Additional NF AWS execution permissions #80
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR validation | |
| on: | |
| pull_request: | |
| types: [synchronize, opened, reopened, edited] | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| pipeline-seq-retrieval-container-image-build: | |
| name: pipeline/seq_retrieval container-image build | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| sparse-checkout: | | |
| pipeline/seq_retrieval/ | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build container image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./pipeline/seq_retrieval/ | |
| push: false | |
| tags: agr_pavi/pipeline_seq_retrieval:latest | |
| outputs: type=docker,dest=/tmp/pavi_seq_retrieval_docker_image.tar | |
| - name: Upload image as artifact (share between jobs) | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: seq_retrieval_image | |
| path: /tmp/pavi_seq_retrieval_docker_image.tar | |
| pipeline-seq-retrieval-code-checks: | |
| name: pipeline/seq_retrieval code checks | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: ./pipeline/seq_retrieval/ | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| sparse-checkout: | | |
| pipeline/seq_retrieval/ | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| - name: Python typing test | |
| run: | | |
| make run-python-type-check | |
| - name: Python style test | |
| run: | | |
| make run-python-style-check | |
| - name: Run unit tests | |
| run: | | |
| make run-unit-tests | |
| pipeline-alignment-container-image-build: | |
| name: pipeline/alignment container-image build | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| sparse-checkout: | | |
| pipeline/alignment/ | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build container image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./pipeline/alignment/ | |
| push: false | |
| tags: agr_pavi/pipeline_alignment:latest | |
| outputs: type=docker,dest=/tmp/pavi_alignment_docker_image.tar | |
| - name: Upload image as artifact (share between jobs) | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: alignment_image | |
| path: /tmp/pavi_alignment_docker_image.tar | |
| pipeline-alignment-unit-testing: | |
| name: pipeline/alignment unit testing | |
| needs: | |
| - pipeline-alignment-container-image-build | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: ./pipeline/alignment/ | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| sparse-checkout: | | |
| pipeline/alignment/ | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Download alignment image artifact (from previous job) | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: alignment_image | |
| path: /tmp | |
| - name: Load alignment Docker image | |
| run: | | |
| docker load --input /tmp/pavi_alignment_docker_image.tar | |
| - name: Run unit test | |
| run: | | |
| make run-unit-tests | |
| pipeline-workflow-integration-testing: | |
| name: pipeline/workflow integration testing | |
| needs: | |
| - pipeline-seq-retrieval-container-image-build | |
| - pipeline-alignment-container-image-build | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: ./pipeline/workflow/ | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| sparse-checkout: | | |
| pipeline/workflow/ | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Download seq_retrieval image artifact (from previous job) | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: seq_retrieval_image | |
| path: /tmp | |
| - name: Download alignment image artifact (from previous job) | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: alignment_image | |
| path: /tmp | |
| - name: Load seq_retrieval Docker image | |
| run: | | |
| docker load --input /tmp/pavi_seq_retrieval_docker_image.tar | |
| - name: Load alignment Docker image | |
| run: | | |
| docker load --input /tmp/pavi_alignment_docker_image.tar | |
| - name: Run integration test | |
| run: | | |
| make run-integration-test | |
| pipeline-aws-infra-code-checks: | |
| name: pipeline/aws_infra code checks | |
| permissions: | |
| id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| working-directory: pipeline/aws_infra | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| sparse-checkout: | | |
| pipeline/aws_infra/ | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: CDK resource assertions (unit tests) | |
| run: | | |
| make run-unit-tests | |
| - name: Python typing test | |
| run: | | |
| make run-python-type-check | |
| - name: Python style test | |
| run: | | |
| make run-python-style-check | |
| - name: Setup node.js (CDK requirement) | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "18" | |
| - name: Install CDK CLI | |
| run: npm install -g aws-cdk | |
| - name: Install CDK stack dependencies | |
| run: pip install -r requirements.txt | |
| - name: AWS credentials configuration | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}} | |
| role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-cdk-test | |
| aws-region: us-east-1 | |
| - name: Validate production CDK stack code | |
| run: cdk diff PaviPipelineCdkStack |