Deploy COVID scenario to ACI #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow uses actions that are not certified by GitHub. | |
# They are provided by a third-party and are governed by | |
# separate terms of service, privacy policy, and support | |
# documentation. | |
# GitHub recommends pinning actions to a commit SHA. | |
# To get a newer version, you will need to update the SHA. | |
# You can also reference a tag or branch, but the action may change without warning. | |
name: Deploy COVID scenario to ACI | |
on: | |
workflow_dispatch: | |
inputs: | |
contract: | |
description: "Contract ID" | |
required: true | |
env: | |
CONTAINER_REGISTRY: ${{ vars.CONTAINER_REGISTRY }} | |
CONTAINER_REGISTRY_USERNAME: ${{ secrets.CONTAINER_REGISTRY_USERNAME }} | |
CONTAINER_REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_ACCESS_TOKEN }} | |
AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }} | |
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }} | |
AZURE_STORAGE_ACCOUNT_NAME: ${{ vars.AZURE_STORAGE_ACCOUNT_NAME }} | |
AZURE_ICMR_CONTAINER_NAME: ${{ vars.AZURE_ICMR_CONTAINER_NAME }} | |
AZURE_COWIN_CONTAINER_NAME: ${{ vars.AZURE_COWIN_CONTAINER_NAME }} | |
AZURE_INDEX_CONTAINER_NAME: ${{ vars.AZURE_INDEX_CONTAINER_NAME }} | |
AZURE_MODEL_CONTAINER_NAME: ${{ vars.AZURE_MODEL_CONTAINER_NAME }} | |
AZURE_OUTPUT_CONTAINER_NAME: ${{ vars.AZURE_OUTPUT_CONTAINER_NAME }} | |
AZURE_KEYVAULT_ENDPOINT: ${{ vars.AZURE_KEYVAULT_ENDPOINT }} | |
TOOLS_HOME: ${{ github.workspace }}/external/confidential-sidecar-containers/tools | |
DATA_DIRECTORY: ${{ github.workspace}}/scenarios/covid/data | |
CONTRACT_SERVICE_URL: ${{ vars.CONTRACT_SERVICE_URL }} | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
deploy-ccr-covid-aci: | |
runs-on: [self-hosted, linux, X64] | |
steps: | |
- uses: AutoModality/action-clean@v1 | |
- uses: actions/checkout@v3 | |
- uses: pietrobolcato/install-azure-cli-action@main | |
- name: Update submodules | |
run: git submodule update --init --recursive | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: '1.19.x' | |
- name: Install jq | |
run: sudo apt install -y jq | |
- name: Log in with Azure | |
uses: azure/login@v1 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ vars.CONTAINER_REGISTRY }} | |
username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }} | |
password: ${{ secrets.CONTAINER_REGISTRY_ACCESS_TOKEN }} | |
- name: Install az confcom extension | |
run: az extension add --name confcom -y | |
- name: Add user to docker group | |
run: sudo usermod -aG docker $USER | |
- name: Run pre-processing | |
run: cd ${{ github.workspace }}/scenarios/covid/deployment/docker && ./preprocess.sh | |
- name: Run model saving | |
run: cd ${{ github.workspace }}/scenarios/covid/deployment/docker && ./save-model.sh | |
- name: Pull container images for generating policy | |
run: cd ${{ github.workspace }}/ci && ./pull-containers.sh | |
- name: create storage and containers | |
run: cd ${{ github.workspace }}/scenarios/covid/data && ./1-create-storage-containers.sh | |
- name: create azure key vault | |
run: cd ${{ github.workspace }}/scenarios/covid/data && ./2-create-akv.sh | |
- name: Import data and model encryption keys with key release policies | |
run: cd ${{ github.workspace }}/scenarios/covid/data && ./3-import-keys.sh | |
- name: Encrypt data and models | |
run: cd ${{ github.workspace }}/scenarios/covid/data && ./4-encrypt-data.sh | |
- name: Upload data and model | |
run: cd ${{ github.workspace }}/scenarios/covid/data && ./5-upload-encrypted-data.sh | |
- name: Run training | |
run: cd ${{ github.workspace }}/scenarios/covid/deployment/aci && ./deploy.sh -c ${{ github.event.inputs.contract }} -p ../../config/pipeline_config.json | |
- name: Dump training container logs | |
run: sleep 200 && az container logs --name depa-training-covid --resource-group $AZURE_RESOURCE_GROUP --container-name depa-training | |
- name: Dump sidecar container logs | |
run: az container logs --name depa-training-covid --resource-group $AZURE_RESOURCE_GROUP --container-name encrypted-storage-sidecar | |
- name: Download and decrypt model | |
run: cd ${{ github.workspace }}/scenarios/covid/data && ./6-download-decrypt-model.sh | |
- name: Clean up resource group and all resources | |
run: az group delete --yes --name $AZURE_RESOURCE_GROUP | |
- name: Cleanup data directory | |
run: sudo rm -rf $DATA_DIRECTORY | |
if: ${{ always() }} |