h2oai · sulhicader · Apr 5, 2025 · Apr 5, 2025 · Apr 7, 2025 · Apr 7, 2025
@@ -1,20 +1,12 @@
 name: Release Wave
 
 on:
-  workflow_dispatch:
-    inputs:
-      version:
-        description: "Release Version"
-        required: true
-      skipDocsPublish:
-        description: "Skip publishing docs site"
-        required: false
-        default: "false"
+  push:
 
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  VERSION: "${{ github.event.inputs.version }}"
-  TAG: "v${{ github.event.inputs.version }}"
+  VERSION: "1.6.5-test"
+  TAG: "v1.6.5-test"
 
 permissions:
   id-token: write
@@ -33,162 +25,13 @@ jobs:
         with:
           token: ${{ secrets.GIT_TOKEN }}
 
-      - uses: actions/setup-go@v1
-        with:
-          go-version: "1.23.0"
-
-      - uses: actions/setup-node@v3
-        with:
-          node-version-file: ".nvmrc"
-
-      - name: Setup
-        run: make setup
-
       # - uses: r-lib/actions/setup-r@v2
       # - uses: r-lib/actions/setup-r-dependencies@v2
       #   with:
       #     working-directory: ./r
 
-      - name: Build Release
-        run: make release
-        env:
-          NODE_OPTIONS: "--max-old-space-size=8192"
-
-      - name: Unit Test
-        run: |
-          make test-ui-ci
-          make setup-py-tests
-          make test-py-ci
-
-      - name: Create GitHub Release
-        id: create_release
-        uses: actions/create-release@v1
-        with:
-          tag_name: ${{ env.TAG }}
-          release_name: ${{ env.TAG }}
-          draft: false
-
-      - name: Release
-        uses: softprops/action-gh-release@v1
-        with:
-          files: |
-            build/wave-${{ env.VERSION }}-darwin-amd64.tar.gz
-            build/wave-${{ env.VERSION }}-darwin-arm64.tar.gz
-            build/wave-${{ env.VERSION }}-linux-amd64.tar.gz
-            build/wave-${{ env.VERSION }}-windows-amd64.tar.gz
-            py/h2o_wave/dist/h2o_wave-${{ env.VERSION }}-py3-none-macosx_10_9_x86_64.whl
-            py/h2o_wave/dist/h2o_wave-${{ env.VERSION }}-py3-none-macosx_11_0_arm64.whl
-            py/h2o_wave/dist/h2o_wave-${{ env.VERSION }}-py3-none-macosx_12_0_arm64.whl
-            py/h2o_wave/dist/h2o_wave-${{ env.VERSION }}-py3-none-manylinux1_x86_64.whl
-            py/h2o_wave/dist/h2o_wave-${{ env.VERSION }}-py3-none-win_amd64.whl
-            py/h2o_wave/dist/h2o_wave-${{ env.VERSION }}-py3-none-any.whl
-            # r/build/h2owave_${{ env.VERSION }}_R.tar.gz
-          tag_name: ${{ env.TAG }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Publish to Conda
-        uses: marek-mihok/publish_conda_package_action@v1.0.1
-        with:
-          CondaDir: "py/h2o_wave/conda"
-          Platforms: "noarch"
-          CondaUsername: ${{ secrets.CONDA_USERNAME }}
-          CondaPassword: ${{ secrets.CONDA_PASSWORD }}
-        env:
-          # VERSION clashes with conda build. Use PKG_VERSION instead.
-          PKG_VERSION: ${{ env.VERSION }}
-
-      - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@master
-        with:
-          packages_dir: py/h2o_wave/dist
-          password: ${{ secrets.PYPI_API_TOKEN }}
-
-      - name: Configure HAIC AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v3
-        with:
-          role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
-          role-session-name: wave-s3
-          aws-region: ${{ secrets.AWS_WEST_REGION }}
-
       - name: Publish apps for Cloud
-        run: make build-apps publish-apps-s3-hac
-        env:
-          HAC_S3_BUCKET: ${{ secrets.HAC_S3_BUCKET }}
-
-      - name: Configure Wave AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v3
-        with:
-          role-to-assume: ${{ secrets.AWS_WAVE_IAM_ROLE  }}
-          role-session-name: wave
-          aws-region: ${{ secrets.AWS_EAST_REGION }}
-
-      - name: Publish to S3
-        run: make publish-release-s3
-        env:
-          AWS_DEFAULT_REGION: ${{ secrets.AWS_EAST_REGION }}
-
-      - name: Configure Shared Services AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v3
-        with:
-          role-to-assume: ${{ secrets.AWS_SHARED_SERVICES_IAM_ROLE  }}
-          role-session-name: wave-shared
-          aws-region: ${{ secrets.AWS_WEST_REGION }}
-
-      - name: Publish Docs
-        if: ${{ github.event.inputs.skipDocsPublish == 'false' }}
-        run: |
-          make publish-website
-
-      - name: Invalidate CDN cache
-        if: ${{ github.event.inputs.skipDocsPublish == 'false' }}
-        run: |
-          aws cloudfront create-invalidation --distribution-id $AWS_CLOUDFRONT_DISTRIBUTION_ID --paths "/*"
-        env:
-          AWS_CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.AWS_CLOUDFRONT_DISTRIBUTION_ID }}
-
-      - name: Configure MC AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v3
-        with:
-          role-to-assume: ${{ secrets.MC_IAM_ROLE }}
-          role-session-name: wave-apps
-          aws-region: ${{ secrets.MC_AWS_REGION }}
-
-      - name: Publish apps for Managed Cloud
-        run: make publish-apps-s3-mc
-        env:
-          MC_S3_BUCKET: ${{ secrets.MC_S3_BUCKET }}
-          AWS_REGION: ${{ secrets.MC_AWS_REGION }}
-
-      - name: Build university
-        run: make publish-university
-
-      - name: Publish to PyPI - wave_university
-        uses: pypa/gh-action-pypi-publish@master
-        with:
-          packages_dir: university/dist
-          password: ${{ secrets.PYPI_UNIVERSITY_TOKEN }}
-
-      - name: Publish to PyPI - lightwave
-        uses: pypa/gh-action-pypi-publish@master
-        with:
-          packages_dir: py/h2o_lightwave/dist
-          password: ${{ secrets.PYPI_LIGTHWAVE_TOKEN }}
-
-      - name: Publish to PyPI - lightwave_web
-        uses: pypa/gh-action-pypi-publish@master
-        with:
-          packages_dir: py/h2o_lightwave_web/dist
-          password: ${{ secrets.PYPI_LIGTHWAVE_WEB_TOKEN }}
-
-      # Call some time after cloudfront cache bust - crawler needs to hit fresh cache.
-      - name: Reindex Algolia search
-        run: |
-          curl -X POST -H "Content-Type: application/json" --user $ALGOLIA_CRAWLER_USER_ID:$ALGOLIA_CRAWLER_API_KEY  https://crawler.algolia.com/api/1/crawlers/$ALGOLIA_CRAWLER_ID/reindex
-        env:
-          ALGOLIA_CRAWLER_API_KEY: ${{ secrets.ALGOLIA_CRAWLER_API_KEY }}
-          ALGOLIA_CRAWLER_ID: ${{ secrets.ALGOLIA_CRAWLER_ID }}
-          ALGOLIA_CRAWLER_USER_ID: ${{ secrets.ALGOLIA_CRAWLER_USER_ID }}
+        run: make build-apps
 
       - name: Download H2O CLI
         working-directory: ./py/tmp/tour/
@@ -200,16 +43,7 @@ jobs:
 
       - name: Make air-gapped bundle
         working-directory: ./py/tmp/tour/
-        run: |
-          .bin/h2o bundle \
-            --docker-base-image 524466471676.dkr.ecr.us-east-1.amazonaws.com/q8s/launcher:v0.31.0-310 \
-            --docker-use-buildkit \
-            --generate-helm-charts \
-            --helm-chart-version ${{ env.VERSION }} \
-            --helm-chart-name tour \
-            --helm-app-bundle-image-repo 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/tour-bundle \
-            --helm-app-runtime-image-repo 524466471676.dkr.ecr.us-east-1.amazonaws.com/h2oai/tour \
-            --generate-dockerfile
+        run: .bin/h2o bundle
 
       - uses: actions/upload-artifact@v4
         with:
@@ -218,22 +52,77 @@ jobs:
             ./py/tmp/tour/*.Dockerfile
             ./py/tmp/tour/*.wave
 
-      - uses: actions/upload-artifact@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          name: wave-bundle-helm
-          path: py/tmp/tour/helm/
+          role-to-assume: arn:aws:iam::353750902984:role/GitHub-OIDC-Role
+          role-session-name: GitHub_to_AWS_via_FederatedOIDC
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: "Ensure ECR Repository for the bundle"
+        # Tries to describe the repository and if it fails, creates it
+        run: |
+          aws ecr describe-repositories \
+            --repository-names h2oai/tour-bundle 2>/dev/null ||
+          aws ecr create-repository \
+            --repository-name h2oai/tour-bundle \
+            --image-tag-mutability IMMUTABLE \
+            --tag \
+              Key=GithubRepo,Value=github.com/h2oai/${{ github.event.repository.name }} \
+              Key=ManagedBy,Value=GitHubActions \
+              Key=CreatedByWorkflow,Value=${{ github.workflow_ref }}
+
+      - name: Build and Export Bundle Image
+        uses: docker/build-push-action@v6
+        id: bundle-build
+        with:
+          push: true
+          context: ./py/tmp/tour/
+          file: ./Dockerfile-wave-bundle
+          platforms: linux/amd64
+          provenance: false
+          build-args: VERSION=${{ env.VERSION }}
+          tags: |
+            353750902984.dkr.ecr.us-east-1.amazonaws.com/h2oai/tour-bundle:${{ env.VERSION }}
+
+      - name: "Ensure ECR Repository for the runtime"
+        # Tries to describe the repository and if it fails, creates it
+        run: |
+          aws ecr describe-repositories \
+            --repository-names h2oai/tour 2>/dev/null ||
+          aws ecr create-repository \
+            --repository-name h2oai/tour \
+            --image-tag-mutability IMMUTABLE \
+            --tag \
+              Key=GithubRepo,Value=github.com/h2oai/${{ github.event.repository.name }} \
+              Key=ManagedBy,Value=GitHubActions \
+              Key=CreatedByWorkflow,Value=${{ github.workflow_ref }}
+
+      - name: Build and Export Runtime Image
+        uses: docker/build-push-action@v6
+        id: runtime-build
+        with:
+          push: true
+          context: ./py/tmp/tour/
+          file: ./Dockerfile-runtime
+          platforms: linux/amd64
+          provenance: false
+          build-args: VERSION=${{ env.VERSION }}
+          tags: |
+            353750902984.dkr.ecr.us-east-1.amazonaws.com/h2oai/tour:${{ env.VERSION }}
+
+      - name: Published Images Summary
+        run: |
+          echo "#### Wave Runtime Image" >> $GITHUB_STEP_SUMMARY
+          echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+          echo "docker image push 353750902984.dkr.ecr.us-east-1.amazonaws.com/h2oai/tour:${{ env.VERSION }}" >> $GITHUB_STEP_SUMMARY
+          echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
 
       - name: Remove files in tmp folder
-        run: make remove-build-apps-directory
-
-  build-and-publish:
-    needs: release
-    permissions:
-      id-token: write # This is required for requesting the JWT
-      contents: read # This is required for actions/checkout
-
-    uses: ./.github/workflows/wave-bundle-docker-build-publish.yaml
-    with:
-      build-version: ${{ needs.release.outputs.build-version }}
-      bundle-artifact: wave-bundle
-      wave-app-name: tour
+        run: make remove-build-apps-directory
@@ -0,0 +1,2 @@
+./Dockerfile-bundle
+./Dockerfile-runtime
@@ -0,0 +1,41 @@
+FROM cgr.dev/chainguard/wolfi-base:latest@sha256:91ed94ec4e72368a9b5113f2ffb1d8e783a91db489011a89d9fad3e3816a75ba
+RUN apk add --no-cache python3=~3.10 make
+RUN python -m ensurepip --default-pip
+ARG USER="nonroot"
+ARG GROUP="nonroot"
+
+WORKDIR /app/
+
+USER root
+RUN chown -R $USER:$GROUP /app
+USER $USER
+
+# Create a virtual environment
+RUN python3 -m venv /app/venv
+
+COPY examples ./examples/
+COPY requirements.txt .
+
+# Upgrade pip inside the virtual environment
+RUN /app/venv/bin/pip install --upgrade pip==24.0 setuptools
+
+COPY --chmod=777 . /app/
+
+# Install Python dependencies
+RUN --mount=type=cache,target=/home/.cache \
+	--mount=type=cache,target=/root/.cache \
+	--mount=type=cache,target=/.cache \
+	/app/venv/bin/pip3 install -r requirements.txt
+
+RUN /app/venv/bin/python3 -m pip uninstall pip setuptools -y
+USER root
+RUN python3 -m pip uninstall pip -y
+RUN mkdir -p /resources
+RUN chmod -R 777 /resources
+USER $USER
+
+USER nonroot
+
+EXPOSE 10101
+
+ENTRYPOINT ["./venv/bin/wave", "run", "examples.tour"]
@@ -0,0 +1,6 @@
+FROM alpine:3.18
+
+ARG VERSION=latest
+
+COPY ai.h2o.wave.tour.${VERSION}.wave /app/ai.h2o.wave.tour.${VERSION}.wave
+ENV WAVE_BUNDLE_FILE /app/ai.h2o.wave.tour.${VERSION}.wave
@@ -10,3 +10,5 @@ LongDescription = "about.md"
 Module = "examples.tour"
 RoutingMode = "BASE_URL"
 RuntimeVersion = "deb11_py310_wlatest"
+AppMode = "container"
+Port = 10101
@@ -5,10 +5,10 @@ h2o-wave-ml==0.8.1
 h2o_wave=={{VERSION}}
 loguru==0.6.0
 matplotlib==3.5.1
-numpy==1.21.6
-opencv-python==4.5.5.64
+numpy==1.26
+opencv-python==4.8.1.78
 pandas==1.3.5
 plotly==5.7.0
-scikit-learn==1.0.2
+scikit-learn==1.5.2
 toml==0.10.2
 vega-datasets==0.9.0