From 7108056bb7b07060a2c36d223dfe1d332a0e11fd Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Mon, 5 May 2025 11:26:20 -0700 Subject: [PATCH 01/16] Create workflow to trigger platform subtree pull --- .github/workflows/trigger_platform_subtree_pull.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .github/workflows/trigger_platform_subtree_pull.yaml diff --git a/.github/workflows/trigger_platform_subtree_pull.yaml b/.github/workflows/trigger_platform_subtree_pull.yaml new file mode 100644 index 0000000000..9468149d20 --- /dev/null +++ b/.github/workflows/trigger_platform_subtree_pull.yaml @@ -0,0 +1,10 @@ +name: Trigger Subtree Update in Platform + +on: + push: + branches: [ main ] # Run when changes land in chronon's main + +jobs: + trigger-subtree-pull: + uses: zipline-ai/platform/.github/workflows/subtree_pull_reusable.yaml@main + secrets: inherit # Passes all secrets (needed for the deploy key) \ No newline at end of file From bbe248a41b8efd20b50da3613f9e5b4045a2c41a Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Mon, 5 May 2025 12:36:52 -0700 Subject: [PATCH 02/16] Test on push --- .github/workflows/trigger_platform_subtree_pull.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trigger_platform_subtree_pull.yaml b/.github/workflows/trigger_platform_subtree_pull.yaml index 9468149d20..9f65a2a497 100644 --- a/.github/workflows/trigger_platform_subtree_pull.yaml +++ b/.github/workflows/trigger_platform_subtree_pull.yaml @@ -2,7 +2,7 @@ name: Trigger Subtree Update in Platform on: push: - branches: [ main ] # Run when changes land in chronon's main +# branches: [ main ] # Run when changes land in chronon's main jobs: trigger-subtree-pull: From 22e1b7b15f929cdc9ecd4955ef36687b95a09e67 Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Mon, 5 May 2025 12:41:38 -0700 Subject: [PATCH 03/16] whitespace change for testing --- .github/workflows/trigger_platform_subtree_pull.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/trigger_platform_subtree_pull.yaml b/.github/workflows/trigger_platform_subtree_pull.yaml index 9f65a2a497..0eb97874b4 100644 --- a/.github/workflows/trigger_platform_subtree_pull.yaml +++ b/.github/workflows/trigger_platform_subtree_pull.yaml @@ -4,6 +4,7 @@ on: push: # branches: [ main ] # Run when changes land in chronon's main + jobs: trigger-subtree-pull: uses: zipline-ai/platform/.github/workflows/subtree_pull_reusable.yaml@main From 3a5f3ed8fdf69f6966f8179f1bceee55951b055b Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Mon, 5 May 2025 12:57:51 -0700 Subject: [PATCH 04/16] Delete duplicate push_to_canary to avoid conflicts --- .github/workflows/push_to_canary.yaml | 520 -------------------------- 1 file changed, 520 deletions(-) delete mode 100644 .github/workflows/push_to_canary.yaml diff --git a/.github/workflows/push_to_canary.yaml b/.github/workflows/push_to_canary.yaml deleted file mode 100644 index f2695399bb..0000000000 --- a/.github/workflows/push_to_canary.yaml +++ /dev/null @@ -1,520 +0,0 @@ -name: Push To Canary - -on: - push: - branches: - - main - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - -env: - AWS_ACCOUNT_ID: ${{secrets.AWS_ACCOUNT_ID}} - AWS_REGION: ${{secrets.AWS_REGION}} - GCP_PROJECT_ID: ${{secrets.GCP_PROJECT_ID}} - GCP_REGION: ${{secrets.GCP_REGION}} - -jobs: - build_artifacts: - runs-on: ubuntu-latest - - permissions: - contents: read - - steps: - - uses: actions/checkout@v4 - - - name: Setup JDK - uses: actions/setup-java@v4 - with: - distribution: corretto - java-version: 17 - - - name: Setup Bazel cache credentials - run: | - echo "${{ secrets.BAZEL_CACHE_CREDENTIALS }}" | base64 -d > bazel-cache-key.json - - - name: Install Thrift - env: - THRIFT_VERSION: 0.21.0 - run: | - sudo apt-get install automake bison flex g++ git libboost-all-dev libevent-dev libssl-dev libtool make pkg-config && \ - curl -LSs https://archive.apache.org/dist/thrift/${{env.THRIFT_VERSION}}/thrift-${{env.THRIFT_VERSION}}.tar.gz -o thrift-${{env.THRIFT_VERSION}}.tar.gz && \ - tar -xzf thrift-${{env.THRIFT_VERSION}}.tar.gz && \ - cd thrift-${{env.THRIFT_VERSION}} && \ - sudo ./configure --without-python --without-cpp --without-nodejs --without-java --disable-debug --disable-tests --disable-libs && \ - sudo make && \ - sudo make install && \ - cd .. && \ - sudo rm -rf thrift-${{env.THRIFT_VERSION}} thrift-${{env.THRIFT_VERSION}}.tar.gz - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: '3.11' # This should match the version used in [chronon]/.toolversions - - - name: Get the latest release tag - id: get_tag - run: | - git fetch --tags - TAG=$(git tag --sort=-creatordate | head -n 1) - TAG="${TAG#v}" - echo "Latest release tag: $TAG" - - echo "tag=$TAG" >> $GITHUB_OUTPUT - - - name: Build Python Wheel - id: build-wheel - shell: bash - env: - VERSION: "${{ steps.get_tag.outputs.tag }}+${{ github.sha }}" - run: | - set -eo pipefail - echo "Building wheel" - python3 -m pip install --upgrade pip - python3 -m pip install --upgrade setuptools wheel - - ./scripts/distribution/build_wheel.sh ${{ env.VERSION }} - - EXPECTED_ZIPLINE_WHEEL="zipline_ai-${{ env.VERSION }}-py3-none-any.whl" - if [ ! -f "$EXPECTED_ZIPLINE_WHEEL" ]; then - echo "$EXPECTED_ZIPLINE_WHEEL not found" - exit 1 - fi - echo "wheel_file=$EXPECTED_ZIPLINE_WHEEL" >> $GITHUB_OUTPUT - echo "version=${{ env.VERSION }}" >> $GITHUB_OUTPUT - - - name: Upload Wheel - uses: actions/upload-artifact@v4 - with: - name: zipline-ai-wheel - path: ${{ steps.build-wheel.outputs.wheel_file }} - - - name: Build Bazel Project - id: bazel-build - run: | - bazel clean - bazel build //flink:flink_assembly_deploy.jar \ - --remote_cache=https://storage.googleapis.com/zipline-bazel-cache \ - --google_credentials=bazel-cache-key.json - bazel build //cloud_gcp:cloud_gcp_lib_deploy.jar \ - --remote_cache=https://storage.googleapis.com/zipline-bazel-cache \ - --google_credentials=bazel-cache-key.json - bazel build //cloud_aws:cloud_aws_lib_deploy.jar \ - --remote_cache=https://storage.googleapis.com/zipline-bazel-cache \ - --google_credentials=bazel-cache-key.json - bazel build //service:service_assembly_deploy.jar \ - --remote_cache=https://storage.googleapis.com/zipline-bazel-cache \ - --google_credentials=bazel-cache-key.json - - - - name: Upload Flink Assembly Jar - uses: actions/upload-artifact@v4 - with: - name: flink-assembly-jar - path: bazel-bin/flink/flink_assembly_deploy.jar - - - name: Upload Cloud AWS Jar - uses: actions/upload-artifact@v4 - with: - name: cloud-aws-jar - path: bazel-bin/cloud_aws/cloud_aws_lib_deploy.jar - - - name: Upload Cloud GCP Jar - uses: actions/upload-artifact@v4 - with: - name: cloud-gcp-jar - path: bazel-bin/cloud_gcp/cloud_gcp_lib_deploy.jar - - - name: Upload Service Assembly Jar - uses: actions/upload-artifact@v4 - with: - name: service-assembly-jar - path: bazel-bin/service/service_assembly_deploy.jar - outputs: - wheel_file: ${{ steps.build-wheel.outputs.wheel_file }} - version: ${{ steps.build-wheel.outputs.version }} - - - push_to_aws: - needs: build_artifacts - runs-on: ubuntu-latest - - permissions: - id-token: write - - steps: - - - name: Download Python Wheel - uses: actions/download-artifact@v4 - with: - name: zipline-ai-wheel - - - name: Download Flink Assembly Jar - uses: actions/download-artifact@v4 - with: - name: flink-assembly-jar - - - name: Download Cloud AWS Lib Jar - uses: actions/download-artifact@v4 - with: - name: cloud-aws-jar - - - name: Download Service Assembly Jar - uses: actions/download-artifact@v4 - with: - name: service-assembly-jar - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::${{env.AWS_ACCOUNT_ID}}:role/github_actions - aws-region: ${{env.AWS_REGION}} - - - name: Push Jars to s3 Bucket - shell: bash - run: | - set -eo pipefail - aws s3 cp ${{ needs.build_artifacts.outputs.wheel_file }} s3://zipline-artifacts-canary/release/${{ needs.build_artifacts.outputs.version }}/wheels/ --metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - aws s3 cp flink_assembly_deploy.jar s3://zipline-artifacts-canary/release/${{ needs.build_artifacts.outputs.version }}/jars/flink_assembly_deploy.jar --metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - aws s3 cp cloud_aws_lib_deploy.jar s3://zipline-artifacts-canary/release/${{ needs.build_artifacts.outputs.version }}/jars/cloud_aws_lib_deploy.jar --metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - aws s3 cp service_assembly_deploy.jar s3://zipline-artifacts-canary/release/${{ needs.build_artifacts.outputs.version }}/jars/service_assembly_deploy.jar --metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - - - push_to_gcp: - needs: build_artifacts - runs-on: ubuntu-latest - - permissions: - id-token: write - contents: read - - steps: - - uses: actions/checkout@v4 - - - name: Download Python Wheel - uses: actions/download-artifact@v4 - with: - name: zipline-ai-wheel - - - name: Download Flink Assembly Jar - uses: actions/download-artifact@v4 - with: - name: flink-assembly-jar - - - name: Download Cloud GCP Lib Jar - uses: actions/download-artifact@v4 - with: - name: cloud-gcp-jar - - - name: Download Service Assembly Jar - uses: actions/download-artifact@v4 - with: - name: service-assembly-jar - - - - name: Configure GCP Credentials - uses: google-github-actions/auth@v2 - with: - project_id: ${{env.GCP_PROJECT_ID}} - workload_identity_provider: projects/${{secrets.GCP_CANARY_PROJECT_NUMBER}}/locations/global/workloadIdentityPools/github-actions/providers/github - service_account: github-actions@${{secrets.GCP_CANARY_PROJECT_ID}}.iam.gserviceaccount.com - - - name: Set up Google Cloud SDK - uses: google-github-actions/setup-gcloud@v2 - - - name: Push Jars to GCS Bucket - shell: bash - env: - GAR_QUICKSTART_REPOSITORY: ${{env.GCP_REGION}}-docker.pkg.dev/${{env.GCP_PROJECT_ID}}/canary-images/quickstart - IMAGE_TAG: main - run: | - set -eo pipefail - gcloud storage cp ${{ needs.build_artifacts.outputs.wheel_file }} gs://zipline-artifacts-canary/release/${{ needs.build_artifacts.outputs.version }}/wheels/ - gcloud storage objects update gs://zipline-artifacts-canary/release/${{ needs.build_artifacts.outputs.version }}/wheels/${{ needs.build_artifacts.outputs.wheel_file }} --custom-metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - gcloud storage cp flink_assembly_deploy.jar gs://zipline-artifacts-canary/release/${{ needs.build_artifacts.outputs.version }}/jars/flink_assembly_deploy.jar - gcloud storage objects update gs://zipline-artifacts-canary/release/${{ needs.build_artifacts.outputs.version }}/jars/flink_assembly_deploy.jar --custom-metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - gcloud storage cp cloud_gcp_lib_deploy.jar gs://zipline-artifacts-canary/release/${{ needs.build_artifacts.outputs.version }}/jars/cloud_gcp_lib_deploy.jar - gcloud storage objects update gs://zipline-artifacts-canary/release/${{ needs.build_artifacts.outputs.version }}/jars/cloud_gcp_lib_deploy.jar --custom-metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - gcloud storage cp service_assembly_deploy.jar gs://zipline-artifacts-canary/release/${{ needs.build_artifacts.outputs.version }}/jars/service_assembly_deploy.jar - gcloud storage objects update gs://zipline-artifacts-canary/release/${{ needs.build_artifacts.outputs.version }}/jars/service_assembly_deploy.jar --custom-metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - - - run_aws_integration_tests: - runs-on: ubuntu-latest - needs: [ build_artifacts, push_to_aws ] - - permissions: - id-token: write - contents: read - - steps: - - - name: Checkout repo - uses: actions/checkout@v4 - - - name: Configure AWS Credentials for Canary Project - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID}}:role/github_actions - aws-region: ${{secrets.AWS_REGION}} - - - name: Run Quickstart Integration Tests - id: aws_integration_tests - shell: bash - run: | - set -xo pipefail - ./scripts/distribution/run_aws_quickstart.sh --canary --version ${{ needs.build_artifacts.outputs.version }} - - - name: On Fail Notify Slack - id: notify_slack - if: failure() - uses: slackapi/slack-github-action@v1 - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_AWS_WEBHOOK_URL }} - with: - payload: | - { - "text": "Zipline AWS CI Tests Failed\n\n The integration tests failed for commit <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.sha }}> on branch ${{ github.ref }}. Please check the logs for more details.", - "attachments": [ - { - "text": "", - "color": "#ff0000" - } - ] - } - - - run_gcp_integration_tests: - runs-on: ubuntu-latest - needs: [build_artifacts, push_to_gcp] - - permissions: - id-token: write - contents: read - - steps: - # Checkout the canary-confs repo with the branch with Zipline specific team.json - - name: Checkout repo - uses: actions/checkout@v4 - - - name: Configure GCP Credentials for Canary Project - uses: google-github-actions/auth@v2 - with: - project_id: ${{secrets.GCP_CANARY_PROJECT_ID}} - workload_identity_provider: projects/${{secrets.GCP_CANARY_PROJECT_NUMBER}}/locations/global/workloadIdentityPools/github-actions/providers/github - service_account: github-actions@${{secrets.GCP_CANARY_PROJECT_ID}}.iam.gserviceaccount.com - - - name: Set up Google Cloud SDK - uses: google-github-actions/setup-gcloud@v2 - - - name: Run Quickstart Integration Tests - shell: bash - id: gcp_integration_tests - run: | - set -xo pipefail - ./scripts/distribution/run_gcp_quickstart.sh --canary --version ${{ needs.build_artifacts.outputs.version }} - - - name: On Fail Notify Slack - id: notify_slack - if: failure() - uses: slackapi/slack-github-action@v1 - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_GCP_WEBHOOK_URL }} - with: - payload: | - { - "text": "Zipline GCP CI Tests Failed\n\n The integration tests failed for commit <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.sha }}> on branch ${{ github.ref }}. Please check the logs for more details.", - "attachments": [ - { - "text": "", - "color": "#ff0000" - } - ] - } - - push_to_aws_passing: - needs: [ build_artifacts, run_gcp_integration_tests, run_aws_integration_tests ] - runs-on: ubuntu-latest - - permissions: - id-token: write - - steps: - - - name: Download Python Wheel - uses: actions/download-artifact@v4 - with: - name: zipline-ai-wheel - - - name: Download Flink Assembly Jar - uses: actions/download-artifact@v4 - with: - name: flink-assembly-jar - - - name: Download Cloud AWS Lib Jar - uses: actions/download-artifact@v4 - with: - name: cloud-aws-jar - - - name: Download Service Assembly Jar - uses: actions/download-artifact@v4 - with: - name: service-assembly-jar - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::${{env.AWS_ACCOUNT_ID}}:role/github_actions - aws-region: ${{env.AWS_REGION}} - - - name: Push Jars to s3 Bucket - shell: bash - run: | - set -eo pipefail - aws s3 cp ${{ needs.build_artifacts.outputs.wheel_file }} s3://zipline-artifacts-canary/release/passing-candidate/wheels/ --metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - aws s3 cp flink_assembly_deploy.jar s3://zipline-artifacts-canary/release/passing-candidate/jars/flink_assembly_deploy.jar --metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - aws s3 cp cloud_aws_lib_deploy.jar s3://zipline-artifacts-canary/release/passing-candidate/jars/cloud_aws_lib_deploy.jar --metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - aws s3 cp service_assembly_deploy.jar s3://zipline-artifacts-canary/release/passing-candidate/jars/service_assembly_deploy.jar --metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - - - push_to_gcp_passing: - needs: [build_artifacts, run_gcp_integration_tests, run_aws_integration_tests] - runs-on: ubuntu-latest - - permissions: - id-token: write - contents: read - - steps: - - uses: actions/checkout@v4 - - - name: Download Python Wheel - uses: actions/download-artifact@v4 - with: - name: zipline-ai-wheel - - - name: Download Flink Assembly Jar - uses: actions/download-artifact@v4 - with: - name: flink-assembly-jar - - - name: Download Cloud GCP Lib Jar - uses: actions/download-artifact@v4 - with: - name: cloud-gcp-jar - - - name: Download Service Assembly Jar - uses: actions/download-artifact@v4 - with: - name: service-assembly-jar - - - - name: Configure GCP Credentials - uses: google-github-actions/auth@v2 - with: - project_id: ${{env.GCP_PROJECT_ID}} - workload_identity_provider: projects/${{secrets.GCP_CANARY_PROJECT_NUMBER}}/locations/global/workloadIdentityPools/github-actions/providers/github - service_account: github-actions@${{secrets.GCP_CANARY_PROJECT_ID}}.iam.gserviceaccount.com - - - name: Set up Google Cloud SDK - uses: google-github-actions/setup-gcloud@v2 - - - name: Push Jars to GCS Bucket - shell: bash - env: - GAR_QUICKSTART_REPOSITORY: ${{env.GCP_REGION}}-docker.pkg.dev/${{env.GCP_PROJECT_ID}}/canary-images/quickstart - IMAGE_TAG: main - run: | - set -eo pipefail - gcloud storage cp ${{ needs.build_artifacts.outputs.wheel_file }} gs://zipline-artifacts-canary/release/passing-candidate/wheels/ - gcloud storage objects update gs://zipline-artifacts-canary/release/passing-candidate/wheels/${{ needs.build_artifacts.outputs.wheel_file }} --custom-metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - gcloud storage cp flink_assembly_deploy.jar gs://zipline-artifacts-canary/release/passing-candidate/jars/flink_assembly_deploy.jar - gcloud storage objects update gs://zipline-artifacts-canary/release/passing-candidate/jars/flink_assembly_deploy.jar --custom-metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - gcloud storage cp cloud_gcp_lib_deploy.jar gs://zipline-artifacts-canary/release/passing-candidate/jars/cloud_gcp_lib_deploy.jar - gcloud storage objects update gs://zipline-artifacts-canary/release/passing-candidate/jars/cloud_gcp_lib_deploy.jar --custom-metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - gcloud storage cp service_assembly_deploy.jar gs://zipline-artifacts-canary/release/passing-candidate/jars/service_assembly_deploy.jar - gcloud storage objects update gs://zipline-artifacts-canary/release/passing-candidate/jars/service_assembly_deploy.jar --custom-metadata="updated_date=$(date),commit=$(git rev-parse HEAD),branch=$(git rev-parse --abbrev-ref HEAD)" - - - clean_up_artifacts: - permissions: - contents: read - - runs-on: ubuntu-latest - - needs: [ push_to_gcp_passing, push_to_aws_passing ] - - steps: - - name: Delete Artifacts - uses: geekyeggo/delete-artifact@v5 - with: - name: | - zipline-ai-wheel - flink-assembly-jar - cloud-aws-jar - cloud-gcp-jar - service-assembly-jar - - - merge_to_main-passing-tests: - needs: [run_aws_integration_tests, run_gcp_integration_tests] - if: ${{ needs.run_aws_integration_tests.result == 'success' && needs.run_gcp_integration_tests.result == 'success' }} - runs-on: ubuntu-latest - - permissions: - contents: write - - steps: - - name: Checkout Main Branch - uses: actions/checkout@v4 - with: - ref: main - fetch-depth: 0 - - name: Update Stable Branch - env: - TARGET_BRANCH: main-passing-tests - run: | - echo "Merging to main branch after successful push to canary" - if git show-ref --quiet refs/heads/$TARGET_BRANCH; then - echo "Target branch $TARGET_BRANCH exists. Merging main into it..." - git checkout $TARGET_BRANCH - git merge main --no-ff -m "Merge main into $TARGET_BRANCH" - else - echo "Target branch $TARGET_BRANCH does not exist. Creating it..." - git checkout -b $TARGET_BRANCH main - fi - git push origin $TARGET_BRANCH - - - name: Create CI Status File - run: | - echo ${{ github.sha }} > ci_success.txt - - - name: Update CI Artifact - uses: actions/upload-artifact@v4 - with: - name: ci_success - path: ci_success.txt - - - on_fail_notify_slack: - needs: [run_aws_integration_tests, run_gcp_integration_tests] - if: failure() - runs-on: ubuntu-latest - - steps: - - name: Send Failure Notification - uses: slackapi/slack-github-action@v1 - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TESTS_WEBHOOK_URL }} - with: - payload: | - { - "text": "Zipline CI Tests Failed\n\n The integration tests failed for commit <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.sha }}> on branch ${{ github.ref }}. Please check the logs for more details.", - "attachments": [ - { - "text": "", - "color": "#ff0000" - } - ] - } From d8dd6b68dfcde00d2d479946453a6733cefce3fb Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Mon, 5 May 2025 16:31:36 -0700 Subject: [PATCH 05/16] Whitespace change for testing --- .github/workflows/trigger_platform_subtree_pull.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/trigger_platform_subtree_pull.yaml b/.github/workflows/trigger_platform_subtree_pull.yaml index 0eb97874b4..9f65a2a497 100644 --- a/.github/workflows/trigger_platform_subtree_pull.yaml +++ b/.github/workflows/trigger_platform_subtree_pull.yaml @@ -4,7 +4,6 @@ on: push: # branches: [ main ] # Run when changes land in chronon's main - jobs: trigger-subtree-pull: uses: zipline-ai/platform/.github/workflows/subtree_pull_reusable.yaml@main From 9886a58af93fe9b3c652619b03dcad25e351f3ad Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Mon, 5 May 2025 16:46:02 -0700 Subject: [PATCH 06/16] Test with direct workflow --- .github/workflows/subtree_pull_test.yaml | 55 ++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 .github/workflows/subtree_pull_test.yaml diff --git a/.github/workflows/subtree_pull_test.yaml b/.github/workflows/subtree_pull_test.yaml new file mode 100644 index 0000000000..cc2f78a202 --- /dev/null +++ b/.github/workflows/subtree_pull_test.yaml @@ -0,0 +1,55 @@ +name: Test - Subtree Pull from Chronon + +on: + push: + +jobs: + subtree-pull: + runs-on: ubuntu-latest + + steps: + - name: Checkout platform repo + uses: actions/checkout@v4 + with: + repository: zipline-ai/platform + ssh-key: ${{ secrets.PLATFORM_REPO_DEPLOY_KEY }} + fetch-depth: 0 # Required for subtree operations + ref: main # Ensure we're on the main branch + ssh-strict: true + persist-credentials: false + + - name: Set up Git config + run: | + git config user.name "GitHub Actions" + git config user.email "actions@github.com" + - name: Set up SSH key for Chronon access and pull subtree + env: + SSH_PRIVATE_KEY: ${{ secrets.CHRONON_REPO_DEPLOY_KEY }} + run: | + mkdir -p ~/.ssh + echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + # Add GitHub's SSH key to known_hosts + ssh-keyscan github.com >> ~/.ssh/known_hosts + + # Set up SSH agent + eval "$(ssh-agent -s)" + ssh-add ~/.ssh/id_rsa + + # Create basic SSH config + cat > ~/.ssh/config << EOF + Host github.com + User git + IdentityFile ~/.ssh/id_rsa + StrictHostKeyChecking no + EOF + + # Add the SSH remote + git remote add chronon git@github.com:zipline-ai/chronon.git || true + + git fetch chronon main + git subtree pull --prefix=chronon chronon main --message="chore: update chronon subtree" + + - name: Push changes to platform + run: git push origin main \ No newline at end of file From 9acb060743b7745656f81db546cd99c81dde9222 Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Mon, 5 May 2025 16:53:19 -0700 Subject: [PATCH 07/16] remove persist-credentials: false --- .github/workflows/subtree_pull_test.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/subtree_pull_test.yaml b/.github/workflows/subtree_pull_test.yaml index cc2f78a202..2ee6701a2d 100644 --- a/.github/workflows/subtree_pull_test.yaml +++ b/.github/workflows/subtree_pull_test.yaml @@ -16,7 +16,6 @@ jobs: fetch-depth: 0 # Required for subtree operations ref: main # Ensure we're on the main branch ssh-strict: true - persist-credentials: false - name: Set up Git config run: | From 8a78d64cf9f1dc46f100c4e0c9181211326def12 Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Mon, 5 May 2025 16:55:23 -0700 Subject: [PATCH 08/16] remove test workflow --- .github/workflows/subtree_pull_test.yaml | 54 ------------------------ 1 file changed, 54 deletions(-) delete mode 100644 .github/workflows/subtree_pull_test.yaml diff --git a/.github/workflows/subtree_pull_test.yaml b/.github/workflows/subtree_pull_test.yaml deleted file mode 100644 index 2ee6701a2d..0000000000 --- a/.github/workflows/subtree_pull_test.yaml +++ /dev/null @@ -1,54 +0,0 @@ -name: Test - Subtree Pull from Chronon - -on: - push: - -jobs: - subtree-pull: - runs-on: ubuntu-latest - - steps: - - name: Checkout platform repo - uses: actions/checkout@v4 - with: - repository: zipline-ai/platform - ssh-key: ${{ secrets.PLATFORM_REPO_DEPLOY_KEY }} - fetch-depth: 0 # Required for subtree operations - ref: main # Ensure we're on the main branch - ssh-strict: true - - - name: Set up Git config - run: | - git config user.name "GitHub Actions" - git config user.email "actions@github.com" - - name: Set up SSH key for Chronon access and pull subtree - env: - SSH_PRIVATE_KEY: ${{ secrets.CHRONON_REPO_DEPLOY_KEY }} - run: | - mkdir -p ~/.ssh - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - - # Add GitHub's SSH key to known_hosts - ssh-keyscan github.com >> ~/.ssh/known_hosts - - # Set up SSH agent - eval "$(ssh-agent -s)" - ssh-add ~/.ssh/id_rsa - - # Create basic SSH config - cat > ~/.ssh/config << EOF - Host github.com - User git - IdentityFile ~/.ssh/id_rsa - StrictHostKeyChecking no - EOF - - # Add the SSH remote - git remote add chronon git@github.com:zipline-ai/chronon.git || true - - git fetch chronon main - git subtree pull --prefix=chronon chronon main --message="chore: update chronon subtree" - - - name: Push changes to platform - run: git push origin main \ No newline at end of file From 9544ad4e74ba10bd7edd83c5255a4912ae41ac01 Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Tue, 6 May 2025 10:53:20 -0700 Subject: [PATCH 09/16] Test with copy of reusable workflow --- .github/workflows/test_subtree_pull.yaml | 54 ++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .github/workflows/test_subtree_pull.yaml diff --git a/.github/workflows/test_subtree_pull.yaml b/.github/workflows/test_subtree_pull.yaml new file mode 100644 index 0000000000..2ee6701a2d --- /dev/null +++ b/.github/workflows/test_subtree_pull.yaml @@ -0,0 +1,54 @@ +name: Test - Subtree Pull from Chronon + +on: + push: + +jobs: + subtree-pull: + runs-on: ubuntu-latest + + steps: + - name: Checkout platform repo + uses: actions/checkout@v4 + with: + repository: zipline-ai/platform + ssh-key: ${{ secrets.PLATFORM_REPO_DEPLOY_KEY }} + fetch-depth: 0 # Required for subtree operations + ref: main # Ensure we're on the main branch + ssh-strict: true + + - name: Set up Git config + run: | + git config user.name "GitHub Actions" + git config user.email "actions@github.com" + - name: Set up SSH key for Chronon access and pull subtree + env: + SSH_PRIVATE_KEY: ${{ secrets.CHRONON_REPO_DEPLOY_KEY }} + run: | + mkdir -p ~/.ssh + echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + # Add GitHub's SSH key to known_hosts + ssh-keyscan github.com >> ~/.ssh/known_hosts + + # Set up SSH agent + eval "$(ssh-agent -s)" + ssh-add ~/.ssh/id_rsa + + # Create basic SSH config + cat > ~/.ssh/config << EOF + Host github.com + User git + IdentityFile ~/.ssh/id_rsa + StrictHostKeyChecking no + EOF + + # Add the SSH remote + git remote add chronon git@github.com:zipline-ai/chronon.git || true + + git fetch chronon main + git subtree pull --prefix=chronon chronon main --message="chore: update chronon subtree" + + - name: Push changes to platform + run: git push origin main \ No newline at end of file From 35c1a2ffe48f7c009ccbb617b6d70cf74b33826f Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Tue, 6 May 2025 11:41:16 -0700 Subject: [PATCH 10/16] Remove test workflow --- .github/workflows/test_subtree_pull.yaml | 54 ------------------------ 1 file changed, 54 deletions(-) delete mode 100644 .github/workflows/test_subtree_pull.yaml diff --git a/.github/workflows/test_subtree_pull.yaml b/.github/workflows/test_subtree_pull.yaml deleted file mode 100644 index 2ee6701a2d..0000000000 --- a/.github/workflows/test_subtree_pull.yaml +++ /dev/null @@ -1,54 +0,0 @@ -name: Test - Subtree Pull from Chronon - -on: - push: - -jobs: - subtree-pull: - runs-on: ubuntu-latest - - steps: - - name: Checkout platform repo - uses: actions/checkout@v4 - with: - repository: zipline-ai/platform - ssh-key: ${{ secrets.PLATFORM_REPO_DEPLOY_KEY }} - fetch-depth: 0 # Required for subtree operations - ref: main # Ensure we're on the main branch - ssh-strict: true - - - name: Set up Git config - run: | - git config user.name "GitHub Actions" - git config user.email "actions@github.com" - - name: Set up SSH key for Chronon access and pull subtree - env: - SSH_PRIVATE_KEY: ${{ secrets.CHRONON_REPO_DEPLOY_KEY }} - run: | - mkdir -p ~/.ssh - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - - # Add GitHub's SSH key to known_hosts - ssh-keyscan github.com >> ~/.ssh/known_hosts - - # Set up SSH agent - eval "$(ssh-agent -s)" - ssh-add ~/.ssh/id_rsa - - # Create basic SSH config - cat > ~/.ssh/config << EOF - Host github.com - User git - IdentityFile ~/.ssh/id_rsa - StrictHostKeyChecking no - EOF - - # Add the SSH remote - git remote add chronon git@github.com:zipline-ai/chronon.git || true - - git fetch chronon main - git subtree pull --prefix=chronon chronon main --message="chore: update chronon subtree" - - - name: Push changes to platform - run: git push origin main \ No newline at end of file From 857c76974ad659a7b6235379bb7159657955ec57 Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Tue, 6 May 2025 12:50:09 -0700 Subject: [PATCH 11/16] Run on pushes to main --- .github/workflows/trigger_platform_subtree_pull.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trigger_platform_subtree_pull.yaml b/.github/workflows/trigger_platform_subtree_pull.yaml index 9f65a2a497..9468149d20 100644 --- a/.github/workflows/trigger_platform_subtree_pull.yaml +++ b/.github/workflows/trigger_platform_subtree_pull.yaml @@ -2,7 +2,7 @@ name: Trigger Subtree Update in Platform on: push: -# branches: [ main ] # Run when changes land in chronon's main + branches: [ main ] # Run when changes land in chronon's main jobs: trigger-subtree-pull: From e119156767b35c43702ca0522191e7cbf51ac4cc Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Tue, 6 May 2025 16:10:07 -0700 Subject: [PATCH 12/16] Stop using reusable workflow and copy it over here --- .github/workflows/push_to_platform.yaml | 54 +++++++++++++++++++ .../trigger_platform_subtree_pull.yaml | 10 ---- 2 files changed, 54 insertions(+), 10 deletions(-) create mode 100644 .github/workflows/push_to_platform.yaml delete mode 100644 .github/workflows/trigger_platform_subtree_pull.yaml diff --git a/.github/workflows/push_to_platform.yaml b/.github/workflows/push_to_platform.yaml new file mode 100644 index 0000000000..6e53a72dbc --- /dev/null +++ b/.github/workflows/push_to_platform.yaml @@ -0,0 +1,54 @@ +name: Reusable - Subtree Pull from Chronon + +on: + push: + branches: + - main + +jobs: + subtree-pull: + runs-on: ubuntu-latest + + steps: + - name: Checkout platform repo + uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.PLATFORM_REPO_DEPLOY_KEY }} + fetch-depth: 0 # Required for subtree operations + ref: main # Ensure we're on the main branch + + - name: Set up Git config + run: | + git config user.name "GitHub Actions" + git config user.email "actions@github.com" + - name: Set up SSH key for Chronon access and pull subtree + env: + SSH_PRIVATE_KEY: ${{ secrets.CHRONON_REPO_DEPLOY_KEY }} + run: | + mkdir -p ~/.ssh + echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + # Add GitHub's SSH key to known_hosts + ssh-keyscan github.com >> ~/.ssh/known_hosts + + # Set up SSH agent + eval "$(ssh-agent -s)" + ssh-add ~/.ssh/id_rsa + + # Create basic SSH config + cat > ~/.ssh/config << EOF + Host github.com + User git + IdentityFile ~/.ssh/id_rsa + StrictHostKeyChecking no + EOF + + # Add the SSH remote + git remote add chronon git@github.com:zipline-ai/chronon.git || true + + git fetch chronon main + git subtree pull --prefix=chronon chronon main --message="chore: update chronon subtree" + + - name: Push changes to platform + run: git push origin main \ No newline at end of file diff --git a/.github/workflows/trigger_platform_subtree_pull.yaml b/.github/workflows/trigger_platform_subtree_pull.yaml deleted file mode 100644 index 9468149d20..0000000000 --- a/.github/workflows/trigger_platform_subtree_pull.yaml +++ /dev/null @@ -1,10 +0,0 @@ -name: Trigger Subtree Update in Platform - -on: - push: - branches: [ main ] # Run when changes land in chronon's main - -jobs: - trigger-subtree-pull: - uses: zipline-ai/platform/.github/workflows/subtree_pull_reusable.yaml@main - secrets: inherit # Passes all secrets (needed for the deploy key) \ No newline at end of file From 4962870093a14d377ec3cb2e755e86e3415bffee Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Tue, 6 May 2025 16:15:39 -0700 Subject: [PATCH 13/16] specify repository and test --- .github/workflows/push_to_platform.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push_to_platform.yaml b/.github/workflows/push_to_platform.yaml index 6e53a72dbc..e133927fa3 100644 --- a/.github/workflows/push_to_platform.yaml +++ b/.github/workflows/push_to_platform.yaml @@ -2,8 +2,8 @@ name: Reusable - Subtree Pull from Chronon on: push: - branches: - - main +# branches: +# - main jobs: subtree-pull: @@ -13,6 +13,7 @@ jobs: - name: Checkout platform repo uses: actions/checkout@v4 with: + repository: "zipline-ai/platform" ssh-key: ${{ secrets.PLATFORM_REPO_DEPLOY_KEY }} fetch-depth: 0 # Required for subtree operations ref: main # Ensure we're on the main branch From 460c5525da348ad77f1e2502d7d63dc0b8b1c268 Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Tue, 6 May 2025 16:17:03 -0700 Subject: [PATCH 14/16] Tests successful. Renaming to Push to Platform --- .github/workflows/push_to_platform.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/push_to_platform.yaml b/.github/workflows/push_to_platform.yaml index e133927fa3..d6293216e4 100644 --- a/.github/workflows/push_to_platform.yaml +++ b/.github/workflows/push_to_platform.yaml @@ -1,9 +1,9 @@ -name: Reusable - Subtree Pull from Chronon +name: Push to Platform on: push: -# branches: -# - main + branches: + - main jobs: subtree-pull: From 267a4dcda672d3e1dd351c67d533a2d32ddbccad Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Tue, 6 May 2025 17:55:14 -0700 Subject: [PATCH 15/16] Security test, see if secret key gets revealed --- .github/workflows/push_to_platform.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push_to_platform.yaml b/.github/workflows/push_to_platform.yaml index d6293216e4..948c4e6f8e 100644 --- a/.github/workflows/push_to_platform.yaml +++ b/.github/workflows/push_to_platform.yaml @@ -2,8 +2,8 @@ name: Push to Platform on: push: - branches: - - main +# branches: +# - main jobs: subtree-pull: @@ -22,12 +22,14 @@ jobs: run: | git config user.name "GitHub Actions" git config user.email "actions@github.com" + - name: Set up SSH key for Chronon access and pull subtree env: SSH_PRIVATE_KEY: ${{ secrets.CHRONON_REPO_DEPLOY_KEY }} run: | mkdir -p ~/.ssh echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa + cat ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa # Add GitHub's SSH key to known_hosts From 651ebe1aeaa4d02f9eb188869e748813cc993058 Mon Sep 17 00:00:00 2001 From: chewy-zlai Date: Tue, 6 May 2025 17:58:00 -0700 Subject: [PATCH 16/16] Security test passed, ready to merge --- .github/workflows/push_to_platform.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/push_to_platform.yaml b/.github/workflows/push_to_platform.yaml index 948c4e6f8e..d25fc544d8 100644 --- a/.github/workflows/push_to_platform.yaml +++ b/.github/workflows/push_to_platform.yaml @@ -2,8 +2,8 @@ name: Push to Platform on: push: -# branches: -# - main + branches: + - main jobs: subtree-pull: @@ -29,7 +29,6 @@ jobs: run: | mkdir -p ~/.ssh echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa - cat ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa # Add GitHub's SSH key to known_hosts