-
Notifications
You must be signed in to change notification settings - Fork 17
137 lines (129 loc) · 4.62 KB
/
build-in-devcontainer.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
on:
workflow_call:
inputs:
sha:
type: string
arch:
type: string
default: '["amd64"]'
cuda:
type: string
default: '["12.0"]'
python_package_manager:
type: string
default: '["conda", "pip"]'
repo:
type: string
node_type:
type: string
default: "cpu8"
build_command:
type: string
required: true
# Note that this is the _name_ of a secret containing the key, not the key itself.
extra-repo-deploy-key:
required: false
type: string
default: ''
# Note that this is the _name_ of a secret containing the key, not the key itself.
extra-repo-deploy-key-2:
required: false
type: string
default: ''
# the use of secrets in shared-workflows is discouraged, especially for public repositories.
# these values were added for situations where the use of secrets is unavoidable.
secrets:
RAPIDS_AUX_SECRET_1:
required: false
permissions:
actions: read
checks: none
contents: read
deployments: none
discussions: none
id-token: write
issues: none
packages: read
pages: none
pull-requests: read
repository-projects: none
security-events: none
statuses: none
jobs:
build:
strategy:
fail-fast: false
matrix:
arch: ${{ fromJSON(inputs.arch) }}
cuda: ${{ fromJSON(inputs.cuda) }}
pkgr: ${{ fromJSON(inputs.python_package_manager) }}
runs-on: "linux-${{ matrix.arch }}-${{ inputs.node_type }}"
name: "${{matrix.arch}}, ${{matrix.cuda}}, ${{matrix.pkgr}}"
steps:
- uses: actions/checkout@v4
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.sha }}
fetch-depth: 0
- name: Telemetry setup
uses: rapidsai/shared-actions/telemetry-dispatch-load-base-env-vars@main
continue-on-error: true
- name: Check if repo has devcontainer
run: |
echo "REPOSITORY=$(basename $(pwd))" | tee -a "${GITHUB_ENV}";
if test -f .devcontainer/cuda${{ matrix.cuda }}-${{ matrix.pkgr }}/devcontainer.json; then
echo "HAS_DEVCONTAINER=true" >> "${GITHUB_ENV}";
else
echo "HAS_DEVCONTAINER=false" >> "${GITHUB_ENV}";
fi
- if: ${{ env.HAS_DEVCONTAINER == 'true' }}
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ vars.AWS_ROLE_ARN }}
aws-region: ${{ vars.AWS_REGION }}
role-duration-seconds: 43200 # 12h
- if: ${{ env.HAS_DEVCONTAINER == 'true' }}
name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '16'
- if: ${{ env.HAS_DEVCONTAINER == 'true' }}
name: Run build in devcontainer
uses: devcontainers/ci@v0.3
with:
push: never
configFile: .devcontainer/cuda${{ matrix.cuda }}-${{ matrix.pkgr }}/devcontainer.json
env: |
REPOSITORY=${{ env.REPOSITORY }}
SCCACHE_REGION=${{ vars.AWS_REGION }}
AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }}
AWS_SESSION_TOKEN=${{ env.AWS_SESSION_TOKEN }}
AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }}
RAPIDS_AUX_SECRET_1=${{ secrets.RAPIDS_AUX_SECRET_1 }}
runCmd: |
set -e;
mkdir -p ~/.config/pip/;
cat <<EOF >> ~/.config/pip/pip.conf
[global]
extra-index-url = https://pypi.anaconda.org/rapidsai-wheels-nightly/simple
EOF
rapids-make-${PYTHON_PACKAGE_MANAGER}-env;
if test -n '${{ inputs.extra-repo-deploy-key }}' \
|| test -n '${{ inputs.extra-repo-deploy-key-2 }}'; then
if ! pgrep ssh-agent >/dev/null 2>&1; then eval "$(ssh-agent -s)"; fi;
if test -n '${{ inputs.extra-repo-deploy-key }}'; then
ssh-add - <<< '${{ secrets[inputs.extra-repo-deploy-key] }}';
fi
if test -n '${{ inputs.extra-repo-deploy-key-2 }}'; then
ssh-add - <<< '${{ secrets[inputs.extra-repo-deploy-key-2] }}';
fi
devcontainer-utils-init-ssh-deploy-keys || true;
fi
cd ~/"${REPOSITORY}";
${{ inputs.build_command }}
- name: Telemetry summarize
uses: rapidsai/shared-actions/telemetry-dispatch-write-summary@main
continue-on-error: true
if: always()
with:
cert_concat: "${{ secrets.OTEL_EXPORTER_OTLP_CA_CERTIFICATE }};${{ secrets.OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE }};${{ secrets.OTEL_EXPORTER_OTLP_CLIENT_KEY }}"