initial

Author: hamishfagg

README.md

@@ -0,0 +1,15 @@
+# github-actions
+
+Use an action from this repo in your workflow like this:
+
+```
+- name: Pull MindsDB Github Actions
+  uses: actions/checkout@v4
+  with:
+    repository: mindsdb/github-actions
+    path: github-actions
+    ssh-key: ${{ secrets.GH_ACTIONS_PULL_SSH }}
+- uses: ./github-actions/<action-name>
+```
+
+**NOTE: This needs to go AFTER any `actions/checkout` step for the current repo**

build-push-ecr/action.yml

@@ -0,0 +1,57 @@
+# Builds a docker image, then tags it with the github sha and pushes it to our Amazon ECR registry
+
+inputs:
+  module-name:
+    description: "Name of the module to build. Used as the default image name and src dir unless 'image-name' or 'src-path' are used."
+    required: true
+  build-for-environment:
+    description: "The backend environment we are building for (API calls are pointed to).  This should be one of (development, staging, production)."
+    required: true
+  extra-build-args:
+    description: "Extra args passed to 'docker build'."
+    required: false
+  src-path:
+    description: "What folder to be (generally to find the Dockerfile in) default is root of repo"
+    required: false
+  image-ref:
+    description: "The version number or sha used in creating image tag"
+    required: false
+
+
+runs:
+  using: 'composite'
+  steps:
+    - uses: FranzDiebold/github-env-vars-action@v2
+    # https://github.com/aws-actions/amazon-ecr-login
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2
+    - shell: bash
+      run: |
+        # Env var parsing
+
+        INPUT_SRC_PATH=${{ inputs.src-path }}
+        SRC_PATH=${INPUT_SRC_PATH:-"./"}
+        INPUT_IMAGE_REF=${{ inputs.image-ref }}
+        IMAGE_REF=${INPUT_IMAGE_REF:-$CI_SHA}
+        IMAGE_NAME=${{ inputs.module-name }}
+        REPO_IMAGE=${{ steps.login-ecr.outputs.registry }}/$IMAGE_NAME
+        DOCKER_BUILDKIT=1
+        ENVIRONMENT=${{ inputs.build-for-environment }}
+        BRANCH_NAME=${{env.ENV_NAME}}
+        IMAGE_TAG=$ENVIRONMENT-$IMAGE_REF
+
+        # Create repo if needed
+        aws ecr create-repository --repository-name $IMAGE_NAME && \
+        aws ecr set-repository-policy --repository-name $IMAGE_NAME --policy-text "$(cat ${{ github.action_path }}/shared-ecr-policy.json)" || \
+        true # Just let this fail if the repo already exists
+
+        docker buildx create --name=remote-buildkit-agent --driver=remote --use tcp://remote-buildkit-agent.infrastructure.svc.cluster.local:80 || true # Create the builder (might already exist)
+
+        cd $SRC_PATH
+        BUILD_ARGS="--build-arg BUILD_FOR_ENVIRONMENT=$ENVIRONMENT --build-arg IMAGE_TAG=$IMAGE_TAG"
+
+        # Finally, build our runner container
+        docker buildx build ${{ inputs.extra-build-args }} $BUILD_ARGS -t $REPO_IMAGE:$IMAGE_TAG -t $REPO_IMAGE:latest --push .

build-push-ecr/shared-ecr-policy.json

@@ -0,0 +1,42 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "AllowAllAccountsWhichNeedReadAccess",
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": [
+          "arn:aws:iam::454861456664:root",
+          "arn:aws:iam::551913903968:root",
+          "arn:aws:iam::040931223031:root"
+        ]
+      },
+      "Action": [
+        "ecr:BatchCheckLayerAvailability",
+        "ecr:BatchGetImage",
+        "ecr:GetDownloadUrlForLayer"
+      ]
+    },
+    {
+      "Sid": "AllowMasterAccountOrRolesWhichNeedsWriteAccess",
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "arn:aws:iam::454861456664:root"
+      },
+      "Action": [
+        "ecr:BatchCheckLayerAvailability",
+        "ecr:BatchGetImage",
+        "ecr:CompleteLayerUpload",
+        "ecr:DescribeImages",
+        "ecr:DescribeRepositories",
+        "ecr:GetAuthorizationToken",
+        "ecr:GetDownloadUrlForLayer",
+        "ecr:GetRepositoryPolicy",
+        "ecr:InitiateLayerUpload",
+        "ecr:ListImages",
+        "ecr:PutImage",
+        "ecr:UploadLayerPart"
+      ]
+    }
+  ]
+}

docker-bake-cache/action.yml

@@ -0,0 +1,29 @@
+# Builds our docker bake file without pushing to a repo, and pushes the layers to repo cache
+# This is separated into its own action so that it can be done in parallel with other actions after the build is finished
+
+runs:
+  using: 'composite'
+  steps:
+    # Get clean environment variables via https://github.com/marketplace/actions/github-environment-variables-action
+    - uses: FranzDiebold/github-env-vars-action@v2
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Login to Amazon ECR
+      uses: aws-actions/amazon-ecr-login@v2
+    - name: Build and push
+      shell: bash
+      run: |
+        # Get a githash or tag name to use as image prefix
+        TAG_NAME=${{ github.event.release.tag_name }}
+        GIT_SHA=${{ env.CI_SHA }}
+        IMAGE_PREFIX=${TAG_NAME:-$GIT_SHA}
+
+        # Configure our buildkit builders
+        docker buildx create --name remote-buildkit-agent --node mdb_amd64 --platform linux/amd64 --driver=remote --use tcp://remote-buildkit-agent.infrastructure.svc.cluster.local:80 || true # Create the builder (might already exist)
+        docker buildx create --name=remote-buildkit-agent --node mdb_arm64 --platform linux/arm64 --append --driver=remote --use tcp://remote-buildkit-agent-arm.infrastructure.svc.cluster.local:80 || true # Same for ARM
+        
+        # Build each platform individually and don't push (bake file has logic to push cache when only one platform is built)
+        VERSION=$IMAGE_PREFIX BRANCH=${{ env.CI_ACTION_REF_NAME }} PLATFORMS=linux/amd64 docker buildx bake --progress plain -f docker/docker-bake.hcl --print
+        VERSION=$IMAGE_PREFIX BRANCH=${{ env.CI_ACTION_REF_NAME }} PLATFORMS=linux/arm64 docker buildx bake --progress plain -f docker/docker-bake.hcl --print
+        VERSION=$IMAGE_PREFIX BRANCH=${{ env.CI_ACTION_REF_NAME }} PLATFORMS=linux/amd64 docker buildx bake --progress plain -f docker/docker-bake.hcl
+        VERSION=$IMAGE_PREFIX BRANCH=${{ env.CI_ACTION_REF_NAME }} PLATFORMS=linux/arm64 docker buildx bake --progress plain -f docker/docker-bake.hcl

docker-bake/action.yml

@@ -0,0 +1,33 @@
+# Builds our docker bake file
+inputs:
+  push-to-dockerhub:
+    description: "Whether to push to Dockerhub as well as ECR"
+    required: false
+    default: false
+
+runs:
+  using: 'composite'
+  steps:
+    # Get clean environment variables via https://github.com/marketplace/actions/github-environment-variables-action
+    - uses: FranzDiebold/github-env-vars-action@v2
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Login to Amazon ECR
+      uses: aws-actions/amazon-ecr-login@v2
+    - name: Build and push
+      shell: bash
+      run: |
+        # Get a githash or tag name to use as image prefix
+        TAG_NAME=${{ github.event.release.tag_name }}
+        GIT_SHA=${{ env.CI_SHA }}
+        IMAGE_PREFIX=${TAG_NAME:-$GIT_SHA}
+
+        # Configure our buildkit builders
+        docker buildx create --name remote-buildkit-agent --node mdb_amd64 --platform linux/amd64 --driver=remote --use tcp://remote-buildkit-agent.infrastructure.svc.cluster.local:80 || true # Create the builder (might already exist)
+        docker buildx create --name=remote-buildkit-agent --node mdb_arm64 --platform linux/arm64 --append --driver=remote --use tcp://remote-buildkit-agent-arm.infrastructure.svc.cluster.local:80 || true # Same for ARM
+
+        # Print what bake is going to do
+        VERSION=$IMAGE_PREFIX BRANCH=${{ env.CI_ACTION_REF_NAME }} PUSH_TO_DOCKERHUB=${{ inputs.push-to-dockerhub }} PLATFORM="" docker buildx bake -f docker/docker-bake.hcl --print
+
+        # Build amd64 and arm64 images and push to repos
+        VERSION=$IMAGE_PREFIX BRANCH=${{ env.CI_ACTION_REF_NAME }} PUSH_TO_DOCKERHUB=${{ inputs.push-to-dockerhub }} docker buildx bake --progress plain --push -f docker/docker-bake.hcl

get-deploy-labels/action.yml

@@ -0,0 +1,22 @@
+# Get a list of environments we want to deploy to, and save it as an output
+outputs:
+  deploy-envs:
+    value: ${{ steps.make-label-list.outputs.deploy-envs }}
+
+runs:
+  using: "composite"
+  steps:
+    - id: make-label-list
+      shell: bash
+      run: |
+        # Get a json list of labels for this PR, and discard anything not starting with "deploy-to-"
+        DEPLOY_ENVS=`echo '${{ toJson(github.event.pull_request.labels.*.name) }}' | jq -c 'map(select(test("^deploy-to-")))'`
+
+        # Delete "deploy-to-" so we're just left with the env names
+        DEPLOY_ENVS=${DEPLOY_ENVS//deploy-to-/}
+
+        # Remove empty strings
+        # DEPLOY_ENVS=${DEPLOY_ENVS//\"\"/}
+
+        # Lowercase the whole list and output it
+        echo "deploy-envs=${DEPLOY_ENVS,,}" >> "$GITHUB_OUTPUT"

helm-deploy/action.yml

@@ -0,0 +1,69 @@
+# Deploy a single service via helm
+inputs:
+  image-tag:
+    description: "The image tag to use in the deployments."
+    required: true
+  k8s-namespace:
+    description: "Deployment namespace in kubernetes."
+    required: true
+  environment-slug:
+    description: "Short name of deployment environment. Should be like 'dev', 'prod'. Set this if you have a values-<env>.yaml."
+    required: false
+  helm-extra-args:
+    description: "Add additional/custom helm arguments/commands."
+    required: false
+  helm-chart-name:
+    description: "Helm chart name (eg: mindsdb-gateway)"
+    required: true
+  dry-run:
+    description: "Skip the actual deployment and just show a diff."
+    required: false
+    default: false
+  timeout:
+    description: "The timeout time for helm operations."
+    required: false
+    default: 300s
+
+runs:
+  using: 'composite'
+  steps:
+    - shell: bash
+      run: |
+
+        (kubectl --help &> /dev/null && helm diff version &> /dev/null) || (echo "Please install kubectl, helm, and helm-diff in your runner. Alternatively use one of our docker-based versions of this action: https://github.com/DevOps-Nirvana/" && exit 1)
+
+        HELM_IMAGE_TAG=${{ inputs.image-tag }}
+        HELM_K8S_NAMESPACE=${{ inputs.k8s-namespace }}
+        HELM_ENVIRONMENT_SLUG=${{ inputs.environment-slug }}
+        HELM_DRY_RUN=${{ inputs.dry-run }}
+        HELM_EXTRA_ARGS=${{ inputs.helm-extra-args }}
+        HELM_TIMEOUT=${{ inputs.timeout }}
+        CURRENT_HELM_CHART=${{ inputs.helm-chart-name }}
+
+        cd deployment
+
+        # Creating namespace if necessary
+        kubectl create namespace $HELM_K8S_NAMESPACE || true
+
+        # Setup our helm args
+        export HELM_EXTRA_ARGS="$HELM_EXTRA_ARGS --set image.tag=$HELM_IMAGE_TAG --set global.image.tag=$HELM_IMAGE_TAG --set global.namespace=$HELM_K8S_NAMESPACE";
+
+
+        echo "Update our helm chart dependencies"
+        helm dependency update $CURRENT_HELM_CHART || true
+
+        # Discover values files
+        VALUES_ENV_FILE=`find $CURRENT_HELM_CHART -name values-${HELM_ENVIRONMENT_SLUG}.yaml`
+        VALUES_FILE_ARGS="-f $CURRENT_HELM_CHART/values.yaml${VALUES_ENV_FILE:+ -f $VALUES_ENV_FILE}"
+
+        echo "--- HELM DIFF ---"
+        helm diff upgrade --allow-unreleased --namespace $HELM_K8S_NAMESPACE $HELM_UPDIFF_EXTRA_ARGS $CURRENT_HELM_CHART ./$CURRENT_HELM_CHART \
+          $VALUES_FILE_ARGS \
+          $HELM_EXTRA_ARGS
+
+        if [ "$HELM_DRY_RUN" = "false" ]; then
+          echo "--- HELM UPGRADE ---"
+          helm upgrade --install --atomic --timeout $HELM_TIMEOUT --namespace $HELM_K8S_NAMESPACE $CURRENT_HELM_CHART ./$CURRENT_HELM_CHART \
+            $VALUES_FILE_ARGS \
+            $HELM_EXTRA_ARGS;
+        fi

setup-env/action.yml

@@ -0,0 +1,19 @@
+# Set up all of the CI env vars required for MindsDB
+
+runs:
+  using: "composite"
+  steps:
+    # Get clean environment variables via https://github.com/marketplace/actions/github-environment-variables-action
+    - uses: FranzDiebold/github-env-vars-action@v2
+    - shell: bash
+      run: |
+        echo "REF_SLUG=${CI_REF_NAME_SLUG:-$CI_HEAD_REF_SLUG}" >> $GITHUB_ENV # Use whichever env ref is supplied (push or merge).
+    - id: set-envs
+      shell: bash
+      run: |
+        echo "SLUG=$CI_SHA" >> $GITHUB_ENV
+        # Figure out the namespace and environment name, which should be up to 63 chars in length for Kubernetes
+        # This will also strip tailing dash characters, necessary because we can't have dash suffixed strings in Kubernetes
+        export STRIPPED_STRING=`echo "${{ env.CI_REPOSITORY_NAME }}-${{ env.REF_SLUG }}" | head -c 63 | sed 's/-*$//g'`
+        echo "ENV_NAME=$STRIPPED_STRING" >> $GITHUB_ENV
+        echo "ENV_URL=https://${STRIPPED_STRING}.dev.mindsdb.com" >> $GITHUB_ENV

slack-deploy-msg/action.yml

@@ -0,0 +1,79 @@
+inputs:
+  channel-id:
+    description: "Slack channel ID"
+    required: true
+  status:
+    description: "Status of the deployment"
+    required: true
+  color:
+    description: "Color of message"
+    required: true
+  env-name:
+    description: "Deloy env name"
+    required: true
+  env-url:
+    description: "Deloy env url"
+    required: true
+  slack-token:
+    description: "Slack bot token"
+    required: true
+  update-message-id:
+    description: "ID of the slack message to update"
+    required: false
+    default: ""
+
+outputs:
+  ts:
+    description: "Slack message ID"
+    value: ${{ steps.slack.outputs.ts }}
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Notify of deployment
+      id: slack
+      uses: slackapi/[email protected]
+      with:
+        channel-id: ${{ inputs.channel-id }}
+        update-ts: ${{ inputs.update-message-id }}
+        payload: |
+            {
+              "attachments": [
+                {
+                  "color": "${{ inputs.color }}",
+                  "blocks": [
+                    {
+                      "type": "section",
+                      "text": {
+                        "type": "mrkdwn",
+                        "text": "*<${{ github.event.repository.html_url }}|${{ github.event.repository.name }}>* has ${{ inputs.status }} deploying to *<${{ inputs.env-url }}|${{ inputs.env-name }}>*"
+                      },
+                      "fields": [
+                        {
+                          "type": "mrkdwn",
+                          "text": "*PR*\n<${{ github.event.pull_request._links.html.href }}|${{ github.event.pull_request.title }} (#${{ github.event.number }})>"
+                        },
+                        {
+                          "type": "mrkdwn",
+                          "text": "*User*\n${{ github.triggering_actor }}"
+                        },
+                        {
+                          "type": "mrkdwn",
+                          "text": "*Commit*\n<${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}|${{ github.sha }}>"
+                        },
+                        {
+                          "type": "mrkdwn",
+                          "text": "*Workflow Run*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"
+                        },
+                        {
+                          "type": "mrkdwn",
+                          "text": "*Branch*\n<${{ github.server_url }}/${{ github.repository }}/tree/${{ github.head_ref || github.ref_name }}|${{ github.head_ref || github.ref_name }}>"
+                        }
+                      ]
+                    }
+                  ]
+                }
+              ]
+            }
+      env:
+        SLACK_BOT_TOKEN: ${{ inputs.slack-token }}