Init workflow for blossom-ci (NVIDIA#642)

* init workflow for blossom-ci

Signed-off-by: Peixin Li <[email protected]>

Co-authored-by: Tim Liu <[email protected]>

.github/workflows/blossom-ci.yml

@@ -0,0 +1,114 @@
+# Copyright (c) 2020, NVIDIA CORPORATION.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# A workflow to trigger blossom-CI on self-hosted runner
+name: Blossom-CI
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  authorization:
+    name: Authorization
+    # trigger on pre-defined text
+    if: github.event.comment.body == 'build'
+    runs-on: [self-hosted, linux, blossom]
+    steps:
+      - name: Check if comment is issued by authorized person
+        run: blossom-ci
+        env:
+          OPERATION: 'AUTH'
+          VERSION: '1'
+
+  vulnerability-scan-job:
+    name: Vulnerability scan job
+    needs: [authorization]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get pull request data
+        id: pull_request_data
+        uses: octokit/[email protected]
+        with:
+          route: 'GET /repos/:repository/pulls/:issue_id'
+          repository: ${{ github.repository }}
+          issue_id: ${{ github.event.issue.number }}
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Set blackduck project version
+        id: blackduck-project-version
+        run: echo "${{ fromJson(steps.pull_request_data.outputs.data).head.ref }}-${{ github.run_id }}"
+
+      - name: Update status
+        uses: octokit/[email protected]
+        with:
+          route: 'POST /repos/:repository/statuses/:sha'
+          repository: ${{ github.repository }}
+          sha: ${{ fromJson(steps.pull_request_data.outputs.data).head.sha }}
+          target_url: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          description: "vulnerability scan running"
+          state: "pending"
+          context: "blossom-ci"
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          repository: ${{ github.repository }}
+          ref: ${{ fromJson(steps.pull_request_data.outputs.data).head.ref }}
+          lfs: 'true'
+
+      - name: Setup java
+        uses: actions/setup-java@v1
+        with:
+          java-version: 1.8
+
+      - name: Get project data (maven)
+          run: |
+            echo ::set-env name=projects::$(mvn -am dependency:tree | grep maven-dependency-plugin | awk '{ out="com.nvidia:"$(NF-1);print out }' | grep rapids | xargs | sed -e 's/ /,/g')
+
+      - name: Add mask
+        run: echo "::add-mask::${{ secrets.BLACKDUCK_URL }}"
+
+      - name: Run synopsys detect
+        id: scan_result
+        uses: blackducksoftware/[email protected]
+        env:
+          PROJECTS: ${{ env.projects }}
+        with:
+          args: >
+            --blackduck.url="https://${{ secrets.BLACKDUCK_URL }}"
+            --blackduck.api.token="${{ secrets.BLACKDUCK_API_TOKEN }}"
+            --detect.maven.build.command="-pl='$PROJECTS -am'"
+            --detect.force.success=false
+            --detect.parallel.processors=0
+            --detect.project.name="${{ github.repository }}"
+            --detect.project.version.name="${{ github.run_id }}"
+
+  vulnerability-check-trigger:
+    name: Vulnerability check & start ci job
+    needs: [vulnerability-scan-job]
+    runs-on: [self-hosted, linux, blossom]
+    steps:
+      - name: Check for new issue in vulnerability scan & start ci job
+        run: blossom-ci
+        env:
+          OPERATION: 'SCAN-CHECK-CI-JOB-START'
+          VERSION: '1'
+          BLACKDUCK_TOKEN: "${{ secrets.BLACKDUCK_API_TOKEN }}"
+          BLACKDUCK_URL: "${{ secrets.BLACKDUCK_URL }}"
+          BLACKDUCK_PROJECT_VERSION: "${{ github.run_id }}"
+          CI_SERVER: ${{ secrets.CI_SERVER }}
+          REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}

jenkins/Dockerfile-blossom.ubuntu16

@@ -0,0 +1,40 @@
+#
+# Copyright (c) 2020, NVIDIA CORPORATION. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+###
+#
+# Build the image for rapids-plugin development environment
+#
+# Arguments: CUDA_VER=10.1 or 10.2
+#
+###
+
+ARG CUDA_VER=10.1
+
+FROM nvidia/cuda:${CUDA_VER}-runtime-ubuntu16.04
+
+#Install java-8, maven, docker image
+RUN apt-get update -y && \
+    apt-get install -y software-properties-common
+RUN add-apt-repository ppa:deadsnakes/ppa && \
+    apt-get update -y && \
+    apt-get install -y maven \
+    openjdk-8-jdk python3.6 python3-pip tzdata git
+
+RUN ln -s /usr/bin/python3.6 /usr/bin/python
+RUN python -m pip install pytest sre_yield requests pandas pyarrow
+
+RUN apt install -y inetutils-ping expect