forked from enricoros/big-AGI
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
1aab4a6
commit e257c3a
Showing
12 changed files
with
393 additions
and
60 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
{ | ||
"HH_SRE_ROBOT_GITHUB_TOKEN": "github/cicd/data/HH_SRE_ROBOT_GITHUB_TOKEN value" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
name: Deploy to EKS | ||
|
||
on: | ||
workflow_run: | ||
workflows: [CI] | ||
types: | ||
- completed | ||
branches: | ||
- main | ||
|
||
permissions: | ||
id-token: write # Required for aws-actions/configure-aws-credentials@v1 | ||
contents: read # Required for actions/checkout@v3 | ||
|
||
jobs: | ||
continuous_deployment: | ||
name: Continuous Deployment | ||
# if: ${{ github.event.workflow_run.conclusion == 'success' }} | ||
uses: hinge-health/common-workflows/.github/workflows/cd.yml@v1 | ||
with: | ||
HCP_VAULT_SECRETS_JSON_PATH: '.github/secrets.json' | ||
SERVICE_NAME: llm-playground-service | ||
DEPLOY_TO_PRODUCTION: false | ||
DEPLOY_TO_STAGE: false | ||
DEPLOY_TO_DEV: true | ||
IMAGE_TAG: ${{ github.event.inputs.image_tag }} | ||
|
||
secrets: | ||
HCP_VAULT_ROLE_ID: ${{ secrets.HCP_VAULT_ROLE_ID }} | ||
HCP_VAULT_SECRET_ID: ${{ secrets.HCP_VAULT_SECRET_ID }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
name: CI | ||
env: | ||
GITHUB_ACCESS_TOKEN: ${{ secrets.SHARED_PACKAGES_READ }} | ||
GIT_SHA: ${{ github.event.pull_request.head.sha || github.event.push.head.sha }} | ||
TAG: 'latest' | ||
IMAGE-TAG: 'latest' | ||
SERVICE_NAME: 'llm-playground-service' | ||
on: | ||
pull_request: | ||
merge_group: | ||
push: | ||
branches: [main] | ||
|
||
concurrency: | ||
group: ${{ github.head_ref || github.run_id }} | ||
cancel-in-progress: true | ||
jobs: | ||
docker_build_and_push: | ||
runs-on: ubuntu-latest | ||
env: | ||
DOCKER_BUILDKIT: "1" | ||
permissions: | ||
id-token: write # This is required for requesting the JWT | ||
contents: read # This is required for actions/checkout | ||
steps: | ||
- name: Git Checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
ref: ${{ env.GIT_SHA }} | ||
lfs: true | ||
- name: Configure AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v1 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ECR__WRITE_ONLY_ACCESS_KEY_ID__RAW }} | ||
aws-secret-access-key: ${{ secrets.AWS_ECR__WRITE_ONLY_SECRET_ACCESS_KEY__RAW }} | ||
aws-region: us-east-1 | ||
- name: Login to Amazon ECR | ||
id: login-ecr | ||
uses: aws-actions/amazon-ecr-login@v1 | ||
with: | ||
mask-password: 'true' | ||
- name: Docker build | ||
run: make docker-build | ||
- name: Docker tag | ||
run: make docker-tag | ||
- name: Docker push | ||
run: make docker-push | ||
- name: Docker tag and push latest | ||
if: github.ref == 'refs/heads/main' | ||
run: make docker-tag-latest |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
name: Deploy to Dev EKS | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
image_tag: | ||
description: "The docker image tag to deploy" | ||
required: true | ||
type: string | ||
|
||
concurrency: llm-playground-service-eks-dev | ||
|
||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
jobs: | ||
deploy: | ||
runs-on: ubuntu-latest | ||
environment: dev | ||
if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }} | ||
steps: | ||
- name: Checkout Code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Image Tag | ||
id: image | ||
run: | | ||
INPUT_IMAGE_TAG="${{ github.event.inputs.image_tag }}" | ||
if [ -z "${INPUT_IMAGE_TAG}" ]; | ||
then | ||
IMAGE_TAG=${GITHUB_SHA:0:7} | ||
else | ||
IMAGE_TAG=${INPUT_IMAGE_TAG} | ||
fi | ||
echo "tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT | ||
echo "Image Tag: ${IMAGE_TAG}" >> $GITHUB_STEP_SUMMARY | ||
- name: Deploy to Dev EKS | ||
uses: hinge-health/infra-deploy-helm/to-eks-dev@v1 | ||
with: | ||
github_token: ${{ secrets.HH_SRE_ROBOT_GITHUB_TOKEN }} | ||
image_tag: ${{ steps.image.outputs.tag }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
name: Deploy to Stage EKS | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
image_tag: | ||
description: "The docker image tag to deploy" | ||
required: true | ||
type: string | ||
|
||
concurrency: llm-playground-service-eks-stage | ||
|
||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
jobs: | ||
deploy: | ||
runs-on: ubuntu-latest | ||
environment: stage | ||
if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }} | ||
steps: | ||
- name: Checkout Code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Image Tag | ||
id: image | ||
run: | | ||
INPUT_IMAGE_TAG="${{ github.event.inputs.image_tag }}" | ||
if [ -z "${INPUT_IMAGE_TAG}" ]; | ||
then | ||
IMAGE_TAG=${GITHUB_SHA:0:7} | ||
else | ||
IMAGE_TAG=${INPUT_IMAGE_TAG} | ||
fi | ||
echo "tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT | ||
echo "Image Tag: ${IMAGE_TAG}" >> $GITHUB_STEP_SUMMARY | ||
- name: Deploy to Stage EKS | ||
uses: hinge-health/infra-deploy-helm/to-eks-stage@v1 | ||
with: | ||
github_token: ${{ secrets.HH_SRE_ROBOT_GITHUB_TOKEN }} | ||
image_tag: ${{ steps.image.outputs.tag }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,69 +1,69 @@ | ||
# This workflow uses actions that are not certified by GitHub. | ||
# They are provided by a third-party and are governed by | ||
# separate terms of service, privacy policy, and support | ||
# documentation. | ||
# # This workflow uses actions that are not certified by GitHub. | ||
# # They are provided by a third-party and are governed by | ||
# # separate terms of service, privacy policy, and support | ||
# # documentation. | ||
|
||
# GitHub recommends pinning actions to a commit SHA. | ||
# To get a newer version, you will need to update the SHA. | ||
# You can also reference a tag or branch, but the action may change without warning. | ||
# # GitHub recommends pinning actions to a commit SHA. | ||
# # To get a newer version, you will need to update the SHA. | ||
# # You can also reference a tag or branch, but the action may change without warning. | ||
|
||
name: Create and publish Docker images | ||
# name: Create and publish Docker images | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
#- main-stable # Disabled as the v* tag is used for stable releases | ||
tags: | ||
- 'v*' # Trigger on version tags (e.g., v1.7.0) | ||
# on: | ||
# push: | ||
# branches: | ||
# - main | ||
# #- main-stable # Disabled as the v* tag is used for stable releases | ||
# tags: | ||
# - 'v*' # Trigger on version tags (e.g., v1.7.0) | ||
|
||
env: | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }} | ||
# env: | ||
# REGISTRY: ghcr.io | ||
# IMAGE_NAME: ${{ github.repository }} | ||
|
||
jobs: | ||
build-and-push-image: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: write | ||
# jobs: | ||
# build-and-push-image: | ||
# runs-on: ubuntu-latest | ||
# permissions: | ||
# contents: read | ||
# packages: write | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v4 | ||
# steps: | ||
# - name: Checkout repository | ||
# uses: actions/checkout@v4 | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
# - name: Set up QEMU | ||
# uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
# - name: Set up Docker Buildx | ||
# uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Log in to the Container registry | ||
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
# - name: Log in to the Container registry | ||
# uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | ||
# with: | ||
# registry: ${{ env.REGISTRY }} | ||
# username: ${{ github.actor }} | ||
# password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Extract metadata (tags, labels) for Docker | ||
id: meta | ||
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
tags: | | ||
type=raw,value=development,enable=${{ github.ref == 'refs/heads/main' }} | ||
type=raw,value=stable,enable=${{ github.ref == 'refs/heads/main-stable' }} | ||
type=ref,event=tag # Use the tag name as a tag for tag builds | ||
type=semver,pattern={{version}} # Generate semantic versioning tags for tag builds | ||
type=sha # Just in case none of the above applies | ||
# - name: Extract metadata (tags, labels) for Docker | ||
# id: meta | ||
# uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 | ||
# with: | ||
# images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
# tags: | | ||
# type=raw,value=development,enable=${{ github.ref == 'refs/heads/main' }} | ||
# type=raw,value=stable,enable=${{ github.ref == 'refs/heads/main-stable' }} | ||
# type=ref,event=tag # Use the tag name as a tag for tag builds | ||
# type=semver,pattern={{version}} # Generate semantic versioning tags for tag builds | ||
# type=sha # Just in case none of the above applies | ||
|
||
- name: Build and push Docker image | ||
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | ||
with: | ||
context: . | ||
file: Dockerfile | ||
platforms: linux/amd64,linux/arm64 | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
build-args: NEXT_PUBLIC_GA4_MEASUREMENT_ID=${{ secrets.GA4_MEASUREMENT_ID }} | ||
# - name: Build and push Docker image | ||
# uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | ||
# with: | ||
# context: . | ||
# file: Dockerfile | ||
# platforms: linux/amd64,linux/arm64 | ||
# push: true | ||
# tags: ${{ steps.meta.outputs.tags }} | ||
# labels: ${{ steps.meta.outputs.labels }} | ||
# build-args: NEXT_PUBLIC_GA4_MEASUREMENT_ID=${{ secrets.GA4_MEASUREMENT_ID }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
SERVICE_NAME := llm-playground-service | ||
ENVIRONMENT := ${ENVIRONMENT} | ||
SENTRY_ORG := hingehealth | ||
AWS_DEFAULT_REGION := us-east-1 | ||
ECR_REGISTRY := 711154312405.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${SERVICE_NAME} | ||
GIT_SHA := $$(git rev-parse --short HEAD) | ||
CURRENT_TIME := $$(date -u +"%Y-%m-%dT%H:%M:%S") | ||
|
||
# Login to AWS registry (must have docker running) | ||
ecr-login: | ||
aws ecr get-login-password --region ${AWS_DEFAULT_REGION} | docker login -u AWS --password-stdin ${ECR_REGISTRY} | ||
|
||
# Build docker target, use | ||
docker-build: | ||
sh ci/read_version.sh > version.json | ||
docker build -f Dockerfile --no-cache -t ${SERVICE_NAME} . | ||
|
||
# Push to registry | ||
docker-push: | ||
docker push $(ECR_REGISTRY):${GIT_SHA} | ||
|
||
# Tag docker image | ||
docker-tag: | ||
aws ecr batch-delete-image --region ${AWS_DEFAULT_REGION} --repository-name ${SERVICE_NAME} --image-ids imageTag=${GIT_SHA}; \ | ||
docker tag ${SERVICE_NAME} $(ECR_REGISTRY):${GIT_SHA} | ||
|
||
# Remove current latest image from container registry, then update with newest (to run after master merge) | ||
docker-tag-latest: | ||
aws ecr batch-delete-image --region ${AWS_DEFAULT_REGION} --repository-name ${SERVICE_NAME} --image-ids imageTag=latest; \ | ||
docker tag ${SERVICE_NAME} $(ECR_REGISTRY):latest; \ | ||
docker push $(ECR_REGISTRY):latest; | ||
|
||
|
||
|
||
# Rebuild images and remove orphaned containers | ||
restart: | ||
docker-compose up -d --build --remove-orphans | ||
|
||
# Start the service through Docker | ||
start: | ||
docker-compose up -d | ||
|
||
# Stop the service | ||
stop: | ||
docker-compose down | ||
|
||
# Stop container, remove all images, containers, volumes | ||
clean: | ||
docker-compose down -v --remove-orphans | ||
|
||
# Tail logs | ||
logs: | ||
docker-compose logs -f main | ||
|
||
|
||
## source the virtual environment | ||
source-venv: | ||
source ./venv/bin/activate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
global: | ||
image: | ||
name: "llm-playground-service" | ||
|
||
app: | ||
livenessProbes: | ||
httpGet: | ||
path: /healthz | ||
port: 3000 | ||
initialDelaySeconds: 5 | ||
periodSeconds: 5 | ||
failureThreshold: 3 | ||
timeoutSeconds: 2 | ||
readinessProbes: | ||
httpGet: | ||
path: /healthz | ||
port: 3000 | ||
initialDelaySeconds: 8 | ||
periodSeconds: 5 | ||
failureThreshold: 3 | ||
timeoutSeconds: 2 | ||
ports: | ||
- containerPort: 3000 | ||
name: http | ||
protocol: TCP | ||
service: | ||
port: 3000 | ||
targetPort: http | ||
|
Oops, something went wrong.