Skip to content

Update fastapi requirement from ==0.110.* to ==0.111.* in /api #272

Update fastapi requirement from ==0.110.* to ==0.111.* in /api

Update fastapi requirement from ==0.110.* to ==0.111.* in /api #272

Workflow file for this run

name: PR validation
on:
pull_request:
types: [synchronize, opened, reopened, edited, labeled, unlabeled]
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
container-build-context:
name: define container image build context variables
runs-on: ubuntu-22.04
outputs:
tagname: ${{ steps.store_tagname.outputs.tagname }}
steps:
- name: Store image tag in env
id: store_tagname
shell: bash
run: |
echo "tagname=PR-${{ github.event.pull_request.number }}-validation" >> $GITHUB_OUTPUT
pipeline-seq-retrieval-update-dependency-lock-files:
name: pipeline/seq_retrieval update and upload dependency lock file
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./pipeline/seq_retrieval/
steps:
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/seq_retrieval/
- name: Update lock files
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }}
shell: bash
run: |
make pip-tools python-dependencies-lock-update python-test-dependencies-lock-update
- name: Upload updated (main) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: pipeline_seq_retrieval_deps_lock
path: pipeline/seq_retrieval/requirements.txt
if-no-files-found: error
- name: Upload updated (test) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: pipeline_seq_retrieval_tests_deps_lock
path: pipeline/seq_retrieval/tests/requirements.txt
if-no-files-found: error
api-update-dependency-lock-files:
name: api update and upload dependency lock file
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./api/
steps:
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
api/
- name: Update lock files
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }}
shell: bash
run: |
make pip-tools python-dependencies-lock-update python-test-dependencies-lock-update
- name: Upload updated (main) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: api_deps_lock
path: api/requirements.txt
if-no-files-found: error
- name: Upload updated (test) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: api_tests_deps_lock
path: api/tests/requirements.txt
if-no-files-found: error
pipeline-aws-infra-update-dependency-lock-files:
name: pipeline/aws_infra update and upload dependency lock file
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./pipeline/aws_infra/
steps:
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/aws_infra/
- name: Update lock files
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }}
shell: bash
run: |
make pip-tools python-dependencies-lock-update python-test-dependencies-lock-update
- name: Upload updated (main) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: pipeline_aws_infra_deps_lock
path: pipeline/aws_infra/requirements.txt
if-no-files-found: error
- name: Upload updated (test) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: pipeline_aws_infra_tests_deps_lock
path: pipeline/aws_infra/tests/requirements.txt
if-no-files-found: error
api-aws-infra-update-dependency-lock-files:
name: api/aws_infra update and upload dependency lock file
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./api/aws_infra/
steps:
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
api/aws_infra/
- name: Update lock files
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }}
shell: bash
run: |
make pip-tools python-dependencies-lock-update python-test-dependencies-lock-update
- name: Upload updated (main) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: api_aws_infra_deps_lock
path: api/aws_infra/requirements.txt
if-no-files-found: error
- name: Upload updated (test) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: api_aws_infra_tests_deps_lock
path: api/aws_infra/tests/requirements.txt
if-no-files-found: error
shared-aws-infra-update-dependency-lock-files:
name: shared_aws_infra update and upload dependency lock file
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./shared_aws_infra/
steps:
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
shared_aws_infra/
- name: Update lock files
if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-deps-lock-updates') }}
shell: bash
run: |
make pip-tools python-dependencies-lock-update
- name: Upload updated (main) lock file as artifact
uses: actions/upload-artifact@v4
with:
name: shared_aws_infra_deps_lock
path: shared_aws_infra/requirements.txt
if-no-files-found: error
pipeline-seq-retrieval-container-image-build:
name: pipeline/seq_retrieval container-image build
needs:
- container-build-context
- pipeline-seq-retrieval-update-dependency-lock-files
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-22.04
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/seq_retrieval/
- name: Download updated seq_retrieval (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_seq_retrieval_deps_lock
path: pipeline/seq_retrieval
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# This step will configure environment variables to be used by all steps
# involving AWS interaction further down
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GH_ACTIONS_AWS_ROLE }}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-seq-retrieval-image-upload
aws-region: us-east-1
- name: Amazon ECR login
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build container image
uses: docker/build-push-action@v5
with:
context: ./pipeline/seq_retrieval/
push: false
tags: agr_pavi/pipeline_seq_retrieval:latest
outputs: type=docker,dest=/tmp/pavi_seq_retrieval_docker_image.tar
- name: Upload image as artifact (share between jobs)
uses: actions/upload-artifact@v4
with:
name: seq_retrieval_image
path: /tmp/pavi_seq_retrieval_docker_image.tar
- name: Load, tag and push image to registry
run: |
docker load --input /tmp/pavi_seq_retrieval_docker_image.tar
docker tag agr_pavi/pipeline_seq_retrieval:latest ${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_seq_retrieval:${{needs.container-build-context.outputs.tagname}}
docker push ${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_seq_retrieval:${{needs.container-build-context.outputs.tagname}}
pipeline-seq-retrieval-code-checks:
name: pipeline/seq_retrieval code checks
needs:
- pipeline-seq-retrieval-update-dependency-lock-files
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./pipeline/seq_retrieval/
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/seq_retrieval/
- name: Download updated seq_retrieval (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_seq_retrieval_deps_lock
path: pipeline/seq_retrieval
- name: Download updated seq_retrieval (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_seq_retrieval_tests_deps_lock
path: pipeline/seq_retrieval/tests
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Python typing test
run: |
make run-python-type-check
- name: Python style test
run: |
make run-python-style-check
- name: Run unit tests
run: |
make run-unit-tests
pipeline-alignment-container-image-build:
name: pipeline/alignment container-image build
needs:
- container-build-context
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-22.04
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/alignment/
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# This step will configure environment variables to be used by all steps
# involving AWS interaction further down
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GH_ACTIONS_AWS_ROLE }}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-alignment-image-upload
aws-region: us-east-1
- name: Amazon ECR login
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build container image
uses: docker/build-push-action@v5
with:
context: ./pipeline/alignment/
push: false
tags: agr_pavi/pipeline_alignment:latest
outputs: type=docker,dest=/tmp/pavi_alignment_docker_image.tar
- name: Upload image as artifact (share between jobs)
uses: actions/upload-artifact@v4
with:
name: alignment_image
path: /tmp/pavi_alignment_docker_image.tar
- name: Load, tag and push image to registry
run: |
docker load --input /tmp/pavi_alignment_docker_image.tar
docker tag agr_pavi/pipeline_alignment:latest ${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_alignment:${{needs.container-build-context.outputs.tagname}}
docker push ${{ steps.login-ecr.outputs.registry }}/agr_pavi/pipeline_alignment:${{needs.container-build-context.outputs.tagname}}
pipeline-alignment-unit-testing:
name: pipeline/alignment unit testing
needs:
- pipeline-alignment-container-image-build
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./pipeline/alignment/
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/alignment/
- name: Download alignment image artifact (from previous job)
uses: actions/download-artifact@v4
with:
name: alignment_image
path: /tmp
- name: Load alignment Docker image
run: |
docker load --input /tmp/pavi_alignment_docker_image.tar
- name: Run unit test
run: |
make run-unit-tests
pipeline-workflow-integration-testing:
name: pipeline/workflow integration testing
needs:
- container-build-context
- pipeline-seq-retrieval-container-image-build
- pipeline-alignment-container-image-build
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./pipeline/workflow/
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/workflow/
tests/resources/
- name: Download seq_retrieval image artifact (from previous job)
uses: actions/download-artifact@v4
with:
name: seq_retrieval_image
path: /tmp
- name: Download alignment image artifact (from previous job)
uses: actions/download-artifact@v4
with:
name: alignment_image
path: /tmp
- name: Load seq_retrieval Docker image
run: |
docker load --input /tmp/pavi_seq_retrieval_docker_image.tar
- name: Load alignment Docker image
run: |
docker load --input /tmp/pavi_alignment_docker_image.tar
- name: Run local integration test
run: |
make run-integration-test-local
# This step will configure environment variables to be used by all steps
# involving AWS interaction further down
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GH_ACTIONS_AWS_ROLE }}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-workflow-aws-test
aws-region: us-east-1
- name: Run AWS integration test
run: |
make run-integration-test-aws TAG_NAME=${{needs.container-build-context.outputs.tagname}}
pipeline-aws-infra-code-checks:
name: pipeline/aws_infra code checks
needs:
- pipeline-aws-infra-update-dependency-lock-files
- shared-aws-infra-update-dependency-lock-files
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-22.04
defaults:
run:
working-directory: ./pipeline/aws_infra
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
pipeline/aws_infra/
shared_aws_infra/
- name: Download updated pipeline/aws_infra (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_aws_infra_deps_lock
path: pipeline/aws_infra
- name: Download updated aws_infra (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_aws_infra_tests_deps_lock
path: pipeline/aws_infra/tests
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Python typing test
run: |
make run-python-type-check
- name: Python style test
run: |
make run-python-style-check
- name: Setup node.js (CDK requirement)
uses: actions/setup-node@v4
with:
node-version: "18"
- name: Install CDK CLI
run: npm install -g aws-cdk
- name: Install CDK stack dependencies
run: pip install -r requirements.txt
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-cdk-test
aws-region: us-east-1
- name: Validate production CDK stack code
run: make validate
api-code-checks:
name: API code checks
needs:
- api-update-dependency-lock-files
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./api/
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
api/
- name: Download updated api (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_deps_lock
path: api
- name: Download updated api (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_tests_deps_lock
path: api/tests
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Python typing test
run: |
make run-python-type-check
- name: Python style test
run: |
make run-python-style-check
api-container-image-build:
name: API container-image build
needs:
- api-update-dependency-lock-files
runs-on: ubuntu-22.04
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download updated api (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_deps_lock
path: api
- name: Download updated api (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_tests_deps_lock
path: api/tests
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build container image
uses: docker/build-push-action@v5
with:
context: ./
file: api/Dockerfile
push: false
tags: agr_pavi/api:latest
outputs: type=docker,dest=/tmp/pavi_api_docker_image.tar
- name: Upload image as artifact (share between jobs)
uses: actions/upload-artifact@v4
with:
name: api_image
path: /tmp/pavi_api_docker_image.tar
api-unit-integration-testing:
name: API unit and integration testing
needs:
- api-update-dependency-lock-files
- pipeline-seq-retrieval-container-image-build
- pipeline-alignment-container-image-build
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./api/
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download updated api (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_deps_lock
path: api
- name: Download updated api (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_tests_deps_lock
path: api/tests
- name: Download seq_retrieval image artifact (from previous job)
uses: actions/download-artifact@v4
with:
name: seq_retrieval_image
path: /tmp
- name: Download alignment image artifact (from previous job)
uses: actions/download-artifact@v4
with:
name: alignment_image
path: /tmp
- name: Load seq_retrieval Docker image
run: |
docker load --input /tmp/pavi_seq_retrieval_docker_image.tar
- name: Load alignment Docker image
run: |
docker load --input /tmp/pavi_alignment_docker_image.tar
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Run unit and integration tests
run: |
make run-tests
api-container-integration-testing:
name: API container integration testing (AWS batch execution)
needs:
- container-build-context
- pipeline-seq-retrieval-container-image-build
- pipeline-alignment-container-image-build
- api-container-image-build
- api-update-dependency-lock-files
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
working-directory: ./api/
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
api/
tests/resources/
- name: Download updated api (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_deps_lock
path: api
- name: Download updated api (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_tests_deps_lock
path: api/tests
- name: Download API image artifact (from previous job)
uses: actions/download-artifact@v4
with:
name: api_image
path: /tmp
- name: Load API Docker image
run: |
docker load --input /tmp/pavi_api_docker_image.tar
- uses: actions/setup-python@v5
with:
python-version: '3.12'
# This step will configure environment variables to be used by all steps
# involving AWS interaction further down
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GH_ACTIONS_AWS_ROLE }}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-api-aws-test
aws-region: us-east-1
- name: Run container integration test (AWS execution)
run: |
make run-integration-test-container TAG_NAME=${{needs.container-build-context.outputs.tagname}}
api-aws-infra-code-checks:
name: api/aws_infra code checks
needs:
- api-aws-infra-update-dependency-lock-files
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-22.04
defaults:
run:
working-directory: ./api/aws_infra
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
sparse-checkout: |
api/aws_infra/
shared_aws_infra/
- name: Download updated api/aws_infra (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_aws_infra_deps_lock
path: api/aws_infra
- name: Download updated api/aws_infra (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_aws_infra_tests_deps_lock
path: api/aws_infra/tests
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Python typing test
run: |
make run-python-type-check
- name: Python style test
run: |
make run-python-style-check
- name: Setup node.js (CDK requirement)
uses: actions/setup-node@v4
with:
node-version: "18"
- name: Install CDK CLI
run: npm install -g aws-cdk
- name: Install CDK stack dependencies
run: pip install -r requirements.txt
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-cdk-test
aws-region: us-east-1
- name: Validate production CDK stack code
run: make validate-all
commit-deps-lock-updates:
runs-on: ubuntu-22.04
#Only commit updated lock files on successfull validation (to prevent PR cluttering)
needs:
- pipeline-seq-retrieval-update-dependency-lock-files
- pipeline-seq-retrieval-code-checks
- shared-aws-infra-update-dependency-lock-files
- pipeline-aws-infra-update-dependency-lock-files
- pipeline-aws-infra-code-checks
- pipeline-workflow-integration-testing
- api-aws-infra-update-dependency-lock-files
- api-aws-infra-code-checks
- api-update-dependency-lock-files
- api-container-integration-testing
- api-unit-integration-testing
- api-code-checks
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- name: Download updated seq_retrieval (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_seq_retrieval_deps_lock
path: pipeline/seq_retrieval
- name: Download updated seq_retrieval (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_seq_retrieval_tests_deps_lock
path: pipeline/seq_retrieval/tests
- name: Download updated api (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_deps_lock
path: api
- name: Download updated api (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_tests_deps_lock
path: api/tests
- name: Download updated pipeline/aws_infra (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_aws_infra_deps_lock
path: pipeline/aws_infra
- name: Download updated pipeline/aws_infra (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: pipeline_aws_infra_tests_deps_lock
path: pipeline/aws_infra/tests
- name: Download updated shared_aws_infra (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: shared_aws_infra_deps_lock
path: shared_aws_infra
- name: Download updated api/aws_infra (main) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_aws_infra_deps_lock
path: api/aws_infra
- name: Download updated api/aws_infra (test) dependencies lock file
uses: actions/download-artifact@v4
with:
name: api_aws_infra_tests_deps_lock
path: api/aws_infra/tests
# Commit all changed dependency lock files back to the open PR
- uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: Auto-updated deps lock files
file_pattern: '*requirements.txt'
disable_globbing: true