From 0c0028113baa87239450af892a97a98c120d84b6 Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 6 Sep 2022 15:12:03 -0700 Subject: [PATCH 1/9] Build & deploy nightly builds for develop branch --- .github/workflows/nightly.yml | 87 +++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 .github/workflows/nightly.yml diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml new file mode 100644 index 000000000..fb3de55fb --- /dev/null +++ b/.github/workflows/nightly.yml @@ -0,0 +1,87 @@ +# Copyright 2022 MONAI Consortium +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Deploy Nightly +on: + schedule: + - cron: '0 7 * * *' # run at 7 AM UTC/12 AM PT + +env: + REGISTRY: ghcr.io + +jobs: + nightly: + runs-on: ubuntu-latest + strategy: + matrix: + feature: [WorkflowManager, TaskManager] + fail-fast: false + env: + IMAGE_NAME: ${{ github.repository_owner }}/${{ matrix.feature }} + steps: + - name: Get Date + id: date + run: echo "::set-output name=date::$(date +'%Y-%m-%d')" + + - name: Log in to the Container registry + uses: docker/login-action@v2.0.0 + if: ${{ (matrix.os == 'ubuntu-latest') }} + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v4.0.1 + if: ${{ (matrix.os == 'ubuntu-latest') }} + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=develop-latest + type=raw,value=develop-nightly-${{ steps.date.outputs.date }} + + - name: Build and Push Docker image for ${{ matrix.feature }} + uses: docker/build-push-action@v3.1.1 + if: ${{ (matrix.os == 'ubuntu-latest') }} + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + file: ${{ matrix.feature }}.Dockerfile + + - name: Scan Image with Azure Container Scan + env: + TRIVY_TIMEOUT_SEC: 360s + uses: Azure/container-scan@v0.1 + if: ${{ (matrix.os == 'ubuntu-latest') }} + with: + image-name: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + + - name: Anchore container scan + id: anchore-scan + uses: anchore/scan-action@v3.2.5 + if: ${{ (matrix.os == 'ubuntu-latest') }} + with: + image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + fail-build: true + severity-cutoff: critical + + - name: Upload Anchore scan SARIF report + uses: github/codeql-action/upload-sarif@v2 + if: ${{ (matrix.os == 'ubuntu-latest') }} + with: + sarif_file: ${{ steps.anchore-scan.outputs.sarif }} + token: ${{ secrets.GITHUB_TOKEN }} From e9d5e622ae224c5012e50bc2bc5c40e97493c29b Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 6 Sep 2022 16:23:30 -0700 Subject: [PATCH 2/9] Change schedule for testing Signed-off-by: Victor Chang --- .github/workflows/nightly.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index fb3de55fb..1b7f53b6a 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -14,11 +14,15 @@ name: Deploy Nightly on: + pull_request: + branches: + - 'develop' + push: + branches: + - 'develop' schedule: - cron: '0 7 * * *' # run at 7 AM UTC/12 AM PT - -env: - REGISTRY: ghcr.io + workflow_dispatch: jobs: nightly: @@ -29,6 +33,7 @@ jobs: fail-fast: false env: IMAGE_NAME: ${{ github.repository_owner }}/${{ matrix.feature }} + REGISTRY: ghcr.io steps: - name: Get Date id: date From 2fb830d2fde895a2f6a91085f6d0765e1dfeaca2 Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 6 Sep 2022 16:24:53 -0700 Subject: [PATCH 3/9] Test nightly build Signed-off-by: Victor Chang --- .github/workflows/nightly.yml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 1b7f53b6a..ac498d2a8 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: Deploy Nightly +name: Deploy Develop Nightly on: pull_request: branches: @@ -25,7 +25,7 @@ on: workflow_dispatch: jobs: - nightly: + build-and-deploy: runs-on: ubuntu-latest strategy: matrix: @@ -41,7 +41,6 @@ jobs: - name: Log in to the Container registry uses: docker/login-action@v2.0.0 - if: ${{ (matrix.os == 'ubuntu-latest') }} with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -50,7 +49,6 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v4.0.1 - if: ${{ (matrix.os == 'ubuntu-latest') }} with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | @@ -59,7 +57,6 @@ jobs: - name: Build and Push Docker image for ${{ matrix.feature }} uses: docker/build-push-action@v3.1.1 - if: ${{ (matrix.os == 'ubuntu-latest') }} with: context: . push: ${{ github.event_name != 'pull_request' }} @@ -71,14 +68,12 @@ jobs: env: TRIVY_TIMEOUT_SEC: 360s uses: Azure/container-scan@v0.1 - if: ${{ (matrix.os == 'ubuntu-latest') }} with: image-name: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} - name: Anchore container scan id: anchore-scan uses: anchore/scan-action@v3.2.5 - if: ${{ (matrix.os == 'ubuntu-latest') }} with: image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} fail-build: true @@ -86,7 +81,6 @@ jobs: - name: Upload Anchore scan SARIF report uses: github/codeql-action/upload-sarif@v2 - if: ${{ (matrix.os == 'ubuntu-latest') }} with: sarif_file: ${{ steps.anchore-scan.outputs.sarif }} token: ${{ secrets.GITHUB_TOKEN }} From d7fb24857a8a0eff24f27cc1f87c3ef2d11259da Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 6 Sep 2022 16:26:35 -0700 Subject: [PATCH 4/9] Test nightly build Signed-off-by: Victor Chang --- .github/workflows/nightly.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index ac498d2a8..16d58dd5c 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -35,6 +35,11 @@ jobs: IMAGE_NAME: ${{ github.repository_owner }}/${{ matrix.feature }} REGISTRY: ghcr.io steps: + - name: Checkout repository + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Get Date id: date run: echo "::set-output name=date::$(date +'%Y-%m-%d')" From 52dc9b2a21ba31774e5c6fd550acdd9565da40f5 Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 6 Sep 2022 16:44:00 -0700 Subject: [PATCH 5/9] Test nightly build Signed-off-by: Victor Chang --- .github/workflows/nightly.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 16d58dd5c..7a1764b12 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@v3 with: fetch-depth: 0 - + - name: Get Date id: date run: echo "::set-output name=date::$(date +'%Y-%m-%d')" @@ -60,11 +60,10 @@ jobs: type=raw,value=develop-latest type=raw,value=develop-nightly-${{ steps.date.outputs.date }} - - name: Build and Push Docker image for ${{ matrix.feature }} + - name: Build and Push Container Image for ${{ matrix.feature }} uses: docker/build-push-action@v3.1.1 with: context: . - push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} file: ${{ matrix.feature }}.Dockerfile @@ -76,7 +75,7 @@ jobs: with: image-name: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} - - name: Anchore container scan + - name: Anchore Container Scan id: anchore-scan uses: anchore/scan-action@v3.2.5 with: @@ -84,7 +83,7 @@ jobs: fail-build: true severity-cutoff: critical - - name: Upload Anchore scan SARIF report + - name: Upload Anchore Scan SARIF Report uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ steps.anchore-scan.outputs.sarif }} From dd7d093067b416664fbc015eaef22be0aa66da3b Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 6 Sep 2022 16:52:30 -0700 Subject: [PATCH 6/9] Push builds Signed-off-by: Victor Chang --- .github/workflows/nightly.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 7a1764b12..315f6eb40 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: Deploy Develop Nightly +name: Nightly Builds (develop) on: pull_request: branches: @@ -64,6 +64,7 @@ jobs: uses: docker/build-push-action@v3.1.1 with: context: . + push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} file: ${{ matrix.feature }}.Dockerfile From 3bc9f4bc32dd14521d2d2a0faed061e08fdfd825 Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 6 Sep 2022 17:01:34 -0700 Subject: [PATCH 7/9] Change image name Signed-off-by: Victor Chang --- .github/workflows/nightly.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 315f6eb40..10540f1f9 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -28,9 +28,13 @@ jobs: build-and-deploy: runs-on: ubuntu-latest strategy: - matrix: - feature: [WorkflowManager, TaskManager] fail-fast: false + matrix: + include: + - dockerfile: WorkflowManager.Dockerfile + image: ghcr.io/project-monai/mona-deploy-workflow-manager + - dockerfile: TaskManager.Dockerfile + image: ghcr.io/project-monai/mona-deploy-task-manager env: IMAGE_NAME: ${{ github.repository_owner }}/${{ matrix.feature }} REGISTRY: ghcr.io @@ -55,7 +59,7 @@ jobs: id: meta uses: docker/metadata-action@v4.0.1 with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + images: ${{ matrix.image }} tags: | type=raw,value=develop-latest type=raw,value=develop-nightly-${{ steps.date.outputs.date }} @@ -67,7 +71,7 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - file: ${{ matrix.feature }}.Dockerfile + file: ${{ matrix.dockerfile }} - name: Scan Image with Azure Container Scan env: From 8e52daec44d9ec9cdf851ef5562563d973ed7722 Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 6 Sep 2022 17:13:30 -0700 Subject: [PATCH 8/9] Allow package writes Signed-off-by: Victor Chang --- .github/workflows/nightly.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 10540f1f9..192bee6be 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -36,8 +36,9 @@ jobs: - dockerfile: TaskManager.Dockerfile image: ghcr.io/project-monai/mona-deploy-task-manager env: - IMAGE_NAME: ${{ github.repository_owner }}/${{ matrix.feature }} REGISTRY: ghcr.io + permissions: + packages: write steps: - name: Checkout repository uses: actions/checkout@v3 From 4f6c5402048468a702644236396333cf9696ca03 Mon Sep 17 00:00:00 2001 From: Victor Chang Date: Tue, 6 Sep 2022 17:16:16 -0700 Subject: [PATCH 9/9] Run nightly builds on scheduls only Signed-off-by: Victor Chang --- .github/workflows/nightly.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 192bee6be..07d321879 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -14,12 +14,6 @@ name: Nightly Builds (develop) on: - pull_request: - branches: - - 'develop' - push: - branches: - - 'develop' schedule: - cron: '0 7 * * *' # run at 7 AM UTC/12 AM PT workflow_dispatch: