and repositories to snapshot-latest
- name: Mutation of the UDS Bundle (main)
run: |
uds zarf tools yq -i '.metadata.version = "${{ env.SNAPSHOT_VERSION }}"' bundles/latest/cpu/uds-bundle.yaml
uds zarf tools yq -i '.packages[].ref |= sub("^[^ ]+-upstream$", "${{ env.SNAPSHOT_VERSION }}-upstream")' bundles/latest/cpu/uds-bundle.yaml
uds zarf tools yq -i '.packages[].repository |= sub("/uds/", "/uds/snapshots/")' bundles/latest/cpu/uds-bundle.yaml
- name: Create and Deploy UDS Bundle (main)
run: |
cd bundles/latest/cpu
uds create . --confirm && \
uds deploy uds-bundle-leapfrogai-amd64-${{ env.SNAPSHOT_VERSION }}.tar.zst --confirm --no-progress && \
rm -rf uds-bundle-leapfrogai-amd64-${{ env.SNAPSHOT_VERSION }}.tar.zst && \
docker system prune -af
#########
# TESTING
#########
- name: Generate Secrets
id: generate_secrets
run: |
ANON_KEY=$(uds zarf tools kubectl get secret supabase-bootstrap-jwt -n leapfrogai -o jsonpath='{.data.anon-key}' | base64 -d)
echo "::add-mask::$ANON_KEY"
echo "ANON_KEY=$ANON_KEY" >> $GITHUB_OUTPUT
FAKE_PASSWORD=$(cat <(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9!@#$%^&*()_+-=[]{}|;:,.<>?' | head -c 20) <(echo '!@1Aa') | fold -w1 | shuf | tr -d '\n')
echo "::add-mask::$FAKE_PASSWORD"
echo "FAKE_PASSWORD=$FAKE_PASSWORD" >> $GITHUB_OUTPUT
SERVICE_KEY=$(uds zarf tools kubectl get secret -n leapfrogai supabase-bootstrap-jwt -o jsonpath={.data.service-key} | base64 -d)
echo "::add-mask::$SERVICE_KEY"
echo "SERVICE_KEY=$SERVICE_KEY" >> $GITHUB_OUTPUT
- name: Verify Secrets
run: |
echo "FAKE_PASSWORD is set: ${{ steps.generate_secrets.outputs.FAKE_PASSWORD != '' }}"
echo "ANON_KEY is set: ${{ steps.generate_secrets.outputs.ANON_KEY != '' }}"
echo "SERVICE_KEY is set: ${{ steps.generate_secrets.outputs.SERVICE_KEY != '' }}"
# Backends
- name: Run Backend E2E Tests
env:
ANON_KEY: ${{ steps.generate_secrets.outputs.ANON_KEY }}
SERVICE_KEY: ${{ steps.generate_secrets.outputs.SERVICE_KEY }}
LEAPFROGAI_MODEL: llama-cpp-python
run: |
python -m pytest -vvv -s ./tests/e2e
- name: Setup Playwright
run: |
npm --prefix src/leapfrogai_ui ci
npx --prefix src/leapfrogai_ui playwright install
- name: Run Playwright E2E Tests
env:
SERVICE_ROLE_KEY: ${{ steps.generate_secrets.outputs.SERVICE_KEY }}
FAKE_E2E_USER_PASSWORD: ${{ steps.generate_secrets.outputs.FAKE_PASSWORD }}
ANON_KEY: ${{ steps.generate_secrets.outputs.ANON_KEY }}
run: |
chmod +x ./.github/scripts/createUser.sh
./.github/scripts/createUser.sh
cp src/leapfrogai_ui/.env.example src/leapfrogai_ui/.env
mkdir -p playwright/auth
touch playwright/auth.user.json
SERVICE_ROLE_KEY=$SERVICE_ROLE_KEY TEST_ENV=CI USERNAME=doug PASSWORD=$FAKE_E2E_USER_PASSWORD PUBLIC_SUPABASE_ANON_KEY=$ANON_KEY DEFAULT_MODEL=llama-cpp-python npm --prefix src/leapfrogai_ui run test:integration:ci
- name: Archive Playwright Report
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
if: ${{ !cancelled() }}
with:
name: playwright-report
path: src/leapfrogai_ui/e2e-report/
retention-days: 30
- name: Get Cluster Debug Information
id: debug
if: ${{ !cancelled() }}
uses: defenseunicorns/uds-common/.github/actions/debug-output@e3008473beab00b12a94f9fcc7340124338d5c08 # v0.13.1
- name: Get Cluster Debug Information
if: ${{ !cancelled() && steps.debug.conclusion == 'success' }}
uses: defenseunicorns/uds-common/.github/actions/save-logs@e3008473beab00b12a94f9fcc7340124338d5c08 # v0.13.1