Merge pull request #2 from CCPBioSim/add-infra

migrate build infrastructure components

Author: jimboid

.github/dependabot.yml

@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every day
+      interval: "daily"
+      time: "09:00"
+      timezone: "UTC"
+    assignees:
+      - "jimboid"

.github/workflows/build.yaml

@@ -0,0 +1,204 @@
+name: ci/cd
+on:
+  pull_request:
+  repository_dispatch:
+    types: [build]
+  workflow_dispatch:
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+    runs-on: ${{ matrix.platform == 'linux/amd64' && 'ubuntu-24.04' || matrix.platform == 'linux/arm64' && 'ubuntu-24.04-arm' }}
+    name: build ${{ matrix.platform }}
+    outputs:
+      tag: ${{ steps.envvars.outputs.tag }}
+    steps:
+      - name: checkout
+        uses: actions/checkout@v5.0.0
+
+      - name: Prepare env
+        id: envvars
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+          if [ ${{ github.event.client_payload.tag }} != 'null' ]; then
+            echo "tag=${{ github.event.client_payload.tag }}" >> $GITHUB_OUTPUT
+          else
+            echo "tag=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Metadata
+        id: meta
+        uses: docker/metadata-action@v5.8.0
+        with:
+          images: ghcr.io/${{ vars.ORG_REPO }}/${{ github.event.repository.name }}
+
+      - name: Authenticate with GHCR
+        id: auth
+        uses: docker/login-action@v3.5.0
+        with:
+          registry: ghcr.io
+          username: ${{github.actor}}
+          password: ${{secrets.BUILD_TOKEN}}
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3.11.1
+
+      - name: Build and push by digest
+        id: build
+        uses: docker/build-push-action@v6.18.0
+        with:
+          file: ./docker/Dockerfile
+          platforms: ${{ matrix.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ghcr.io/${{ vars.ORG_REPO }}/${{ github.event.repository.name }}
+          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
+
+      - name: Export digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4.6.2
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-24.04
+    name: merge into multiarch manifest
+    needs:
+      - build
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v5.0.0
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Authenticate with GHCR
+        id: auth
+        uses: docker/login-action@v3.5.0
+        with:
+          registry: ghcr.io
+          username: ${{github.actor}}
+          password: ${{secrets.BUILD_TOKEN}}
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3.11.1
+
+      - name: Metadata
+        id: meta
+        uses: docker/metadata-action@v5.8.0
+        with:
+          images: ghcr.io/${{ vars.ORG_REPO }}/${{ github.event.repository.name }}
+          tags: dev
+
+      - name: Create manifest list and push
+        id: annotate
+        continue-on-error: true
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            --annotation='index:org.opencontainers.image.description=${{ github.event.repository.description }}' \
+            --annotation='index:org.opencontainers.image.licenses=MIT' \
+            --annotation='index:org.opencontainers.image.created=${{ steps.timestamp.outputs.timestamp }}' \
+            --annotation='index:org.opencontainers.image.url=${{ github.event.repository.url }}' \
+            --annotation='index:org.opencontainers.image.source=${{ github.event.repository.url }}' \
+            $(printf 'ghcr.io/${{ vars.ORG_REPO }}/${{ github.event.repository.name }}@sha256:%s ' *)
+
+      - name: Create manifest list and push without annotations
+        if: steps.annotate.outcome == 'failure'
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          docker buildx imagetools create  $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf 'ghcr.io/${{ vars.ORG_REPO }}/${{ github.event.repository.name }}@sha256:%s ' *)
+
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect ghcr.io/${{ vars.ORG_REPO }}/${{ github.event.repository.name }}:dev
+
+  tests:
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          #- linux/arm64
+    runs-on: ${{ matrix.platform == 'linux/amd64' && 'ubuntu-latest' || matrix.platform == 'linux/arm64' && 'ubuntu-24.04-arm' }}
+    name: testing on ${{ matrix.platform }} 
+    timeout-minutes: 360
+    needs: 
+      - build
+      - merge
+    steps:
+
+      - name: Test notebooks
+        shell: bash
+        run: |
+          docker run -t ghcr.io/${{ vars.ORG_REPO }}/${{ github.event.repository.name }}:dev bash -c " \
+            mkdir us5; \
+            cd us5; \
+            ln -s ../data/md5.rst md.rst; \
+            bash ../scripts/setup_umb_samp.sh; \
+            bash run_umb_samp.sh; \
+            wait; \
+            bash ../scripts/run_wham.sh; \
+            wait; \
+            cpptraj < ../data/make_us_trj.in &> make_us_trj.log; \
+            wait; \
+            cd ..; \
+            mkdir adiab5; \
+            cd adiab5; \
+            ln -s ../us5/rc-0.30/md1ps.rst md1ps_rc-0.3.rst; \
+            bash ../scripts/run_adiab_all.sh; \
+            wait; \
+            cpptraj < ../data/make_adiab_trj.in &> make_adiab_trj.log; \
+            wait; \
+            cd ..; \
+            pip install pytest nbmake; \
+            find . -name '*.ipynb' | pytest --nbmake --nbmake-timeout=3600; "
+
+  tags:
+    runs-on: ubuntu-24.04
+    if: github.event_name != 'pull_request'
+    name: add tags
+    needs:
+      - build
+      - tests
+    steps:
+      - name: Authenticate with GHCR
+        id: auth
+        uses: docker/login-action@v3.5.0
+        with:
+          registry: "ghcr.io"
+          username: ${{github.actor}}
+          password: ${{secrets.BUILD_TOKEN}}
+
+      - name: tag release versions
+        shell: bash
+        run: |
+          docker buildx imagetools create \
+            --tag ghcr.io/${{ vars.ORG_REPO }}/${{ github.event.repository.name }}:latest \
+            --tag ghcr.io/${{ vars.ORG_REPO }}/${{ github.event.repository.name }}:${{ needs.build.outputs.tag }} \
+            ghcr.io/${{ vars.ORG_REPO }}/${{ github.event.repository.name }}:dev
+
+      - name: Post version update to dash
+        uses: peter-evans/repository-dispatch@v3.0.0
+        with:
+          token: ${{ secrets.BUILD_TOKEN }}
+          repository: jimboid/biosim-workshops-dash
+          event-type: build    
+          client-payload: '{"repo": "${{ github.event.repository.name }}", "tag": "${{ needs.build.outputs.tag }}"}'