-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
62 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| # CI Workflows | ||
|
|
||
| This repository contains several CI workflows designed for deployment in a self-hosted runner. Below is a description of each workflow and its purpose. | ||
|
|
||
| ## Workflows | ||
|
|
||
| ### `ci-build.yml` | ||
| **Trigger:** Automatically on every pull request | ||
|
|
||
| - Builds the `depa-training-encfs`, `depa-training`, and other containers required for the COVID scenario. | ||
| - Runs containers locally to perform preprocessing, save the model, and train the model. | ||
|
|
||
| ### `ci.yml` | ||
| **Trigger:** Manually | ||
|
|
||
| - Prepares data and model for deployment. | ||
| - Creates Azure Storage and Key Vault if they do not already exist. | ||
| - Imports data and model encryption keys with key release policies. | ||
| - Encrypts the data and model. | ||
| - Uploads the encrypted data and model to Azure Storage. | ||
| - Deploys CCR on Azure Container Instances (ACI) and trains the model. | ||
|
|
||
| ### `ci-local.yml` | ||
| **Trigger:** Manually | ||
|
|
||
| - Pulls containers from Azure Container Registry (ACR). | ||
| - Runs containers locally to perform preprocessing, save the model, and train the model. | ||
|
|
||
| ### `release.yml` | ||
| **Trigger:** Manually | ||
|
|
||
| - Builds the `depa-training-encfs`, `depa-training`, contract service container, and other containers required for the COVID scenario. | ||
| - Pushes the built containers to ACR. | ||
|
|
||
| ### `contract-service.yml` | ||
| **Trigger:** Manually | ||
|
|
||
| - Builds the contract service container. | ||
| - Deploys the contract service. | ||
|
|
||
| ## Steps to Deploy Self-Hosted Runner | ||
|
|
||
| 1. **Set up Recommended OIDC Authentication:** | ||
| - Follow the [official guide](https://learn.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=openid%2Cpython%2Caspnetcore#set-up-a-github-actions-workflow-manually) to authenticate GitHub Actions with Azure services using the OIDC approach. | ||
|
|
||
| 2. **Assign Necessary Permissions:** | ||
| - For the service principal created during the above step (or an external one), assign the following permissions: | ||
| - Contributor | ||
| - Custom role with `Microsoft.Authorization/GetRoleAssignment` and `Microsoft.Authorization/CreateRoleAssignment` | ||
|
|
||
| 3. **Create a New Self-Hosted Runner:** | ||
| - Navigate to `Settings` > `Actions` > `Runners` in your GitHub repository. | ||
| - Create a "New self-hosted Runner". | ||
|
|
||
| 4. **Set Up the Azure VM:** | ||
| - Create an Azure VM with at least 16GB RAM, 4 CPUs, and 128GB SSD. | ||
| - Follow the instructions provided in the self-hosted runner setup to configure the action runner on your Azure VM. | ||
|
|
||
| --- | ||
|
|
||
| By following these instructions, you can set up and utilize the CI workflows in your self-hosted runner to automate and manage the deployment processes for your projects. | ||
|
|