instructlab/.github/workflows/e2e-nvidia-l4-x1.yml at main · instructlab/instructlab · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
# SPDX-License-Identifier: Apache-2.0

name: E2E (NVIDIA L4 x1)

on:
  # run against every merge commit to 'main' and release branches
  push:
    branches:
      - main
      - release-*
  # only run on PRs that touch certain regex paths
  pull_request_target:
    branches:
      - main
      - release-*
    paths:
      # note this should match the merging criteria in 'mergify.yml'
      - '**.py'
      - 'pyproject.toml'
      - 'requirements**.txt'
      - 'constraints-dev.txt'
      - 'scripts/install-ilab-with-cuda.sh' # Used by this workflow
      - 'scripts/e2e-ci.sh' # Used by this workflow
      - 'scripts/test-data/**'
      - 'src/instructlab/profiles/**'
  workflow_dispatch: {}

concurrency:
  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
  cancel-in-progress: true

env:
  LC_ALL: en_US.UTF-8
  TMPDIR: /home/tmp

defaults:
  run:
    shell: bash

permissions:
  contents: read

jobs:
  e2e-medium-workflow-ready:
    permissions:
      checks: read
    uses: ./.github/workflows/status-checks.yml
    with:
      job_ids: >- # Space-separated job ids to wait on for status checks
        actionlint
        markdown-lint
        shellcheck
        lint-workflow-complete

  start-medium-ec2-runner:
    runs-on: ubuntu-latest
    outputs:
      label: ${{ steps.launch-ec2-instance-with-fallback.outputs.label }}
      ec2-instance-id: ${{ steps.launch-ec2-instance-with-fallback.outputs.ec2-instance-id }}
      ec2-instance-region: ${{ steps.launch-ec2-instance-with-fallback.outputs.ec2-instance-region }}
    steps:
      - name: Checkout "launch-ec2-runner-with-fallback" in-house CI action
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          repository: instructlab/ci-actions
          # clone the "ci-actions" repo to a local directory called "ci-actions", instead of
          # overwriting the current WORKDIR contents
          path: ci-actions
          ref: v0.2.1
          sparse-checkout: |
            actions/launch-ec2-runner-with-fallback

      - name: Launch EC2 Runner with Fallback
        id: launch-ec2-instance-with-fallback
        uses: ./ci-actions/actions/launch-ec2-runner-with-fallback
        env:
          TMPDIR: "/tmp"
        with:
          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          github_token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
          regions_config: >
            [
              {
                "region": "us-east-2",
                "subnets": {
                  "us-east-2a": "${{ vars.SUBNET_US_EAST_2A }}",
                  "us-east-2b": "${{ vars.SUBNET_US_EAST_2B }}",
                  "us-east-2c": "${{ vars.SUBNET_US_EAST_2C }}"
                },
                "ec2-ami": "${{ vars.AWS_EC2_AMI_US_EAST_2 }}",
                "security-group-id": "${{ vars.SECURITY_GROUP_ID_US_EAST_2 }}"
              },
              {
                "region": "us-east-1",
                "subnets": {
                  "us-east-1a": "${{ vars.SUBNET_US_EAST_1A }}",
                  "us-east-1b": "${{ vars.SUBNET_US_EAST_1B }}",
                  "us-east-1c": "${{ vars.SUBNET_US_EAST_1C }}",
                  "us-east-1d": "${{ vars.SUBNET_US_EAST_1D }}",
                  "us-east-1e": "${{ vars.SUBNET_US_EAST_1E }}",
                  "us-east-1f": "${{ vars.SUBNET_US_EAST_1F }}"
                },
                "ec2-ami": "${{ vars.AWS_EC2_AMI_US_EAST_1 }}",
                "security-group-id": "${{ vars.SECURITY_GROUP_ID_US_EAST_1 }}"
              }
            ]
          try_spot_instance_first: false
          ec2_instance_type: g6.8xlarge
          aws_resource_tags: >
            [
              {"Key": "Name", "Value": "instructlab-ci-github-medium-runner"},
              {"Key": "GitHubRepository", "Value": "${{ github.repository }}"},
              {"Key": "GitHubRef", "Value": "${{ github.ref }}"},
              {"Key": "GitHubPR", "Value": "${{ github.event.number }}"}
            ]
  e2e-medium-test:
    needs:
      - start-medium-ec2-runner
    runs-on: ${{ needs.start-medium-ec2-runner.outputs.label }}

    # It is important that this job has no write permissions and has
    # no access to any secrets. This part (e2e-test) is where we are running
    # untrusted code from PRs.
    permissions: {}

    steps:
      - name: Install Packages
        run: |
          cat /etc/os-release
          mkdir -p /home/tmp
          sudo dnf install -y gcc gcc-c++ make git-core python3.11 python3.11-devel

      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          # https://github.com/actions/checkout/issues/249
          fetch-depth: 0

      - name: Install dependent PRs if needed
        uses: depends-on/depends-on-action@61cb3f4a0e2c8ae4b90c9448dc57c7ba9ca24c35 # main
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Fetch and checkout PR
        if: ${{ github.event_name == 'pull_request_target' }}
        run: |
          git fetch origin pull/${{ github.event.number }}/head:pr-${{ github.event.number }}
          git checkout pr-${{ github.event.number }}

      - name: Install ilab
        run: |
          PYTHON="python3.11" ./scripts/install-ilab-with-cuda.sh

      - name: Check disk before tests
        run: |
          df -h

      - name: Run e2e test
        run: |
          . venv/bin/activate
          ./scripts/e2e-ci.sh -m -p

      - name: Check disk after tests
        if: always()
        run: |
          df -h

  stop-medium-ec2-runner:
    needs:
      - start-medium-ec2-runner
      - e2e-medium-test
    runs-on: ubuntu-latest
    if: ${{ always() }}
    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ needs.start-medium-ec2-runner.outputs.ec2-instance-region }}

      - name: Stop EC2 runner
        uses: machulav/ec2-github-runner@fcfb31a5760dad1314a64a0e172b78ec6fc8a17e # v2.3.6
        with:
          mode: stop
          github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
          label: ${{ needs.start-medium-ec2-runner.outputs.label }}
          ec2-instance-id: ${{ needs.start-medium-ec2-runner.outputs.ec2-instance-id }}

  e2e-medium-workflow-complete:
    # we don't want to block PRs on failed EC2 cleanup
    # so not requiring "stop-medium-ec2-runner" as well
    permissions:
      checks: read
    uses: ./.github/workflows/status-checks.yml
    with:
      job_ids: >- # Space-separated job ids to wait on for status checks
        e2e-medium-workflow-ready
        start-medium-ec2-runner
        e2e-medium-test