add reusable workflows

aplr · aplr · commit 08b2dcf3b689 · 2024-05-15T18:06:01.000+02:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,88 @@
+name: Build Evaluation Function Image
+
+on:
+  workflow_call:
+    inputs:
+      template-repository-name:
+        type: string
+        description: "The name of the repository where the template is located"
+        required: true
+      build-target:
+        type: string
+        description: "The target stage of the image to build"
+        required: false
+      build-args:
+        type: string
+        description: "The build arguments to pass to the Docker build"
+        required: false
+      build-arm:
+        type: boolean
+        description: "Enable aarch64 build"
+        required: false
+        default: true
+    secrets:
+      build-secrets:
+        description: "The Docker secrets to use for the build"
+        required: false
+
+jobs:
+  build:
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest
+    if: github.repository != inputs.template-repository-name
+    concurrency:
+      group: ${{ github.ref }}
+      cancel-in-progress: ${{ github.event_name == 'pull_request' || github.ref_name != github.event.repository.default_branch }}
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        if: inputs.build-arm && github.ref_name == github.event.repository.default_branch
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx (QEMU)
+        if: inputs.build-arm && github.ref_name == github.event.repository.default_branch
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Github Packages
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=edge,branch=main
+          images: |
+            ghcr.io/${{ github.repository }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          target: ${{ inputs.build-target }}
+          push: ${{ (github.event_name == 'push' && (github.ref_name == github.event.repository.default_branch || github.ref_type == 'tag')) || github.event_name == 'pull_request' }}
+          platforms: ${{ inputs.build-arm && github.ref_name == github.event.repository.default_branch && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
+          provenance: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max,ignore-error=true
+          build-args: ${{ inputs.build-args }}
+          secrets: ${{ secrets.build-secrets }}
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,98 @@
+name: Build and Deploy Evaluation Function to Lambda Feedback
+
+on:
+  workflow_call:
+    inputs:
+      region:
+        type: string
+        description: "The AWS region to deploy to"
+        default: "eu-west-2"
+        required: false
+      template-repository-name:
+        type: string
+        description: "The name of the repository where the template is located"
+        required: true
+      build-target:
+        type: string
+        description: "The target stage of the image to build"
+        required: false
+      build-args:
+        type: string
+        description: "The build arguments to pass to the Docker build"
+        required: false
+    secrets:
+      build-secrets:
+        description: "The Docker secrets to use for the build"
+        required: false
+
+jobs:
+  setup:
+    name: Setup
+    runs-on: ubuntu-latest
+    if: github.repository != inputs.template-repository-name
+    outputs:
+      evaluation_function_name: ${{ steps.evaluation_function_name.outputs.name }}
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check for config.json
+        run: |
+          if [[ ! -f "config.json" ]]; then echo "Error: config.json not found."; exit 1; fi
+
+      - name: Parse config.json
+        id: config
+        run: |
+          echo 'config<<EOF' >> $GITHUB_OUTPUT
+          cat ./config.json >> $GITHUB_OUTPUT
+          echo 'EOF' >> $GITHUB_OUTPUT
+
+      - name: Get Evaluation Function Name
+        id: evaluation_function_name
+        run: |
+          functionName="${{fromJson(steps.config.outputs.config).EvaluationFunctionName}}"
+          if [[ -z "$functionName" ]]; then echo "Set EvaluationFunctionName in config.json"; exit 1; fi
+          echo "name=$functionName" >> "$GITHUB_OUTPUT"
+
+  build:
+    uses: ./.github/workflows/lambda_build.yml
+    needs: setup
+    strategy:
+      fail-fast: false
+      matrix:
+        environment: [staging, production]
+    with:
+      environment: ${{ matrix.environment }}
+      function-name: ${{ needs.setup.outputs.evaluation_function_name }}
+      region: ${{ inputs.region }}
+      build-target: ${{ inputs.build-target }}
+      build-args: ${{ inputs.build-args }}
+    secrets:
+      build-secrets: ${{ secrets.build-secrets }}
+
+
+  deploy-staging:
+    uses: ./.github/workflows/lambda_deploy.yml
+    needs: [setup, build]
+    with:
+      environment: staging
+      api-url: https://staging-api.lambdafeedback.com
+      image-name: ${{ needs.build.outputs.registry }}/lambda-feedback-staging-functions-repository:${{ needs.setup.outputs.evaluation_function_name }}
+      function-name: ${{ needs.setup.outputs.evaluation_function_name }}
+      region: ${{ inputs.region }}
+
+  deploy-production:
+    uses: ./.github/workflows/lambda_deploy.yml
+    needs: [setup, build]
+    with:
+      environment: production
+      api-url: https://prod-api.lambdafeedback.com
+      image-name: ${{ needs.build.outputs.registry }}/lambda-feedback-production-functions-repository:${{ needs.setup.outputs.evaluation_function_name }}
+      function-name: ${{ needs.setup.outputs.evaluation_function_name }}
+      region: ${{ inputs.region }}
diff --git a/.github/workflows/lambda_build.yml b/.github/workflows/lambda_build.yml
@@ -0,0 +1,96 @@
+name: Build and Push Evaluation Function Image
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        description: "The environment to deploy to"
+        required: true
+      region:
+        type: string
+        description: "The AWS region to deploy to"
+        default: "eu-west-2"
+        required: false
+      function-name:
+        type: string
+        description: "The name of the Lambda function to deploy"
+        required: true
+      build-target:
+        type: string
+        description: "The target stage of the image to build"
+        required: false
+      build-args:
+        type: string
+        description: "The build arguments to pass to the Docker build"
+        required: false
+    secrets:
+      build-secrets:
+        description: "The Docker secrets to use for the build"
+        required: false
+    outputs:
+      registry:
+        description: "The registry where the image was pushed"
+        value: ${{ jobs.build.outputs.registry }}
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    outputs:
+      registry: ${{ steps.login-ecr.outputs.registry }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.LAMBDA_CONTAINER_PIPELINE_AWS_ID }}
+          aws-secret-access-key: ${{ secrets.LAMBDA_CONTAINER_PIPELINE_AWS_SECRET }}
+          aws-region: ${{ inputs.region }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Login to Github Packages
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          flavor: |
+            latest=false
+          tags: |
+            type=raw,value=${{ inputs.function-name }}
+          images: |
+            ${{ steps.login-ecr.outputs.registry }}/lambda-feedback-${{ inputs.environment }}-functions-repository
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          target: ${{ inputs.build-target }}
+          push: true
+          provenance: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max,ignore-error=true
+          build-args: ${{ inputs.build-args }}
+          secrets: ${{ secrets.build-secrets }}
diff --git a/.github/workflows/lambda_deploy.yml b/.github/workflows/lambda_deploy.yml
@@ -0,0 +1,58 @@
+name: Deploy Evaluation Function to Lambda Feedback
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        description: "The environment to deploy to"
+        required: true
+      api-url:
+        type: string
+        description: "The URL of the backend API"
+        required: true
+      image-name:
+        type: string
+        description: "The name of the Docker image to deploy"
+        required: true
+      function-name:
+        type: string
+        description: "The name of the Lambda function to deploy"
+        required: true
+      region:
+        type: string
+        description: "The AWS region to deploy to"
+        default: "eu-west-2"
+        required: false
+
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.LAMBDA_CONTAINER_PIPELINE_AWS_ID }}
+          aws-secret-access-key: ${{ secrets.LAMBDA_CONTAINER_PIPELINE_AWS_SECRET }}
+          aws-region: ${{ inputs.region }}
+
+      - name: Deploy Evaluation Function
+        id: deploy-evaluation-function
+        env:
+          BACKEND_API_URL: ${{ inputs.api-url }}
+          API_KEY: ${{ secrets.FUNCTION_ADMIN_API_KEY }}
+          IMAGE_NAME: ${{ inputs.image-name }}
+          FUNCTION_NAME: ${{ inputs.function-name }}
+        run: |
+          curl -f --location --request POST "$BACKEND_API_URL/grading-function/ensure" \
+          --header 'content-type: application/json' \
+          --data-raw "{
+              \"apiKey\": \"$API_KEY\",
+              \"dockerImageUri\": \"$IMAGE_NAME\",
+              \"functionName\": \"$FUNCTION_NAME\"
+          }"
