Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AAQ-583] CI/CD for GCP #264

Merged
merged 37 commits into from
Jul 8, 2024
Merged

[AAQ-583] CI/CD for GCP #264

merged 37 commits into from
Jul 8, 2024

Conversation

suzinyou
Copy link
Collaborator

@suzinyou suzinyou commented Jun 27, 2024
edited
Loading

Reviewer: @markbotterill
Estimate: 2 hours

Ticket

Fixes: https://idinsight.atlassian.net/browse/AAQ-583

Description

diagram-export-08-07-2024-12_53_00

Goal

Deploy to GCP infra on push to main

Changes

  1. Deployment scripts: .github/workflows/deploy_gcp_*.yaml, triggered for each component
    1. Fetch GCP secrets
    2. Build and push docker image
    3. For LiteLLM and Caddy, we SCP the config files to the machine (*instead of baking them into the image)
      • This way, we don't have to keep a copy of aaq-core repo in the VM. Just deploy using the current version of these configs.
    4. SSH to VM to deploy docker containers
      • We are using docker run and not docker compose.
        • The Container-Optimized OS doesn't come with docker compose!!
        • We can theoretically SCP docker-compose.yml (similarly to 3. config files above) but didn't want to sink time into installing docker compose to VM
  2. Replace DB connection string with sqlalchemy's URL object
    1. Our DB connection would fail because of special characters in the connection string. Using URL object handles special characters automatically.
    2. However, we should avoid % in password -- this causes issues for alembic.

Future Tasks (optional)

  1. Turn infra into Terraform In progress at [AAQ-613] Terraform for GCP production infra #272
  2. Find a way to deploy with docker-compose.yml?

How has this been tested?

To-do before merge (optional)

Checklist

Fill with x for completed.

  • My code follows the style guidelines of this project
  • I have reviewed my own code to ensure good quality
  • I have tested the functionality of my code to ensure it works as intended
  • I have resolved merge conflicts

(Delete any items below that are not relevant)

  • I have updated affected documentation
  • I have added a blogpost in Latest Updates
  • I have updated the CI/CD scripts in .github/workflows/
  • I have updated the Terraform code Future task

suzinyou
suzinyou commented Jul 1, 2024
View reviewed changes
.github/workflows/deploy_gcp_admin_app.yaml Outdated
Comment on lines 9 to 11
- "admin_app/**"
- "deployment/gcp/cloudbuild_admin_app.yaml"
- ".github/workflows/deploy_gcp_admin_app.yaml"
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trigger only if the component code or CI/CD scripts change

suzinyou
suzinyou commented Jul 1, 2024
View reviewed changes
.github/workflows/deploy_gcp_admin_app.yaml
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All deployment scripts follow the same pattern!

suzinyou
suzinyou commented Jul 1, 2024
View reviewed changes
deployment/gcp/cloudbuild_admin_app.yaml Outdated
Comment on lines 7 to 12
docker build \
--build-arg NEXT_PUBLIC_BACKEND_URL=https://$$DOMAIN/api \
--build-arg NEXT_PUBLIC_GOOGLE_LOGIN_CLIENT_ID=$$NEXT_PUBLIC_GOOGLE_LOGIN_CLIENT_ID \
-t ${_DOCKER_REGISTRY_DOMAIN}/$PROJECT_ID/${_RESOURCE_PREFIX}/admin_app:latest \
.
secretEnv: ["NEXT_PUBLIC_GOOGLE_LOGIN_CLIENT_ID", "DOMAIN"]
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Secret environment variables are accessed by $$<var>, substituted variables (which we pass in github actions) are accessed by $<var> and must start with _

suzinyou
suzinyou commented Jul 1, 2024
View reviewed changes
deployment/gcp/cloudbuild_admin_app.yaml Outdated
env: "DOMAIN"

images:
- "${_DOCKER_REGISTRY_DOMAIN}/$PROJECT_ID/${_RESOURCE_PREFIX}/admin_app:latest"
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$PROJECT_ID is availabe through cloudbuild direclty, rather than from GCP Secret Manager or Github Actions

@suzinyou suzinyou marked this pull request as ready for review July 1, 2024 06:55
@suzinyou
add gcp github actions workflow
4ffb991
@suzinyou
configure deployment env
23f9df4
@suzinyou
fix provider path and use script
322c4df
@suzinyou
add redeploy script
daafb2c
@suzinyou
hardcode repo path
ff2a045
@suzinyou
update OIDC provider and add prune statement to redeploy script
8fde17a
@suzinyou
remove service account to use workload identity federation?
032ff89
@suzinyou
upgrade google-github-actions
e78e64e
@suzinyou
fix env to vars
c8340c0
@suzinyou
impersonate service account
f9265d2
@suzinyou
switch to command in ssh
f7773e4
@suzinyou
remove redeploy script
b423e21
@suzinyou
add cloudbuild configs
16db682
@suzinyou
test caddy deployment workflow to GCP
4e693d6
@suzinyou
remove old deploy script and fix branch name in gcp workflow
295ee2b
@suzinyou
fix docker build cloudbuild command syntax
50c5f0e
@suzinyou
add deployment workflow for backend, admin app, and litellm proxy
0f6536a
@suzinyou
fix typos in substitution var name
fcb997d
@suzinyou
fix litellm proxy cloudbuild config path
44cb9db
@suzinyou suzinyou mentioned this pull request Jul 2, 2024
Merged
13 tasks
@suzinyou suzinyou mentioned this pull request Jul 3, 2024
Closed
13 tasks
@suzinyou
Improve gcp deploy (#274)
62c64c0 
* send caddyfile and docker compose via scp

* remove ssh key

* format multiline commnad

* fix docker compose name

* use docker run

* fix multiline command

* build admin_app from github actions

* remove cloudbuild file trigger

* temporarily add this branch as trigger for admin_app

* update litellm cicd to build from github actions

* update core backend cicd to build from github actions

* fix order of config in litellm

* quote env vars

* add docker push statements

* fix docker push statement

* fix secrets typo

* fix quotes

* fix secrets outputs

* delete backend cloudbuild

* delete unused docker compose
@suzinyou
move config files back to docker-compose dir and undo testing code
77538fd
markbotterill
markbotterill approved these changes Jul 8, 2024
View reviewed changes
Copy link
Contributor

@markbotterill markbotterill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved.

Have discussed V2 improvements w/ @suzinyou which we can flesh out in coming weeks!

@suzinyou suzinyou merged commit 95b93ea into main Jul 8, 2024
1 check passed
@suzinyou suzinyou deleted the deploy-on-gcp-ga branch July 8, 2024 15:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markbotterill markbotterill markbotterill approved these changes

@sidravi1 sidravi1 Awaiting requested review from sidravi1 sidravi1 is a code owner

@lickem22 lickem22 Awaiting requested review from lickem22 lickem22 is a code owner

@amiraliemami amiraliemami Awaiting requested review from amiraliemami amiraliemami is a code owner

@Tanmay-97 Tanmay-97 Awaiting requested review from Tanmay-97 Tanmay-97 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@suzinyou @markbotterill