ci: Git artifact check (#12477)

Signed-off-by: Nelesh Singla <[email protected]>

Author: nsingla

.github/actions/check-artifact-exists/action.yml

@@ -0,0 +1,38 @@
+name: 'Check Artifact Exists'
+description: 'Check if a GitHub artifact exists in the current workflow run'
+author: 'KFP Team'
+
+inputs:
+  artifact_name:
+    description: 'Name of the artifact to check'
+    required: true
+
+outputs:
+  exists:
+    description: 'Whether the artifact exists (true/false)'
+    value: ${{ steps.check.outputs.exists }}
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Setup Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.11'
+
+    - name: Install dependencies
+      shell: bash
+      run: |
+        python -m pip install --upgrade pip
+        pip install requests
+
+    - name: Check artifact exists
+      shell: bash
+      id: check
+      run: python ${{ github.action_path }}/check_artifact.py
+      env:
+        INPUT_ARTIFACT_NAME: ${{ inputs.artifact_name }}
+
+branding:
+  icon: 'search'
+  color: 'blue'

.github/actions/check-artifact-exists/check_artifact.py

@@ -0,0 +1,147 @@
+#!/usr/bin/env python3
+"""
+GitHub Action script to check if an artifact exists in the repository for a specific commit.
+Uses the GitHub REST API to list artifacts by name and filters by head SHA.
+Returns true if the artifact exists, false otherwise.
+"""
+
+import os
+import sys
+import requests
+import json
+
+def get_github_token() -> str:
+    """Get GitHub token from environment variables."""
+    token = os.getenv('GITHUB_TOKEN')
+    if not token:
+        print("::error::GITHUB_TOKEN environment variable is required")
+        sys.exit(1)
+    return token
+
+def get_head_sha() -> str:
+    """Get the head SHA from environment variables."""
+    head_sha = os.getenv('GITHUB_SHA')
+    if not head_sha:
+        print("::error::GITHUB_SHA environment variable is required")
+        sys.exit(1)
+    return head_sha
+
+def get_repository() -> str:
+    """Get the repository name from environment variables."""
+    repo = os.getenv('GITHUB_REPOSITORY')
+    if not repo:
+        print("::error::GITHUB_REPOSITORY environment variable is required")
+        sys.exit(1)
+    return repo
+
+def set_output(name: str, value: str) -> None:
+    """Set GitHub Actions output."""
+    github_output = os.getenv('GITHUB_OUTPUT')
+    if github_output:
+        with open(github_output, 'a') as f:
+            f.write(f"{name}={value}\n")
+    else:
+        # Fallback for older GitHub Actions runner versions
+        print(f"::set-output name={name}::{value}")
+
+def check_artifact_exists(artifact_name: str, token: str, repo: str, head_sha: str) -> bool:
+    """
+    Check if an artifact exists in the repository for a specific commit.
+
+    Args:
+        artifact_name: Name of the artifact to check
+        token: GitHub token for authentication
+        repo: Repository in format 'owner/repo'
+        head_sha: Commit SHA to filter artifacts by
+
+    Returns:
+        True if artifact exists, False otherwise
+    """
+    headers = {
+        'Authorization': f'token {token}',
+        'Accept': 'application/vnd.github+json',
+        'X-GitHub-Api-Version': '2022-11-28'
+    }
+
+    # GitHub API endpoint to list artifacts for a repository
+    url = f"https://api.github.com/repos/{repo}/actions/artifacts"
+
+    # Add query parameters - API will filter by artifact name
+    params = {
+        'per_page': 100,
+        'name': artifact_name
+    }
+
+    max_iterations = 100
+
+    try:
+        page = 1
+        while max_iterations > 0:
+            params['page'] = page
+            response = requests.get(url, headers=headers, params=params)
+            response.raise_for_status()
+
+            artifacts_data = response.json()
+            artifacts = artifacts_data.get('artifacts', [])
+            total_count = artifacts_data.get('total_count', 0)
+
+            # No artifacts found at all
+            if not artifacts:
+                print(f"::debug::No artifacts found on page '{page}' with name {artifact_name} matching head_sha {head_sha}")
+                break
+
+            # Check each artifact's head_sha since API filters by name already
+            for artifact in artifacts:
+                workflow_run = artifact.get('workflow_run', {})
+                artifact_head_sha = workflow_run.get('head_sha')
+
+                if artifact_head_sha == head_sha:
+                    print(f"::debug::Artifact '{artifact_name}' found with ID {artifact.get('id')}, matching head_sha {head_sha}")
+                    return True
+                else:
+                    print(f"::debug::Artifact '{artifact_name}' found but head_sha doesn't match (expected: {head_sha}, found: {artifact_head_sha})")
+
+            # Check if we've reached the last page
+            # If we've retrieved all artifacts (page * per_page >= total_count) or
+            # if this page has fewer artifacts than requested, we're done
+            if page * params['per_page'] >= total_count or len(artifacts) < params['per_page']:
+                break
+
+            page += 1
+            max_iterations -= 1
+
+        print(f"::debug::Artifact '{artifact_name}' with head_sha '{head_sha}' not found")
+        return False
+
+    except requests.exceptions.RequestException as e:
+        print(f"::error::Failed to check artifact existence: {e}")
+        sys.exit(1)
+    except json.JSONDecodeError as e:
+        print(f"::error::Failed to parse GitHub API response: {e}")
+        sys.exit(1)
+
+def main():
+    """Main function."""
+    # Get inputs
+    artifact_name = os.getenv('INPUT_ARTIFACT_NAME')
+    if not artifact_name:
+        print("::error::artifact_name input is required")
+        sys.exit(1)
+
+    # Get environment variables
+    token = get_github_token()
+    repo = get_repository()
+    head_sha = get_head_sha()
+
+    print(f"::debug::Checking for artifact '{artifact_name}' in repository '{repo}', head_sha '{head_sha}'")
+
+    # Check if artifact exists
+    exists = check_artifact_exists(artifact_name, token, repo, head_sha)
+
+    # Set outputs
+    set_output('exists', str(exists).lower())
+
+    print(f"::debug::Artifact {artifact_name} exists: {exists}")
+
+if __name__ == '__main__':
+    main()

.github/actions/deploy/action.yml

@@ -57,7 +57,7 @@ runs:
       run: ./.github/resources/squid/deploy-squid.sh
 
     - name: Download Docker Images
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v6
       with:
         path: "images_${{ github.sha }}"
 

.github/workflows/image-builds-with-cache.yml

@@ -15,6 +15,8 @@ on:
 env:
   IMAGE_TAG: "latest"
   REGISTRY: "kind-registry:5000"
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GITHUB_SHA: ${{ github.sha }}
 
 jobs:
   image-build-with-cache:
@@ -81,25 +83,15 @@ jobs:
           } >> "$GITHUB_OUTPUT"
 
       # Check if the image tarball already exists or not, if yes, then skip building the image
-      - name: Attempt to download the artifact
-        uses: actions/download-artifact@v4
+      - name: Check artifact exists
+        uses: ./.github/actions/check-artifact-exists
         with:
-          name: ${{ env.ARTIFACT_NAME }}
-          path: ${{ env.ARTIFACTS_PATH }}
-        continue-on-error: true
-        id: artifact-download
-
-      # If the image tarball was successfully downloaded, then clean it up as the download should
-      # happen when image tarballs are actually required for deployment (most likely in a new workflow/job)
-      - name: Delete the artifact downloaded artifact
-        if: ${{ steps.artifact-download.outcome == 'success' }}
-        run: |
-          rm -rf ${{ env.ARTIFACTS_PATH }}/${{ env.ARTIFACT_NAME }}
-        shell: bash
+          artifact_name: ${{ env.ARTIFACT_NAME }}
+        id: artifact-check
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-        if: ${{ steps.artifact-download.outcome == 'failure' }}
+        if: ${{ steps.artifact-check.outputs.exists == 'false' }}
         id: setup-buildx
 
       - name: Build and save Docker image
@@ -115,7 +107,7 @@ jobs:
 
       - name: Rebuild Images in case of failure
         uses: docker/build-push-action@v5
-        if: ${{ steps.save-image.outcome != 'success' }}
+        if: ${{ steps.save-image.outcome != 'success' && steps.setup-buildx.outcome == 'success' }}
         id: rebuild
         with:
           context: ${{ matrix.context }}

.github/workflows/kfp-sdk-client-tests.yml

@@ -6,7 +6,7 @@ on:
 
   pull_request:
     paths:
-      - '.github/workflows/kfp-sdk-client-tests.yml.yml'
+      - '.github/workflows/kfp-sdk-client-tests.yml'
       - '.github/actions/create-cluster/**'
       - '.github/resources/**'
       - 'sdk/python/**'