diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index ffeff9f8..2b9fb870 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -150,51 +150,11 @@ jobs: - name: Install dependencies run: poetry install --with dev - - name: Prepare test configurations - id: int-tests-configs - env: - AICORE_SECRET: ${{ secrets.AICORE_SECRET }} - HANA_DB_SECRET: ${{ secrets.HANA_DB }} - run: | - echo "${AICORE_SECRET}" | base64 -d > aicore-secret.yaml - echo "AICORE_CLIENT_ID=$(yq eval '.stringData.clientid' aicore-secret.yaml)" >> $GITHUB_OUTPUT - echo "AICORE_CLIENT_SECRET=$(yq eval '.stringData.clientsecret' aicore-secret.yaml)" >> $GITHUB_OUTPUT - echo "AICORE_AUTH_URL=$(yq eval '.stringData.auth_url' aicore-secret.yaml)" >> $GITHUB_OUTPUT - echo "AICORE_BASE_URL=$(yq eval '.stringData.base_url' aicore-secret.yaml)" >> $GITHUB_OUTPUT - echo "AICORE_RESOURCE_GROUP=$(yq eval '.stringData.resource_group' aicore-secret.yaml)" >> $GITHUB_OUTPUT - - # Extract HANA DB credentials - updated key names - echo "${HANA_DB_SECRET}" > hana-db-secret.yaml - echo "DATABASE_URL=$(yq eval '.DATABASE_URL' hana-db-secret.yaml)" >> $GITHUB_OUTPUT - echo "DATABASE_USER=$(yq eval '.DATABASE_USER' hana-db-secret.yaml)" >> $GITHUB_OUTPUT - echo "DATABASE_PASSWORD=$(yq eval '.DATABASE_PASSWORD' hana-db-secret.yaml)" >> $GITHUB_OUTPUT - echo "DATABASE_PORT=$(yq eval '.DATABASE_PORT' hana-db-secret.yaml)" >> $GITHUB_OUTPUT - echo "DOCS_TABLE_NAME=$(yq eval '.DOCS_TABLE_NAME' hana-db-secret.yaml)" >> $GITHUB_OUTPUT - - # cleanup - rm -f aicore-secret.yaml hana-db-secret.yaml - - name: Run integration tests env: LOG_LEVEL: "DEBUG" - # AI Core configurations. - AICORE_CLIENT_ID: ${{ steps.int-tests-configs.outputs.AICORE_CLIENT_ID }} - AICORE_CLIENT_SECRET: ${{ steps.int-tests-configs.outputs.AICORE_CLIENT_SECRET }} - AICORE_AUTH_URL: ${{ steps.int-tests-configs.outputs.AICORE_AUTH_URL }} - AICORE_BASE_URL: ${{ steps.int-tests-configs.outputs.AICORE_BASE_URL }} - AICORE_RESOURCE_GROUP: ${{ steps.int-tests-configs.outputs.AICORE_RESOURCE_GROUP }} - # Gardener test cluster configurations. - TEST_CLUSTER_URL: ${{ secrets.GARDENER_TEST_CLUSTER_URL }} - TEST_CLUSTER_CA_DATA: ${{ secrets.GARDENER_TEST_CLUSTER_CA_DATA }} - TEST_CLUSTER_AUTH_TOKEN: ${{ secrets.GARDENER_TEST_CLUSTER_AUTH_TOKEN }} - # HANA DB configurations - DATABASE_URL: ${{ steps.int-tests-configs.outputs.DATABASE_URL }} - DATABASE_USER: ${{ steps.int-tests-configs.outputs.DATABASE_USER }} - DATABASE_PASSWORD: ${{ steps.int-tests-configs.outputs.DATABASE_PASSWORD }} - DATABASE_PORT: ${{ steps.int-tests-configs.outputs.DATABASE_PORT }} - DOCS_TABLE_NAME: ${{ steps.int-tests-configs.outputs.DOCS_TABLE_NAME }} run: | - echo "${{ secrets.CONFIG_TEST }}" | base64 --decode | jq > $GITHUB_WORKSPACE/config/config.json + echo "${{ secrets.INTERATION_TEST_CONFIG }}" | base64 --decode | jq > $GITHUB_WORKSPACE/config/config.json poetry run poe test-integration bump-sec-scanners-release-branch: diff --git a/.github/workflows/pull-evaluation-tests.yaml b/.github/workflows/pull-evaluation-tests.yaml index 4cfd07ab..bab948a0 100644 --- a/.github/workflows/pull-evaluation-tests.yaml +++ b/.github/workflows/pull-evaluation-tests.yaml @@ -1,13 +1,6 @@ name: "Evaluation tests" run-name: "Evaluation tests" -# Required repository secrets: -# - AICORE_SECRET -# - COMPANION_CONFIGMAP -# - GARDENER_TEST_CLUSTER_URL -# - GARDENER_TEST_CLUSTER_AUTH_TOKEN -# - GARDENER_TEST_CLUSTER_CA_DATA - on: pull_request_target: types: [labeled, opened, synchronize, reopened, ready_for_review] @@ -123,34 +116,26 @@ jobs: echo "Installing Redis using Helm..." helm install --wait redis-stack redis-stack/redis-stack --set auth.enabled=false -n redis - - name: Companion Deploy - Create namespace - run: | - kubectl apply -f scripts/k8s/companion-namespace.yaml - - name: Companion Deploy - Create secret + env: + COMPANION_CONFIG_BASE64: ${{ secrets.EVALUATION_TESTS_CONFIG }} run: | - echo "${{ secrets.AICORE_SECRET }}" | base64 -d > scripts/k8s/aicore-secret.yaml - kubectl apply -f scripts/k8s/aicore-secret.yaml - rm -f scripts/k8s/aicore-secret.yaml + kubectl create namespace ai-system + ./scripts/k8s/create-secret.sh - - name: Companion Deploy - Create ConfigMap + - name: Companion Deploy - Apply companion manifests run: | - echo "${{ secrets.COMPANION_CONFIGMAP_JSON }}" | base64 -d > scripts/k8s/companion-configmap.yaml - kubectl apply -f scripts/k8s/companion-configmap.yaml - rm -f scripts/k8s/companion-configmap.yaml + kubectl apply -f scripts/k8s/companion-k3d-manifest.yaml - name: Companion Deploy - Update image name in Deployment run: | - sed -i "s|example.com/ai-backend:stable|${{env.IMAGE_NAME}}|g" scripts/k8s/companion-deployment.yaml - - - name: Companion Deploy - Create Deployment and NodePort Service - run: | - kubectl apply -f scripts/k8s/companion-deployment.yaml + echo "Updating companion image to ${IMAGE_NAME}..." + kubectl -n ai-system set image deployment/companion companion=${IMAGE_NAME} - name: Companion Deploy - Wait for deployment run: | - echo "Waiting for backend pods (labels: app=ai-backend) to be ready..." - kubectl wait --for=condition=Ready pod -l 'app=ai-backend' -n ai-core --timeout=300s + echo "Waiting for companion deployment to be ready..." + kubectl wait --for=condition=Available deployment companion -n ai-system --timeout=300s sleep 30 - name: Companion Deploy - Test reachability through NodePort @@ -160,9 +145,9 @@ jobs: - name: Companion Deploy - Debug information if: failure() run: | - kubectl get deploy -n ai-core - kubectl get pod -n ai-core - kubectl logs -n ai-core -l app=ai-backend + kubectl get deploy -n ai-system + kubectl get pod -n ai-system + kubectl logs -n ai-system -l app.kubernetes.io/name=companion - name: Evaluation Tests Setup - Extract project Python version working-directory: tests/blackbox @@ -185,47 +170,21 @@ jobs: working-directory: tests/blackbox run: poetry install - - name: Evaluation Tests Setup - Prepare test configurations - id: eval-tests-configs - env: - AICORE_SECRET: ${{ secrets.AICORE_SECRET }} - run: | - # AI Core configurations. - echo "${AICORE_SECRET}" | base64 -d > aicore-secret.yaml - echo "AICORE_CLIENT_ID=$(yq eval '.stringData.clientid' aicore-secret.yaml)" >> $GITHUB_OUTPUT - echo "AICORE_CLIENT_SECRET=$(yq eval '.stringData.clientsecret' aicore-secret.yaml)" >> $GITHUB_OUTPUT - echo "AICORE_AUTH_URL=$(yq eval '.stringData.auth_url' aicore-secret.yaml)" >> $GITHUB_OUTPUT - echo "AICORE_BASE_URL=$(yq eval '.stringData.base_url' aicore-secret.yaml)" >> $GITHUB_OUTPUT - echo "AICORE_RESOURCE_GROUP=$(yq eval '.stringData.resource_group' aicore-secret.yaml)" >> $GITHUB_OUTPUT - echo "AICORE_CONFIGURATION_ID_GPT4_MINI=$(yq eval '.stringData.configuration_id_gpt4_mini' aicore-secret.yaml)" >> $GITHUB_OUTPUT - echo "AICORE_DEPLOYMENT_ID_GPT4_MINI=$(yq eval '.stringData.deployment_id_gpt4_mini' aicore-secret.yaml)" >> $GITHUB_OUTPUT - # cleanup - rm -f aicore-secret.yaml - - name: Run Evaluation Tests working-directory: tests/blackbox env: LOG_LEVEL: "DEBUG" TEST_DATA_PATH: "./data" COMPANION_API_URL: "http://localhost:32000" - # Gardener test cluster configurations. - TEST_CLUSTER_URL: ${{ secrets.GARDENER_TEST_CLUSTER_URL }} - TEST_CLUSTER_CA_DATA: ${{ secrets.GARDENER_TEST_CLUSTER_CA_DATA }} - TEST_CLUSTER_AUTH_TOKEN: ${{ secrets.GARDENER_TEST_CLUSTER_AUTH_TOKEN }} - # AI Core configurations. - AICORE_CLIENT_ID: ${{ steps.eval-tests-configs.outputs.AICORE_CLIENT_ID }} - AICORE_CLIENT_SECRET: ${{ steps.eval-tests-configs.outputs.AICORE_CLIENT_SECRET }} - AICORE_AUTH_URL: ${{ steps.eval-tests-configs.outputs.AICORE_AUTH_URL }} - AICORE_BASE_URL: ${{ steps.eval-tests-configs.outputs.AICORE_BASE_URL }} - AICORE_RESOURCE_GROUP: ${{ steps.eval-tests-configs.outputs.AICORE_RESOURCE_GROUP }} - AICORE_CONFIGURATION_ID_GPT4_MINI: ${{ steps.eval-tests-configs.outputs.AICORE_CONFIGURATION_ID_GPT4_MINI }} - AICORE_DEPLOYMENT_ID_GPT4_MINI: ${{ steps.eval-tests-configs.outputs.AICORE_DEPLOYMENT_ID_GPT4_MINI }} run: | + export CONFIG_PATH=$GITHUB_WORKSPACE/config/config.json + echo "${{ secrets.EVALUATION_TESTS_CONFIG }}" | base64 --decode | jq > $CONFIG_PATH + echo "saved config to $CONFIG_PATH!" poetry run python src/run_evaluation.py - name: Evaluation Tests - Debug information if: failure() run: | - kubectl get deploy -n ai-core - kubectl get pod -n ai-core - kubectl logs -n ai-core -l app=ai-backend + kubectl get deploy -n ai-system + kubectl get pod -n ai-system + kubectl logs -n ai-system -l app.kubernetes.io/name=companion diff --git a/.github/workflows/pull-integration-test.yaml b/.github/workflows/pull-integration-test.yaml index bdc57793..ea2e7c0c 100644 --- a/.github/workflows/pull-integration-test.yaml +++ b/.github/workflows/pull-integration-test.yaml @@ -50,49 +50,9 @@ jobs: - name: Install dependencies run: poetry install --with dev - - name: Prepare test configurations - id: int-tests-configs - env: - AICORE_SECRET: ${{ secrets.AICORE_SECRET }} - HANA_DB_SECRET: ${{ secrets.HANA_DB }} - run: | - echo "${AICORE_SECRET}" | base64 -d > aicore-secret.yaml - echo "AICORE_CLIENT_ID=$(yq eval '.stringData.clientid' aicore-secret.yaml)" >> $GITHUB_OUTPUT - echo "AICORE_CLIENT_SECRET=$(yq eval '.stringData.clientsecret' aicore-secret.yaml)" >> $GITHUB_OUTPUT - echo "AICORE_AUTH_URL=$(yq eval '.stringData.auth_url' aicore-secret.yaml)" >> $GITHUB_OUTPUT - echo "AICORE_BASE_URL=$(yq eval '.stringData.base_url' aicore-secret.yaml)" >> $GITHUB_OUTPUT - echo "AICORE_RESOURCE_GROUP=$(yq eval '.stringData.resource_group' aicore-secret.yaml)" >> $GITHUB_OUTPUT - - # Extract HANA DB credentials - updated key names - echo "${HANA_DB_SECRET}" > hana-db-secret.yaml - echo "DATABASE_URL=$(yq eval '.DATABASE_URL' hana-db-secret.yaml)" >> $GITHUB_OUTPUT - echo "DATABASE_USER=$(yq eval '.DATABASE_USER' hana-db-secret.yaml)" >> $GITHUB_OUTPUT - echo "DATABASE_PASSWORD=$(yq eval '.DATABASE_PASSWORD' hana-db-secret.yaml)" >> $GITHUB_OUTPUT - echo "DATABASE_PORT=$(yq eval '.DATABASE_PORT' hana-db-secret.yaml)" >> $GITHUB_OUTPUT - echo "DOCS_TABLE_NAME=$(yq eval '.DOCS_TABLE_NAME' hana-db-secret.yaml)" >> $GITHUB_OUTPUT - - # cleanup - rm -f aicore-secret.yaml hana-db-secret.yaml - - name: Run integration tests env: LOG_LEVEL: "DEBUG" - # AI Core configurations. - AICORE_CLIENT_ID: ${{ steps.int-tests-configs.outputs.AICORE_CLIENT_ID }} - AICORE_CLIENT_SECRET: ${{ steps.int-tests-configs.outputs.AICORE_CLIENT_SECRET }} - AICORE_AUTH_URL: ${{ steps.int-tests-configs.outputs.AICORE_AUTH_URL }} - AICORE_BASE_URL: ${{ steps.int-tests-configs.outputs.AICORE_BASE_URL }} - AICORE_RESOURCE_GROUP: ${{ steps.int-tests-configs.outputs.AICORE_RESOURCE_GROUP }} - # Gardener test cluster configurations. - TEST_CLUSTER_URL: ${{ secrets.GARDENER_TEST_CLUSTER_URL }} - TEST_CLUSTER_CA_DATA: ${{ secrets.GARDENER_TEST_CLUSTER_CA_DATA }} - TEST_CLUSTER_AUTH_TOKEN: ${{ secrets.GARDENER_TEST_CLUSTER_AUTH_TOKEN }} - # HANA DB configurations - DATABASE_URL: ${{ steps.int-tests-configs.outputs.DATABASE_URL }} - DATABASE_USER: ${{ steps.int-tests-configs.outputs.DATABASE_USER }} - DATABASE_PASSWORD: ${{ steps.int-tests-configs.outputs.DATABASE_PASSWORD }} - DATABASE_PORT: ${{ steps.int-tests-configs.outputs.DATABASE_PORT }} - DOCS_TABLE_NAME: ${{ steps.int-tests-configs.outputs.DOCS_TABLE_NAME }} run: | - echo "${{ secrets.CONFIG_TEST }}" | base64 --decode | jq > $GITHUB_WORKSPACE/config/config.json + echo "${{ secrets.INTERATION_TEST_CONFIG }}" | base64 --decode | jq > $GITHUB_WORKSPACE/config/config.json poetry run poe test-integration \ No newline at end of file diff --git a/.github/workflows/validate-models.yml b/.github/workflows/validate-models.yml index 66076ea6..c058c8af 100644 --- a/.github/workflows/validate-models.yml +++ b/.github/workflows/validate-models.yml @@ -18,18 +18,6 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - - name: Initialize AI Core Credentials and Models to Validate - id: aicore-creds - run: | - echo "${{ secrets.AICORE_SECRET }}" | base64 -d > aicore-secret.yaml - echo "::set-output name=AICORE_CLIENT_ID::$(yq eval '.stringData.clientid' aicore-secret.yaml)" - echo "::set-output name=AICORE_CLIENT_SECRET::$(yq eval '.stringData.clientsecret' aicore-secret.yaml)" - echo "::set-output name=AICORE_AUTH_URL::$(yq eval '.stringData.auth_url' aicore-secret.yaml)" - echo "::set-output name=AICORE_BASE_URL::$(yq eval '.stringData.base_url' aicore-secret.yaml)" - echo "::set-output name=AICORE_RESOURCE_GROUP::$(yq eval '.stringData.resource_group' aicore-secret.yaml)" - # cleanup - rm -f aicore-secret.yaml - - name: Extract Python version id: python-version run: ./../../scripts/shell/extract-python-version.sh @@ -49,11 +37,7 @@ jobs: - name: Run Evaluator Validation run: | - echo "${{ secrets.MODELS_TO_VALIDATE }}" > config/validation/models.yml + export CONFIG_PATH=$GITHUB_WORKSPACE/config/config.json + echo "${{ secrets.EVALUATION_TESTS_CONFIG }}" | base64 --decode | jq > $CONFIG_PATH + echo "saved config to $CONFIG_PATH!" poetry run python src/run_validation.py - env: - AICORE_CLIENT_ID: ${{ steps.aicore-creds.outputs.AICORE_CLIENT_ID }} - AICORE_CLIENT_SECRET: ${{ steps.aicore-creds.outputs.AICORE_CLIENT_SECRET }} - AICORE_AUTH_URL: ${{ steps.aicore-creds.outputs.AICORE_AUTH_URL }} - AICORE_BASE_URL: ${{ steps.aicore-creds.outputs.AICORE_BASE_URL }} - AICORE_RESOURCE_GROUP: ${{ steps.aicore-creds.outputs.AICORE_RESOURCE_GROUP }} \ No newline at end of file diff --git a/scripts/k8s/companion-deployment.yaml b/scripts/k8s/companion-deployment.yaml deleted file mode 100644 index 0f75f7ae..00000000 --- a/scripts/k8s/companion-deployment.yaml +++ /dev/null @@ -1,130 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ai-backend - namespace: ai-core -spec: - replicas: 1 - selector: - matchLabels: - app: ai-backend - template: - metadata: - labels: - app: ai-backend - spec: - containers: - - name: ai-backend - image: example.com/ai-backend:stable - imagePullPolicy: Always - ports: - - containerPort: 8000 - livenessProbe: - httpGet: - path: /healthz - port: 8000 - initialDelaySeconds: 10 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /readyz - port: 8000 - initialDelaySeconds: 10 - periodSeconds: 10 - resources: - requests: - memory: "256Mi" # Minimum amount of memory guaranteed - cpu: "500m" # Equivalent to 0.5 of a CPU - limits: - memory: "3Gi" # Maximum amount of memory the container can use - cpu: "4" # Equivalent to 4 of a CPU - env: - - name: AICORE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: ai-core - key: clientsecret - - name: AICORE_CLIENT_ID - valueFrom: - secretKeyRef: - name: ai-core - key: clientid - - name: AICORE_AUTH_URL - valueFrom: - secretKeyRef: - name: ai-core - key: auth_url - - name: AICORE_SERVICE_URLS - valueFrom: - secretKeyRef: - name: ai-core - key: base_url - - name: AICORE_BASE_URL - valueFrom: - secretKeyRef: - name: ai-core - key: base_url - - name: AICORE_RESOURCE_GROUP - valueFrom: - secretKeyRef: - name: ai-core - key: resource_group - - name: DATABASE_URL - valueFrom: - secretKeyRef: - name: ai-core - key: hana_db_url - - name: DATABASE_USER - valueFrom: - secretKeyRef: - name: ai-core - key: hana_db_user - - name: DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: ai-core - key: hana_db_password - - name: DATABASE_PORT - valueFrom: - secretKeyRef: - name: ai-core - key: hana_db_port - - name: DOCS_TABLE_NAME - value: "kyma_docs" - - name: REDIS_HOST - value: "redis-stack.redis.svc.cluster.local" - - name: REDIS_PORT - value: "6379" - - name: CONFIG_PATH - value: "/mnt/config/models-config.json" - envFrom: - - configMapRef: - name: ai-backend-config - volumeMounts: - - name: models-config - mountPath: /mnt/config/models-config.json - subPath: models-config.json - volumes: - - name: models-config - configMap: - name: ai-backend-config - items: - - key: models-config.json - path: models-config.json - ---- -apiVersion: v1 -kind: Service -metadata: - name: ai-backend-service - namespace: ai-core -spec: - type: NodePort - selector: - app: ai-backend - ports: - - protocol: TCP - port: 8080 - targetPort: 8000 - nodePort: 32000 # You can specify a port in the range 30000-32767 diff --git a/scripts/k8s/companion-k3d-manifest.yaml b/scripts/k8s/companion-k3d-manifest.yaml new file mode 100644 index 00000000..bd615503 --- /dev/null +++ b/scripts/k8s/companion-k3d-manifest.yaml @@ -0,0 +1,86 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: ai-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: companion + namespace: ai-system +--- +apiVersion: v1 +kind: Service +metadata: + name: companion + namespace: ai-system + labels: + app.kubernetes.io/name: companion + app.kubernetes.io/instance: companion +spec: + type: NodePort + selector: + app.kubernetes.io/name: companion + app.kubernetes.io/instance: companion + ports: + - protocol: TCP + port: 8080 + targetPort: 8000 + nodePort: 32000 # You can specify a port in the range 30000-32767 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: companion + namespace: ai-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: companion + app.kubernetes.io/instance: companion + template: + metadata: + labels: + app.kubernetes.io/name: companion + app.kubernetes.io/instance: companion + spec: + serviceAccountName: companion + containers: + - name: companion + image: kyma-companion:latest + imagePullPolicy: Always + ports: + - containerPort: 8000 + livenessProbe: + httpGet: + path: /healthz + port: 8000 + initialDelaySeconds: 10 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /readyz + port: 8000 + initialDelaySeconds: 10 + periodSeconds: 10 + resources: + requests: + memory: "256Mi" # Minimum amount of memory guaranteed + cpu: "500m" # Equivalent to 0.5 of a CPU + limits: + memory: "3Gi" # Maximum amount of memory the container can use + cpu: "4" # Equivalent to 4 of a CPU + env: + - name: LOG_LEVEL + value: "INFO" + - name: CONFIG_PATH + value: "/etc/secret/companion-config.json" + volumeMounts: + - name: companion-config + mountPath: /etc/secret/companion-config.json + subPath: companion-config.json + volumes: + - name: companion-config + secret: + secretName: companion-config diff --git a/scripts/k8s/companion-namespace.yaml b/scripts/k8s/companion-namespace.yaml deleted file mode 100644 index aeffd0d8..00000000 --- a/scripts/k8s/companion-namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: ai-core ---- \ No newline at end of file diff --git a/scripts/k8s/create-secret.sh b/scripts/k8s/create-secret.sh new file mode 100755 index 00000000..750a036d --- /dev/null +++ b/scripts/k8s/create-secret.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# Check if the COMPANION_CONFIG_BASE64 env is set. +if [ -z "$COMPANION_CONFIG_BASE64" ]; then + echo "Error: COMPANION_CONFIG_BASE64 is not set." +fi + +echo "Creating secret companion-config in ai-system namespace." +# create a secret with the base64 encoded file. +cat <