Initial setup

.github/workflows/cd.yml

@@ -3,16 +3,73 @@ on:
   push:
     branches:
       - main
-      - backport/*.*
     paths:
       - config/**
-      - spack.yaml
+      - '**/spack.yaml'
 jobs:
+    # FIXME: For now, this modified workflow does not deploy based on changes to the config/** files.
+  # If you change the config/** files, you will need to manually update the manifests you want to deploy.
+  setup-cd:
+    name: Setup CD Info
+    runs-on: ubuntu-latest
+    outputs:
+      manifest: ${{ steps.matrix.outputs.string }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Get changed files
+        # Get changed **/spack.yaml files so we can deploy them
+        id: changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c  # v46.0.6
+        with:
+          since_last_remote_commit: true
+          json: true
+          output_dir: .
+          write_output_files: true
+          files: |
+            **/spack.yaml
+
+      - name: Format changed files
+        # We reformat the json list of changed files as list of objects containing the name (the containing folder) and the path (the containing folder AND manifest name)
+        # Eg, ["fre-nctools/spack.yaml", "gh/spack.yaml"] becomes: [{"name": "fre-nctools", "path": "fre-nctools/spack.yaml"}, {"name": "gh", "path": "gh/spack.yaml"}]
+        id: matrix
+        run: |
+          echo "Changed files: ${{ steps.changed-files.outputs.all_changed_files }}"
+
+          echo "All changed files:"
+          cat all_changed_files.json
+          echo ""
+
+          jq -c '[.[] | {name: split("/")[0], path: .}]' all_changed_files.json > matrix.json
+
+          echo "Matrix:"
+          cat matrix.json
+
+          echo "string=$(cat matrix.json)" >> $GITHUB_OUTPUT
+
   cd:
     name: CD
-    uses: access-nri/build-cd/.github/workflows/cd.yml@v4
+    needs:
+      - setup-cd
+    # A matrix strategy with no elements is considered an error, so we only run this job if there are changed manifests
+    if: needs.setup-cd.outputs.manifest != '[]'
+    strategy:
+      # The failure of install of an unrelated tool shouldn't affect the others
+      fail-fast: false
+      # We don't want to spam the spack instance with install requests - this means that it will seem that
+      # only one of the jobs is being run within the matrix.
+      max-parallel: 1
+      matrix:
+        manifest: ${{ fromJson(needs.setup-cd.outputs.manifest) }}
+    uses: access-nri/build-cd/.github/workflows/cd.yml@v5-model-tools
     with:
-      model: ${{ vars.NAME }}
+      model: ${{ matrix.manifest.name }}
+      spack-manifest-path: ${{ matrix.manifest.path }}
+      # This is a non-model deployment repository, so we do not want to tag the deployment or upload to the build database
+      tag-deployment: false
+      upload-to-build-db: false
     permissions:
       contents: write
       # This is due to the entrypoint also handling `on.pull_request` events

.github/workflows/ci.yml

@@ -7,50 +7,122 @@ on:
       - reopened
       - synchronize
       - closed
+      - ready_for_review
+      - converted_to_draft
     branches:
       - main
       - dev
       - backport/*.*
     paths:
       - config/**
-      - spack.yaml
+      - '**/spack.yaml'
   issue_comment:
     types:
       - created
       - edited
 jobs:
-  pr-ci:
-    name: CI
+  # FIXME: For now, this modified workflow does not deploy based on changes to the config/** files.
+  # If you change the config/** files, you will need to manually update the manifests you want to deploy.
+  setup-pr:
+    name: Setup PR Info
     if: >-
-      (github.event_name == 'pull_request' && github.event.action != 'closed') ||
+      github.event_name == 'pull_request' ||
       (github.event_name == 'issue_comment' && startsWith(github.event.comment.body, '!redeploy'))
-    uses: access-nri/build-cd/.github/workflows/ci.yml@v4
+    runs-on: ubuntu-latest
+    outputs:
+      manifest: ${{ steps.matrix.outputs.string }}
+    steps:
+      - name: Get PR HEAD
+        # Get the HEAD of the pull request, which is obtained differently depending on the event (pull_request or issue_comment)
+        id: pr
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event_name == 'pull_request' && github.event.pull_request.number || github.event.issue.number }}
+        run: |
+          head=$(gh pr view \
+            ${{ env.PR_NUMBER }} \
+            --repo ${{ github.repository }} \
+            --json headRefName \
+            --jq '.headRefName'
+          )
+
+          echo "For ${{ github.event_name }} the PR number is ${{ env.PR_NUMBER }} and the head is $head"
+
+          echo "head=$head" >> $GITHUB_OUTPUT
+
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ steps.pr.outputs.head }}
+
+      - name: Get changed files
+        # Get changed **/spack.yaml files so we can deploy them
+        id: changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c  # v46.0.6
+        with:
+          since_last_remote_commit: true
+          json: true
+          output_dir: .
+          write_output_files: true
+          files: |
+            **/spack.yaml
+
+      - name: Format changed files
+        # We reformat the json list of changed files as list of objects containing the name (the containing folder) and the path (the containing folder AND manifest name)
+        # Eg, ["fre-nctools/spack.yaml", "gh/spack.yaml"] becomes: [{"name": "fre-nctools", "path": "fre-nctools/spack.yaml"}, {"name": "gh", "path": "gh/spack.yaml"}]
+        id: matrix
+        run: |
+          echo "Changed files: ${{ steps.changed-files.outputs.all_changed_files }}"
+
+          echo "All changed files:"
+          cat all_changed_files.json
+          echo ""
+
+          jq -c '[.[] | {name: split("/")[0], path: .}]' all_changed_files.json > matrix.json
+
+          echo "Matrix:"
+          cat matrix.json
+
+          echo "string=$(cat matrix.json)" >> $GITHUB_OUTPUT
+
+  pr-ci:
+    name: CI
+    needs:
+      - setup-pr
+    # A matrix strategy with no elements is considered an error, so we only run this job if there are changed manifests
+    if: needs.setup-pr.outputs.manifest != '[]'
+    strategy:
+      # The failure of install of an unrelated tool shouldn't affect the others
+      fail-fast: false
+      # We don't want to spam the spack instance with install requests - this means that it will seem that
+      # only one of the jobs is being run within the matrix.
+      max-parallel: 1
+      matrix:
+        manifest: ${{ fromJson(needs.setup-pr.outputs.manifest) }}
+    uses: access-nri/build-cd/.github/workflows/ci.yml@v5-model-tools
     with:
-      model: ${{ vars.NAME }}
-      # root-sbd: if different from vars.NAME
+      model: ${{ matrix.manifest.name }}
       pr: ${{ github.event_name == 'pull_request' && github.event.pull_request.number || github.event.issue.number }}
+      spack-manifest-path: ${{ matrix.manifest.path }}
     permissions:
       pull-requests: write
       contents: write
       statuses: write
     secrets: inherit
 
-  pr-comment:
-    name: Comment
-    if: github.event_name == 'issue_comment'
-    uses: access-nri/build-cd/.github/workflows/ci-comment.yml@v4
-    with:
-      model: ${{ vars.NAME }}
-      # root-sbd: if different from vars.NAME
-    permissions:
-      pull-requests: write
-      contents: write
-    secrets: inherit
-
   pr-closed:
     name: Closed
     if: github.event_name == 'pull_request' && github.event.action == 'closed'
-    uses: access-nri/build-cd/.github/workflows/ci-closed.yml@v4
+    needs:
+      - setup-pr
+    strategy:
+      # The failure of uninstall of an unrelated tool shouldn't affect the others
+      fail-fast: false
+      # We don't want to spam the spack instance with uninstall requests
+      max-parallel: 1
+      matrix:
+        manifest: ${{ fromJson(needs.setup-pr.outputs.manifest) }}
+    uses: access-nri/build-cd/.github/workflows/ci-closed.yml@v5-model-tools
     with:
-      root-sbd: ${{ vars.NAME }} # or something else, if different from vars.NAME
+      root-sbd: ${{ matrix.manifest.name }}
     secrets: inherit

README.md

@@ -1,91 +1,11 @@
-# model-deployment-template
+# Model Tools Deployment
 
-A template repository for the deployment of `spack`-based models.
+## Overview
 
-> [!NOTE]
-> Feel free to replace this README with information on the model once the TODOs have been ticked off.
+This is a proof-of-concept for deploying general purpose software to HPC targets utilising the [build-cd](https://github.com/ACCESS-NRI/build-cd) infrastructure.
 
-## Things TODO to get your model deployed
+This repository is for deploying general purpose software that is used in conjunction with ACCESS models. e.g. pre and post processing tools.
 
-### Settings
+## Tools supported
 
-#### Repository Settings
-
-Branch protections should be set up on `main` and the special `backport/*.*` branches, which are used for backporting of fixes to major releases (the `YEAR.MONTH` portion of the `YEAR.MONTH.MINOR` version) of models.
-
-#### Repository Secrets/Variables
-
-There are a few secrets and variables that must be set at the repository level.
-
-##### Repository Secrets
-
-* `GH_COMMIT_CHECK_TOKEN`: GitHub Token that allows workflows to run based on workflow-authored commits (in  the case where a user uses `!bump` commands in PRs that bumps the version of the model)
-
-##### Repository Variables
-
-* `BUILD_DB_PACKAGES`: List of `spack` packages that are model components that will be uploaded to the release provenance database
-* `NAME`: which corresponds to the model name - which is usually the repository name
-* `CONFIG_VERSIONS_SCHEMA_VERSION`: Version of the [`config/versions.json` schema](https://github.com/ACCESS-NRI/schema/tree/main/au.org.access-nri/model/deployment/config/versions) used in this repository
-* `SPACK_YAML_SCHEMA_VERSION`: Version of the [ACCESS-NRI-style `spack.yaml` schema](https://github.com/ACCESS-NRI/schema/tree/main/au.org.access-nri/model/spack/environment/deployment) used in this repository
-* `RELEASE_DEPLOYMENT_TARGETS`: Space-separated list of deployment targets when doing release deployments. These are often the names of [keys under the `deployment` key of `build-cd`s `config/settings.json`](https://github.com/ACCESS-NRI/build-cd/blob/09cdf100eefc58f06900e8e9145e77b4caf5a39d/config/settings.json#L3), such as `Gadi` or `Setonix`. As noted [below](#environment-secretsvariables), it is the same as the GitHub Environment name. For example: `Gadi Setonix`
-* `PRERELEASE_DEPLOYMENT_TARGETS`: Space-separated list of deployment targets when doing prerelease deployments, similar to the above. For example: `Gadi Setonix` - note the lack of a `Prerelease` specifier!
-
-#### Environment Secrets/Variables
-
-GitHub Environments are sets of variables and secrets that are used specifically to deploy software, and hence have more security requirements for their use.
-
-Currently, we have two Environments per deployment target - one for `Release` and one for `Prerelease`. Our current list of deployment targets and Environments can be found in this [deployment configuration file in `build-cd`](https://github.com/ACCESS-NRI/build-cd/blob/main/config/deployment-environment.json).
-
-In order to deploy to a given deployment target:
-
-* Environments with the name of the deployment target and the type must be created _in this repository_ and have the associated secrets/variables set ([see below](#environment-secrets))
-* There must be a `Prerelease` Environment associated with the `Release` Environment. For example, if we are deploying to `SUPERCOMPUTER`, we require Environments with the names `SUPERCOMPUTER Release`, `SUPERCOMPUTER Prerelease`.
-
-When setting the environment up, remember to require sign off by a member of ACCESS-NRI when deploying as a `Release`.
-
-Regarding the secrets and variables that must be created:
-
-##### Environment Secrets
-
-* `HOST`: The deployment location SSH Host
-* `HOST_DATA`: The deployment location SSH Host for data transfer (may be the same as `HOST`)
-* `SSH_KEY`: A SSH Key that allows access to the above `HOST`/`HOST_DATA`
-* `USER`: A Username to login to the above `HOST`/`HOST_DATA`
-* (Required only for `Release` Environment) `TRACKING_SERVICES_POST_TOKEN`: A token used to post build information about the packages in `secrets.BUILD_DB_PACKAGES` to the release provenance database as part of tracking services. 
-
-##### Environment Variables
-
-* `DEPLOYED_MODULES_DIR`: Directory that will contain the modules created during the installation of the model. This can be virtual modules created by a [`.modulerc` file](https://github.com/ACCESS-NRI/build-cd/tree/main/tools/modules) in the directory.
-* `DEPLOYMENT_TARGET`: Name of the deployment target. It is exported to the deployment target and used for variations in `spack.yaml` build processes - seen most prominently in mutually-exclusive 'when' clauses like `spack.definitions[].when = env['DEPLOYMENT_TARGET'] == 'gadi'`. Also used for logging purposes.
-* `SPACK_INSTALLS_ROOT_LOCATION`: Path to the directory that contains all versions of a deployment of `spack`. For example, if `/some/apps/spack` is the `SPACK_INSTALLS_ROOT_LOCATION`, that directory will contain directories like `0.20`, `0.21`, `0.22`, which in turn contain an install of `spack`, `spack-packages` and `spack-config`
-* `SPACK_YAML_LOCATION`: Path to a directory that will contain the `spack.yaml` from this repository during deployment
-* (Optional) `SPACK_INSTALL_ADDITIONAL_ARGS`: Additional flags outside of `--fresh --fail-fast` to add to the `spack install` command. For advanced users who need to tailor the installation options in their repository.
-* (Required only for `Release` Environment) `TRACKING_SERVICES_POST_URL`: A url to the API of the release provenance database as part of tracking services. 
-
-### File Modifications
-
-#### In `.github/workflows`
-
-* Reminder that these workflows use `vars.NAME` (as well as inherit the above environment secrets) and hence these must be set.
-* If the name of the root SBD for the model (in [`spack-packages`](https://github.com/ACCESS-NRI/spack-packages/tree/main/packages)) is different from the model name (for example, `ACCESS-ESM1.5`s root SBD is `access-esm1p5`), you must uncomment and set the `jobs.[pr-ci|pr-comment|pr-closed].with.root-sbd` line to the appropriate SBD name.
-
-#### In `config/versions.json`
-
-* `.spack` must be given a version. For example, it will clone the associated `releases/vVERSION` branch of `ACCESS-NRI/spack` if you give it `VERSION`.
-* `.spack-packages` should also have a CalVer-compliant tag as the version. See the [associated repo](https://github.com/ACCESS-NRI/spack-packages/tags) for a list of available tags.
-
-#### In `spack.yaml`
-
-There are a few TODOs for the `spack.yaml`:
-
-* Only do this step if there are variations in compiler/etc across deployment targets:
-  * `spack.definitions`: Use the `ROOT_PACKAGE` to define the root SBD. The `ROOT_SPEC` simply combines the `ROOT_PACKAGE` with the other, mutually-exclusive `compiler_target` definition.
-  * `spack.specs`: Set the only element in the spec list to `$ROOT_SPEC` - it will be filled in at install time.
-
-Otherwise:
-
-* `spack.specs`: Set the root SBD as the only element of `spack.specs`. This must also have an `@git.YEAR.MONTH.MINOR` version as it is the version of the entire deployment (and indeed will be a tag in this repository).
-* `spack.packages.*`: In this section, you can specify the versions and variants of dependencies. Note that the first element of the `spack.packages.*.require` must be only a version. Variants and other configuration can be done on subsequent lines.
-* `spack.packages.all`: Can set configuration for all packages. For example, the compiler used, or the target architecture.
-* `spack.modules.default.tcl.include`: List of package names that will be explicitly included and available to `module load`.
-* `spack.modules.default.tcl.projections`: For included modules, you must set the name of the module to be the same as the `spack.packages.*.require[0]` version, without the `@git.`.
+* `fre-nctools`

config/versions.json

@@ -1,5 +1,5 @@
 {
     "$schema": "https://raw.githubusercontent.com/ACCESS-NRI/schema/main/au.org.access-nri/model/deployment/config/versions/3-0-0.json",
     "spack": "0.22",
-    "spack-packages": "SOME_SPECIFIC_TAG"
+    "spack-packages": "2025.05.001"
 }

fre-nctools/spack.yaml

@@ -0,0 +1,27 @@
+# This is a Spack Environment file!!
+#
+# It describes a set of packages to be installed, along with
+# configuration settings.
+spack:
+  specs:
+    - fre-nctools@2024.05
+  packages:
+    fre-nctools:
+      require:
+        - '%intel@2021.10.0'
+    netcdf-c:
+      require:
+        - '@4.9.2'
+    netcdf-fortran:
+      require:
+        - '@4.6.1'
+  view: true
+  concretizer:
+    unify: true
+  modules:
+    default:
+      tcl:
+        include:
+          - fre-nctools
+        projections:
+          fre-nctools: '{name}/2024.05'