Skip to content

Test EC2 backend for build-and-run-model-workflow #41

Test EC2 backend for build-and-run-model-workflow

Test EC2 backend for build-and-run-model-workflow #41

# Workflow that builds a Docker image containing the model code,
# pushes it to the GitHub Container Registry, and then optionally uses
# that container image to run the model using an AWS Batch job.
#
# Images are built on every commit to a PR or main branch in order to ensure
# that the build continues to work properly, but Batch jobs are gated behind
# a `deploy` environment that requires manual approval from a
# @ccao-data/core-team member.
name: build-and-run-model
on:
pull_request:
types: [opened, reopened, synchronize, closed]
workflow_dispatch:
push:
branches: [master]
jobs:
build-and-run-model:
permissions:
# contents:read and id-token:write permissions are needed to interact
# with GitHub's OIDC Token endpoint so that we can authenticate with AWS
contents: read
id-token: write
# While packages:write is usually not required for workflows, it is
# required in order to allow the reusable called workflow to push to
# GitHub Container Registry
packages: write
uses: ccao-data/actions/.github/workflows/build-and-run-batch-job.yaml@jeancochrane/57-infra-updates-enable-ec2-backend-for-model-batch-jobs
with:
ref: jeancochrane/57-infra-updates-enable-ec2-backend-for-model-batch-jobs
vcpu: 4
memory: "16384"
role-duration-seconds: 14400 # Worst-case time for a full model run
backend: ec2
secrets:
AWS_IAM_ROLE_TO_ASSUME_ARN: ${{ secrets.AWS_IAM_ROLE_TO_ASSUME_ARN }}
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}