-
Notifications
You must be signed in to change notification settings - Fork 16
122 lines (93 loc) · 4.62 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# GitHub recommends pinning actions to a commit SHA.
# To get a newer version, you will need to update the SHA.
# You can also reference a tag or branch, but the action may change without warning.
name: Deploy COVID scenario to ACI
on:
workflow_dispatch:
inputs:
contract:
description: "Contract ID"
required: true
env:
CONTAINER_REGISTRY: ${{ vars.CONTAINER_REGISTRY }}
CONTAINER_REGISTRY_USERNAME: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
CONTAINER_REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_ACCESS_TOKEN }}
AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }}
AZURE_LOCATION: ${{ vars.AZURE_LOCATION }}
AZURE_STORAGE_ACCOUNT_NAME: ${{ vars.AZURE_STORAGE_ACCOUNT_NAME }}
AZURE_ICMR_CONTAINER_NAME: ${{ vars.AZURE_ICMR_CONTAINER_NAME }}
AZURE_COWIN_CONTAINER_NAME: ${{ vars.AZURE_COWIN_CONTAINER_NAME }}
AZURE_INDEX_CONTAINER_NAME: ${{ vars.AZURE_INDEX_CONTAINER_NAME }}
AZURE_MODEL_CONTAINER_NAME: ${{ vars.AZURE_MODEL_CONTAINER_NAME }}
AZURE_OUTPUT_CONTAINER_NAME: ${{ vars.AZURE_OUTPUT_CONTAINER_NAME }}
AZURE_KEYVAULT_ENDPOINT: ${{ vars.AZURE_KEYVAULT_ENDPOINT }}
TOOLS_HOME: ${{ github.workspace }}/external/confidential-sidecar-containers/tools
DATA_DIRECTORY: ${{ github.workspace}}/scenarios/covid/data
CONTRACT_SERVICE_URL: ${{ vars.CONTRACT_SERVICE_URL }}
permissions:
id-token: write
contents: read
jobs:
deploy-ccr-covid-aci:
runs-on: [self-hosted, linux, X64]
steps:
- uses: AutoModality/action-clean@v1
- uses: actions/checkout@v3
- uses: pietrobolcato/install-azure-cli-action@main
- name: Update submodules
run: git submodule update --init --recursive
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.19.x'
- name: Install jq
run: sudo apt install -y jq
- name: Log in with Azure
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
registry: ${{ vars.CONTAINER_REGISTRY }}
username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
password: ${{ secrets.CONTAINER_REGISTRY_ACCESS_TOKEN }}
- name: Install az confcom extension
run: az extension add --name confcom -y
- name: Add user to docker group
run: sudo usermod -aG docker $USER
- name: Run pre-processing
run: cd ${{ github.workspace }}/scenarios/covid/deployment/docker && ./preprocess.sh
- name: Run model saving
run: cd ${{ github.workspace }}/scenarios/covid/deployment/docker && ./save-model.sh
- name: Pull container images for generating policy
run: cd ${{ github.workspace }}/ci && ./pull-containers.sh
- name: create storage and containers
run: cd ${{ github.workspace }}/scenarios/covid/data && ./1-create-storage-containers.sh
- name: create azure key vault
run: cd ${{ github.workspace }}/scenarios/covid/data && ./2-create-akv.sh
- name: Import data and model encryption keys with key release policies
run: cd ${{ github.workspace }}/scenarios/covid/data && ./3-import-keys.sh
- name: Encrypt data and models
run: cd ${{ github.workspace }}/scenarios/covid/data && ./4-encrypt-data.sh
- name: Upload data and model
run: cd ${{ github.workspace }}/scenarios/covid/data && ./5-upload-encrypted-data.sh
- name: Run training
run: cd ${{ github.workspace }}/scenarios/covid/deployment/aci && ./deploy.sh -c ${{ github.event.inputs.contract }} -p ../../config/pipeline_config.json
- name: Dump training container logs
run: sleep 200 && az container logs --name depa-training-covid --resource-group $AZURE_RESOURCE_GROUP --container-name depa-training
- name: Dump sidecar container logs
run: az container logs --name depa-training-covid --resource-group $AZURE_RESOURCE_GROUP --container-name encrypted-storage-sidecar
- name: Download and decrypt model
run: cd ${{ github.workspace }}/scenarios/covid/data && ./6-download-decrypt-model.sh
- name: Clean up resource group and all resources
run: az group delete --yes --name $AZURE_RESOURCE_GROUP
- name: Cleanup data directory
run: sudo rm -rf $DATA_DIRECTORY
if: ${{ always() }}