Note

main branch now tracks v2 by default. To access the legacy Bailo, see the v1 branch. v1 has been removed from this project - see migrations for more information.

Making it easy to compliantly manage the machine learning lifecycle
Explore the docs »

Report a Bug · Request a Feature

Table of Contents

1. About The Project
   • Built With
2. Getting Started
   • Requirements
   • Installation
   • Service Ports
   • Logical Project Flow (Overview)
   • Known Issues
3. Usage
4. Contributing
5. Breaking Changes
6. License
7. Acknowledgments

About The Project

Bailo helps you manage the lifecycle of machine learning to support scalability, impact, collaboration, compliance and sharing.

Built With

• Next.js
• Node.js
• MongoDB
• Seldon

Getting Started

Requirements

• Node v22
• Docker / Docker Compose

Installation

To run in standalone mode, not development mode (http://localhost:8080). Not for production use:

docker build -t "bailo:standalone" -f ./Dockerfile.standalone .
docker run --name bailo -p 8080:8080 -d bailo:standalone

To run in development mode (modified files on your host machine will be reloaded into the running application):

git clone https://github.com/gchq/Bailo.git && cd Bailo
npm install
npm run certs

# This builds all the Bailo images, rerun it when you update dependencies.
docker compose build --parallel

# Then run the development instance of Bailo.
docker compose up -d

On first run, it may take a while (up to 30 seconds) to start up. It needs to build several hundred TypeScript modules. These are cached however, so future starts only require a few seconds. You should access the site via localhost:8080.

The registry requires a JWKS file for the token authentication with the backend application. For development, a JWKS file is generated by running npm run certs. For production, the script generateJWKS.ts can be used to generate a JWKS file for the public key referenced in the backend application configuration.

Service Ports

Service	Host	Notes
Next UI	3000	Stored in frontend
NodeJS App	3001	Stored in backend
Mongo	27017	No credentials
Registry	5000	HTTPS only, no UI
Minio UI	9001	minioadmin:minioadmin
Minio	9000	minioadmin:minioadmin
MailCrab	1080	Fake email server

** Note: these credentials are intentionally basic/default, but in your own instances we recommend changing them to something more secure.

We expect the administrator to provide their own forms of authentication. By default all users authenticate using as 'user'.

You can test out your new deployment using the example models which can be found in frontend/cypress/fixtures minimal_binary.zip and minimal_code.zip. There are also example forms in the scripts folder minimal_model_schema.json, minimal_data_card_schema.json and minimal_access_request_schema.json.

Logical Project Flow (Overview)

1. A user accesses a URL. We use NextJS routing to point it to a file in frontend/pages. [xxx].tsx files accept any route, xxx.tsx files allow only that specific route.
2. Data is loaded using SWR. Data loaders are stored in frontend/actions. Each one exposes variables to specify if it is loading, errored, data, etc.
3. Requests to the backend get routed through express within backend/src/routes.ts. Each route is an array with all items being middleware except the last, which is the handler ([...middleware, handler]).
4. Routes interact with the database via mongoose, which stores models in backend/src/models.

Known Issues

• Issue: Sometimes Docker struggles when you add a new dependency.
  Fix: Run docker compose down --rmi all followed by docker compose up --build.

• Issue: Sometimes SWR fails to install its own binary and the project will refuse to start up (development only)
  Fix: Run npm uninstall next && npm install next. Some users report still having issues. If so, run: rm -rf node_modules && rm -rf package-lock.json && npm cache clean -f && npm i.

• Issue: Unable to authenticate to the Docker registry / compile binaries.
  Fix: Make sure that your authentication proxy is setup to allow the 'Authorisation' header. Make sure that your application is able to access the Docker registry internally as it will not provide user authentication.

Usage

See our user documentation

Contributing

If you are looking for an existing issue to help with, check out the help wanted tickets on GitHub. If you see any that you are interested in working on, comment on it to let everyone know you are working on it. If there is no ticket for what you want to contribute, start a new issue to discuss whether it follows the aims of this project. We ask this even for bugs, as there may be multiple solutions to be considered.

Prior to us accepting any work, you must sign the GCHQ CLA Agreement. We follow a branching strategy for handling contributions:

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/new_thing)
3. Commit your Changes (git commit -m 'Add a new thing')
4. Push to the Branch (git push origin feature/new_thing)
5. Open a Pull Request

Breaking Changes

28-04-2022: Changed 'schema' model to be stored as a string instead of an object. Delete & recreate your schemas.

License

Bailo is released under the Apache 2.0 Licence and is covered by Crown Copyright. See LICENSE.txt for more information.

Acknowledgments

• Img Shields
• Othneils's README Template
• Mattermost's Code Contribution Guidelines