Whitelist proxied headers when proxing to learning services #8101
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: nucliadb Ingest (py) | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} | |
cancel-in-progress: true | |
env: | |
CONTAINER_REGISTRY: europe-west4-docker.pkg.dev/nuclia-internal/nuclia | |
IMAGE_NAME: ingest | |
TESTING_TIKV_LOCAL: "true" | |
jobs: | |
# Job to run pre-checks | |
pre-checks: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: ["3.9", "3.10", "3.11"] | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v3 | |
- name: Setup Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: "pip" | |
- name: Install package | |
run: make -C nucliadb/ install-dev | |
- name: Run pre-checks | |
run: make -C nucliadb/ lint | |
# Job to run tests | |
tests: | |
runs-on: ubuntu-latest | |
strategy: | |
max-parallel: 2 | |
matrix: | |
include: | |
- maindb_driver: "tikv" | |
storage_backend: "gcs" | |
python-version: "3.11" | |
- maindb_driver: "tikv" | |
storage_backend: "s3" | |
python-version: "3.11" | |
- maindb_driver: "pg" | |
storage_backend: "gcs" | |
python-version: "3.11" | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v3 | |
- name: Setup Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: "pip" | |
- name: Install the package | |
run: make -C nucliadb/ install-dev | |
- name: Install tikv | |
if: matrix.maindb_driver == 'tikv' | |
run: ./scripts/run-tikv.sh | |
- name: Run tests | |
env: | |
TESTING_MAINDB_DRIVER: ${{ matrix.maindb_driver }} | |
TESTING_STORAGE_BACKEND: ${{ matrix.storage_backend }} | |
run: | | |
make -C nucliadb/ test-cov-ingest | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
file: ./nucliadb/coverage.xml | |
flags: ingest | |
# PR workflows END here | |
# PUSH workflows contine with deploy activities | |
build: | |
name: Build image and push | |
needs: tests | |
uses: ./.github/workflows/_build-img-nucliadb.yml | |
with: | |
platforms: linux/amd64,linux/arm64 | |
image-name: ingest | |
cache-gha-mode: min | |
secrets: | |
inherit | |
if: github.event_name == 'push' | |
deploy: | |
name: Deploy Helm chart and trigger internal CI | |
runs-on: ubuntu-latest | |
needs: build | |
if: github.event_name == 'push' | |
steps: | |
- name: Generate a token | |
id: app-token | |
uses: actions/create-github-app-token@v1 | |
with: | |
app-id: ${{ secrets.GHAPP_ID_NUCLIABOT }} | |
private-key: ${{ secrets.PK_GHAPP_NUCLIABOT }} | |
owner: nuclia | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Calculate short sha | |
id: env-vars | |
run: |- | |
HASH=$(git rev-parse --short HEAD) | |
echo "short_sha=$HASH" >> "$GITHUB_OUTPUT" | |
- name: Set helm package image | |
id: version_step | |
run: |- | |
sed -i.bak "s#IMAGE_TO_REPLACE#$IMAGE_NAME:${{ steps.env-vars.outputs.short_sha }}#" ./charts/nucliadb_ingest/values.yaml | |
sed -i.bak "s#CONTAINER_REGISTRY_TO_REPLACE#$CONTAINER_REGISTRY#" ./charts/nucliadb_ingest/values.yaml | |
VERSION=$(cat VERSION) | |
VERSION_SHA="$VERSION+${{ steps.env-vars.outputs.short_sha }}" | |
sed -i.bak "s#99999.99999.99999#$VERSION_SHA#" ./charts/nucliadb_ingest/Chart.yaml | |
echo "version_number=$VERSION_SHA" >> "$GITHUB_OUTPUT" | |
- name: Configure Git | |
run: | | |
git config user.name "$GITHUB_ACTOR" | |
git config user.email "[email protected]" | |
- name: Install Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: v3.4.0 | |
- name: Push helm package | |
run: |- | |
helm lint charts/nucliadb_ingest | |
helm package charts/nucliadb_ingest | |
curl --data-binary "@nucliadb_ingest-${{ steps.version_step.outputs.version_number }}.tgz" ${{ secrets.HELM_CHART_URL }}/api/charts | |
- name: Repository Dispatch | |
uses: peter-evans/repository-dispatch@v2 | |
with: | |
token: ${{ steps.app-token.outputs.token }} | |
repository: nuclia/nucliadb_deploy | |
event-type: promote | |
client-payload: '{"component": "nucliadb_ingest", "chart-version": "${{ steps.version_step.outputs.version_number }}" }' |