chore: format imports and pin dependencies #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD MLOps | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - dev | |
| defaults: | |
| run: | |
| working-directory: ./ | |
| jobs: | |
| configure-Google-Service-Account: | |
| name: Configure Google Service Account | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: 'actions/checkout@v4' | |
| - name: Configure GCP Credentials | |
| uses: nightstory/gcp-secrets-action@v1 | |
| with: | |
| gcp_credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }} | |
| template_file: ./.github/template.yaml | |
| - uses: actions/checkout@v4 | |
| authenticate-to-Google-Cloud-Platform: | |
| name: Authenticate to Google Cloud Platform | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - uses: 'actions/checkout@v4' | |
| - name: Authenticate to Google Cloud | |
| id: 'auth' | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| project_id: ${{ secrets.GCP_PROJECT_ID }} | |
| workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ vars.GCP_SERVICE_ACCOUNT_EMAIL }} | |
| code-quality: | |
| name: Code Quality Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Install dependencies | |
| run: | | |
| pip install pycodestyle isort | |
| - name: Linting | |
| run: | | |
| pycodestyle . --exclude=.venv --max-line-length=120 --indent-size=4 | |
| pycodestyle_exit_code=$? | |
| if [ $pycodestyle_exit_code -ne 0 ]; then | |
| echo "Code quality check failed." | |
| exit 1 | |
| else | |
| echo "Code quality check passed." | |
| fi | |
| build-image: | |
| name: Build Docker Image | |
| runs-on: ubuntu-latest | |
| needs: [configure-Google-Service-Account, authenticate-to-Google-Cloud-Platform, code-quality] | |
| env: | |
| GCS_TRAINED_MODELS_BUCKET_URI: ${{ vars.GCS_TRAINED_MODELS_BUCKET_URI }} | |
| steps: | |
| - uses: 'actions/checkout@v4' | |
| - name: Secrets to File | |
| uses: mobiledevops/secret-to-file-action@v1 | |
| with: | |
| base64-encoded-secret: ${{ secrets.GCP_CREDENTIALS_JSON }} | |
| filename: "gcp-credentials.json" | |
| is-executable: true | |
| working-directory: "./" | |
| - name: Build Docker Image | |
| run: | | |
| echo "Trained Models Bucket URI: $GCS_TRAINED_MODELS_BUCKET_URI" | |
| COMMIT_HASH=$(git rev-parse --short HEAD) | |
| IMAGE_TAG=$(git describe --tags --always) | |
| echo "Commit Hash: $COMMIT_HASH" | |
| echo "Image Tag: $IMAGE_TAG" | |
| docker buildx build \ | |
| --progress auto \ | |
| --build-arg GCP_CREDENTIALS_JSON=gcp-credentials.json \ | |
| --build-arg GCP_PROJECT_ID="${{ secrets.GCP_PROJECT_ID }}" \ | |
| --build-arg GCS_TRAINED_MODELS_BUCKET_URI="$GCS_TRAINED_MODELS_BUCKET_URI" \ | |
| --build-arg ELASTIC_APM_SERVER_URL="${{ secrets.ELASTIC_APM_SERVER_URL }}" \ | |
| --build-arg ELASTIC_APM_SECRET_TOKEN="${{ secrets.ELASTIC_APM_SECRET_TOKEN }}" \ | |
| --tag inference:latest \ | |
| -f Dockerfile . | |
| # Save the built Docker image as an artifact | |
| docker save inference:latest > inference_latest.tar | |
| - name: Upload Docker Image | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: docker-images | |
| path: | | |
| inference_latest.tar | |
| publish-image-to-Google-Artifact-Registry: | |
| name: Publish image to Google Artifact Registry | |
| runs-on: ubuntu-latest | |
| needs: build-image | |
| env: | |
| GCR_HOST: ${{ vars.GCR_HOST }} | |
| GCR_REPOSITORY: ${{ vars.GCR_REPOSITORY }} | |
| steps: | |
| - name: Secrets to File | |
| uses: mobiledevops/secret-to-file-action@v1 | |
| with: | |
| base64-encoded-secret: ${{ secrets.GCP_CREDENTIALS_JSON }} | |
| filename: "gcp-credentials.json" | |
| is-executable: true | |
| working-directory: "./" | |
| - name: Download Docker image artifacts | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: docker-images | |
| path: /tmp/docker-images | |
| - name: Load Docker images | |
| run: | | |
| docker load -i /tmp/docker-images/inference_latest.tar | |
| - name: Authenticate to GCP | |
| run: | | |
| gcloud auth activate-service-account --key-file=gcp-credentials.json | |
| gcloud auth configure-docker $GCR_HOST -q | |
| - name: Push Docker Image to GCR | |
| run: | | |
| echo "GCR Host: $GCR_HOST" | |
| docker tag inference:latest $GCR_HOST/${{ secrets.GCP_PROJECT_ID }}/$GCR_REPOSITORY/inference:latest | |
| docker images | grep inference | |
| docker push $GCR_HOST/${{ secrets.GCP_PROJECT_ID }}/$GCR_REPOSITORY/inference | |
| deploy-on-Cloud-Run: | |
| name: Deploy on Google Cloud Run | |
| runs-on: ubuntu-latest | |
| needs: publish-image-to-Google-Artifact-Registry | |
| env: | |
| GCR_HOST: ${{ vars.GCR_HOST }} | |
| GCR_REPOSITORY: ${{ vars.GCR_REPOSITORY }} | |
| steps: | |
| - name: Secrets to File | |
| uses: mobiledevops/secret-to-file-action@v1 | |
| with: | |
| base64-encoded-secret: ${{ secrets.GCP_CREDENTIALS_JSON }} | |
| filename: "gcp-credentials.json" | |
| is-executable: true | |
| working-directory: "./" | |
| - name: Authenticate to GCP | |
| run: | | |
| gcloud auth activate-service-account --key-file=gcp-credentials.json | |
| - name: Deploy service on Google Cloud Run | |
| run: | | |
| echo "Deploying to Production🚀🚀" | |
| gcloud run deploy inference --image $GCR_HOST/${{ secrets.GCP_PROJECT_ID }}/$GCR_REPOSITORY/inference --project ${{ secrets.GCP_PROJECT_ID }} --max-instances=4 --platform managed --region asia-south1 --allow-unauthenticated |