Improve Scanner logs & update config #8129
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Bailo Image | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| release: | |
| types: [published] | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| jobs: | |
| build_images: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| strategy: | |
| matrix: | |
| component: | |
| - name: backend | |
| context: backend | |
| additional_contexts: python=./lib/python | |
| dockerfile: backend/Dockerfile | |
| tar: /tmp/bailo_backend.tar | |
| artifact: bailo_backend | |
| cache_scope: backend | |
| tag: bailo_backend:latest | |
| - name: frontend | |
| context: frontend | |
| dockerfile: frontend/Dockerfile | |
| tar: /tmp/bailo_frontend.tar | |
| artifact: bailo_frontend | |
| cache_scope: frontend | |
| tag: bailo_frontend:latest | |
| - name: modelscan | |
| context: lib/modelscan_api | |
| dockerfile: lib/modelscan_api/Dockerfile | |
| tar: /tmp/bailo_modelscan.tar | |
| artifact: bailo_modelscan | |
| cache_scope: modelscan | |
| tag: bailo_modelscan:latest | |
| steps: | |
| # Clone repository | |
| - uses: actions/checkout@v5 | |
| # Setup BuildX | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build ${{ matrix.component.name }} image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ${{ matrix.component.context }} | |
| build-contexts: ${{ matrix.component.additional_contexts || '' }} | |
| file: ${{ matrix.component.dockerfile }} | |
| tags: ${{ matrix.component.tag }} | |
| cache-from: type=gha,scope=${{ matrix.component.cache_scope }} | |
| cache-to: type=gha,mode=max,scope=${{ matrix.component.cache_scope }} | |
| outputs: type=docker,dest=${{ matrix.component.tar }} | |
| # modelscan version check (separate to release versions) | |
| - name: Check if modelscan_api version changed | |
| if: github.ref == 'refs/heads/main' && matrix.component.name == 'modelscan' | |
| id: modelscan_version_changed | |
| run: | | |
| git fetch origin main --depth=2 | |
| OLD_VERSION=$(git show HEAD^:lib/modelscan_api/bailo_modelscan_api/config.py | grep 'app_version' | head -n1 | cut -d'"' -f2) | |
| NEW_VERSION=$(grep 'app_version' lib/modelscan_api/bailo_modelscan_api/config.py | head -n1 | cut -d'"' -f2) | |
| if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then | |
| echo "changed=true" >> $GITHUB_OUTPUT | |
| echo "version=$NEW_VERSION" >> $GITHUB_OUTPUT | |
| else | |
| echo "changed=false" >> $GITHUB_OUTPUT | |
| fi | |
| # Log in to GHCR if release made or modelscan_api version changed | |
| - name: Log in to GHCR | |
| if: (github.event_name == 'release' && matrix.component.name != 'modelscan') || (github.ref == 'refs/heads/main' && matrix.component.name == 'modelscan' && steps.modelscan_version_changed.outputs.changed == 'true') | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Push backend & frontend to GHCR if release made (ignoring modelscan_api which is published separately) | |
| - name: Tag & push backend & frontend images to GHCR | |
| if: github.event_name == 'release' && matrix.component.name != 'modelscan' | |
| run: | | |
| docker load -i ${{ matrix.component.tar }} | |
| IMAGE_ID=$(docker images --format "{{.Repository}}:{{.Tag}}" | head -n 1) | |
| VERSION_TAG="ghcr.io/${{ github.repository_owner }}/bailo_${{ matrix.component.name }}:${{ github.event.release.tag_name }}" | |
| LATEST_TAG="ghcr.io/${{ github.repository_owner }}/bailo_${{ matrix.component.name }}:latest" | |
| docker tag $IMAGE_ID $VERSION_TAG | |
| docker tag $IMAGE_ID $LATEST_TAG | |
| docker push $VERSION_TAG | |
| docker push $LATEST_TAG | |
| # Push modelscan_api to GHCR if version bumped | |
| - name: Tag & push modelscan image to GHCR | |
| if: github.ref == 'refs/heads/main' && matrix.component.name == 'modelscan' && steps.modelscan_version_changed.outputs.changed == 'true' | |
| run: | | |
| docker load -i ${{ matrix.component.tar }} | |
| IMAGE_ID=$(docker images --format "{{.Repository}}:{{.Tag}}" | head -n 1) | |
| VERSION_TAG="ghcr.io/${{ github.repository_owner }}/bailo_${{ matrix.component.name }}:${{ steps.modelscan_version_changed.outputs.version }}" | |
| LATEST_TAG="ghcr.io/${{ github.repository_owner }}/bailo_${{ matrix.component.name }}:latest" | |
| docker tag $IMAGE_ID $VERSION_TAG | |
| docker tag $IMAGE_ID $LATEST_TAG | |
| docker push $VERSION_TAG | |
| docker push $LATEST_TAG | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.component.artifact }} | |
| path: ${{ matrix.component.tar }} | |
| tests: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| task: [unit, style] | |
| steps: | |
| # Clone repository | |
| - uses: actions/checkout@v5 | |
| - name: Use Node.js | |
| uses: actions/setup-node@v5 | |
| with: | |
| node-version: 24.5.0 | |
| cache: "npm" | |
| - name: Cache npm dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**package-lock.json') }} | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Create certs | |
| if: matrix.task == 'unit' | |
| run: sudo chown -R runner:docker backend/certs && npm run certs | |
| - name: Run unit tests | |
| if: matrix.task == 'unit' | |
| run: npm run test | |
| - name: Run style checks | |
| if: matrix.task == 'style' | |
| run: npm run check-style && npm run lint | |
| kubernetes: | |
| needs: [build_images] | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Clone repository | |
| - uses: actions/checkout@v5 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v5 | |
| with: | |
| node-version: 24.5.0 | |
| cache: "npm" | |
| # Setup BuildX | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Get Bailo Docker image | |
| - name: Download artifact | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: bailo_backend | |
| path: /tmp | |
| - name: Download artifact | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: bailo_frontend | |
| path: /tmp | |
| - name: Download artifact | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: bailo_modelscan | |
| path: /tmp | |
| - name: Start minikube | |
| uses: medyagh/setup-minikube@master | |
| - name: List Cluster | |
| run: kubectl get pods -A | |
| - name: Load docker image to minikube | |
| run: | | |
| eval $(minikube -p minikube docker-env) | |
| docker load -i /tmp/bailo_backend.tar | |
| docker load -i /tmp/bailo_frontend.tar | |
| docker load -i /tmp/bailo_modelscan.tar | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Create certs | |
| run: sudo chown -R runner:docker backend/certs && npm run certs | |
| # Add bailo NodePort | |
| - name: Create NodePort Config | |
| run: | | |
| cat << EOT >> infrastructure/helm/bailo/templates/nodePort.yaml | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: node-port | |
| spec: | |
| type: NodePort | |
| ports: | |
| - port: {{ .Values.nginxAuth.port }} | |
| targetPort: {{ .Values.nginxAuth.port }} | |
| selector: | |
| name: nginx | |
| EOT | |
| # Create local.yaml | |
| - name: Create local.yaml | |
| run: | | |
| cat << EOT >> infrastructure/helm/bailo/local.yaml | |
| --- | |
| # Instance Settings | |
| securityContext: | |
| runAsUser: 1002 | |
| config: | |
| ui: | |
| banner: | |
| enabled: "true" | |
| text: "BAILO TEST" | |
| build: | |
| environment: img | |
| # Bailo | |
| image: | |
| frontendRepository: "bailo_frontend" | |
| frontendTag: latest | |
| backendRepository: "bailo_backend" | |
| backendTag: latest | |
| modelscanRepository: "bailo_modelscan" | |
| modelscanTag: latest | |
| # Used for k8s not openshift | |
| ingress: | |
| enabled: false | |
| route: | |
| enabled: false | |
| appPublicRoute: localhost | |
| mongodb: | |
| architecture: standalone | |
| auth: | |
| passwords: | |
| - MongoDBPassword | |
| usernames: | |
| - bailo_user | |
| EOT | |
| - name: Set Bailo image pull policy to Never | |
| run: sed -i 's/{{ .Values.image.pullPolicy }}/Never/g' infrastructure/helm/bailo/templates/bailo/bailo.deployment.yaml | |
| - name: HELM update dependency update | |
| working-directory: ./infrastructure/helm/bailo | |
| run: helm dependency update | |
| - name: HELM deploy to minikube | |
| working-directory: ./infrastructure/helm/bailo | |
| run: helm install --values ./local.yaml bailo . | |
| - name: Wait for all pods to be ready | |
| run: kubectl wait --for=condition=Ready pods --all --timeout 120s | |
| - name: List Certs | |
| run: kubectl describe secret bailo-certs | |
| - name: List Pods | |
| run: kubectl get pods | |
| - name: List Services | |
| run: kubectl get services | |
| - name: HELM test Bailo | |
| working-directory: ./infrastructure/helm/bailo | |
| run: helm test bailo | |
| - name: Test Bailo URL | |
| run: | | |
| minikube service list | |
| echo "---------------curl connect to bailo---------------" | |
| curl $(minikube service node-port --url) | |
| # Run Cypress integration tests | |
| #- run: CYPRESS_BASE_URL=$(minikube service node-port --url) npm run cy:run | |
| - uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: cypress-screenshots-k8s | |
| path: cypress/screenshots | |
| # - uses: actions/upload-artifact@v4 | |
| # if: always() | |
| # with: | |
| # name: cypress-videos | |
| # path: cypress/videos | |
| - name: Print application logs | |
| if: always() | |
| run: kubectl logs -l app.kubernetes.io/instance=bailo --tail=-1 | |
| end_to_end: | |
| needs: [build_images] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| job_name: [end_to_end, integration_python] | |
| steps: | |
| # Clone repository | |
| - uses: actions/checkout@v5 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v5 | |
| with: | |
| node-version: 24.5.0 | |
| cache: "npm" | |
| # Setup BuildX | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Get Bailo Docker images | |
| - name: Download artifact | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: bailo_backend | |
| path: /tmp | |
| - name: Download artifact | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: bailo_frontend | |
| path: /tmp | |
| - name: Download artifact | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: bailo_modelscan | |
| path: /tmp | |
| - name: Load image | |
| run: | | |
| docker load --input /tmp/bailo_frontend.tar | |
| docker load --input /tmp/bailo_backend.tar | |
| docker load --input /tmp/bailo_modelscan.tar | |
| docker image ls -a | |
| rm -rf /tmp/bailo_frontend.tar /tmp/bailo_backend.tar /tmp/bailo_modelscan.tar | |
| # Create logs directory | |
| - run: mkdir logs | |
| # Install dependencies | |
| - run: npm ci | |
| # Create certs | |
| - run: sudo chown -R runner:docker backend/certs | |
| - run: npm run certs | |
| # Configure application | |
| - name: Configure Bailo | |
| run: | | |
| cat <<EOT >> backend/config/local.cjs | |
| module.exports = { | |
| minio: { | |
| accessKey: 'minioadmin', | |
| secretKey: 'minioadmin', | |
| }, | |
| smtp: { | |
| auth: { | |
| user: 'mailuser', | |
| pass: 'mailpass', | |
| }, | |
| tls: { | |
| rejectUnauthorized: false, | |
| }, | |
| }, | |
| logging: { | |
| file: { | |
| path: '/home/runner/work/Bailo/Bailo/logs/out.log', | |
| }, | |
| }, | |
| } | |
| EOT | |
| - run: docker compose -f docker-compose-prod.yml up -d | |
| # wait for app to start | |
| - run: | | |
| chmod +x ./backend/src/scripts/waitForIt.sh | |
| ./backend/src/scripts/waitForIt.sh localhost:8080 -t 10 | |
| # wait for mongo to start | |
| - run: | | |
| chmod +x ./backend/src/scripts/waitForIt.sh | |
| ./backend/src/scripts/waitForIt.sh localhost:27017 -t 10 | |
| # e2e with Cypress | |
| - uses: cypress-io/github-action@v6 | |
| if: matrix.job_name == 'end_to_end' | |
| with: | |
| wait-on: 'http://localhost:8080/api/v2/config/ui, http://localhost:8080' | |
| working-directory: ./frontend | |
| install: false | |
| spec: cypress/e2e/bailo/**/* | |
| # Python integration | |
| - name: Set up Python | |
| if: matrix.job_name == 'integration_python' | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.13" | |
| - name: Cache python pip | |
| if: matrix.job_name == 'integration_python' | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }} | |
| - name: Install dependencies | |
| if: matrix.job_name == 'integration_python' | |
| run: | | |
| python -m pip install --upgrade pip | |
| cd lib/python | |
| python -m pip install -e .[test] | |
| - name: Start MLFlow | |
| if: matrix.job_name == 'integration_python' | |
| run: | | |
| mlflow server --host 127.0.0.1 --port 5050 & | |
| - name: Wait for mlflow to start | |
| if: matrix.job_name == 'integration_python' | |
| run: | | |
| chmod +x ./backend/src/scripts/waitForIt.sh | |
| ./backend/src/scripts/waitForIt.sh localhost:5050 -t 10 | |
| - name: Test with pytest | |
| if: matrix.job_name == 'integration_python' | |
| run: | | |
| cd lib/python | |
| python -m pytest -m integration | |
| python -m pytest -m mlflow | |
| env: | |
| PYTEST_RUN_PATH: "lib/python" | |
| # Upload all artifacts & logs | |
| - uses: actions/upload-artifact@v4 | |
| if: failure() && matrix.job_name == 'end_to_end' | |
| with: | |
| name: cypress-screenshots-e2e | |
| path: frontend/cypress/screenshots | |
| - name: Dump docker compose logs | |
| if: always() | |
| run: docker compose logs > logs/stack.log | |
| - name: Docker Compose Logs | |
| if: always() | |
| run: cat logs/stack.log | |
| - uses: actions/upload-artifact@v4 | |
| if: always() && matrix.job_name == 'end_to_end' | |
| with: | |
| name: logs | |
| path: logs |