add the deployment files

.github/secrets.json

@@ -0,0 +1,3 @@
+{
+    "HH_SRE_ROBOT_GITHUB_TOKEN": "github/cicd/data/HH_SRE_ROBOT_GITHUB_TOKEN value"
+}

.github/workflows/cd.yml

@@ -0,0 +1,30 @@
+name: Deploy to EKS
+
+on:
+  workflow_run:
+    workflows: [CI]
+    types:
+      - completed
+    branches:
+      - main
+
+permissions:
+  id-token: write # Required for aws-actions/configure-aws-credentials@v1
+  contents: read # Required for actions/checkout@v3
+
+jobs:
+  continuous_deployment:
+    name: Continuous Deployment
+    # if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    uses: hinge-health/common-workflows/.github/workflows/cd.yml@v1
+    with:
+      HCP_VAULT_SECRETS_JSON_PATH: '.github/secrets.json'
+      SERVICE_NAME: llm-playground-service
+      DEPLOY_TO_PRODUCTION: false
+      DEPLOY_TO_STAGE: false
+      DEPLOY_TO_DEV: true
+      IMAGE_TAG: ${{ github.event.inputs.image_tag }}
+
+    secrets:
+      HCP_VAULT_ROLE_ID: ${{ secrets.HCP_VAULT_ROLE_ID }}
+      HCP_VAULT_SECRET_ID: ${{ secrets.HCP_VAULT_SECRET_ID }}

.github/workflows/continuous-integretion.yml

@@ -0,0 +1,50 @@
+name: CI
+env:
+  GITHUB_ACCESS_TOKEN: ${{ secrets.SHARED_PACKAGES_READ }}
+  GIT_SHA: ${{ github.event.pull_request.head.sha || github.event.push.head.sha }}
+  TAG: 'latest'
+  IMAGE-TAG: 'latest'
+  SERVICE_NAME: 'llm-playground-service'
+on:
+  pull_request:
+  merge_group:
+  push:
+    branches: [main]
+
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+jobs:
+  docker_build_and_push:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_BUILDKIT: "1"
+    permissions:
+      id-token: write   # This is required for requesting the JWT
+      contents: read    # This is required for actions/checkout
+    steps:
+      - name: Git Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.GIT_SHA }}
+          lfs: true
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ECR__WRITE_ONLY_ACCESS_KEY_ID__RAW }}
+          aws-secret-access-key: ${{ secrets.AWS_ECR__WRITE_ONLY_SECRET_ACCESS_KEY__RAW }}
+          aws-region: us-east-1
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+        with:
+          mask-password: 'true'
+      - name: Docker build
+        run: make docker-build
+      - name: Docker tag
+        run: make docker-tag
+      - name: Docker push
+        run: make docker-push
+      - name: Docker tag and push latest
+        if: github.ref == 'refs/heads/main'
+        run: make docker-tag-latest

.github/workflows/deploy-to-dev-eks.yml

@@ -0,0 +1,45 @@
+name: Deploy to Dev EKS
+
+on:
+  workflow_dispatch:
+    inputs:
+      image_tag:
+        description: "The docker image tag to deploy"
+        required: true
+        type: string
+
+concurrency: llm-playground-service-eks-dev
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: dev
+    if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Image Tag
+        id: image
+        run: |
+          INPUT_IMAGE_TAG="${{ github.event.inputs.image_tag }}"
+
+          if [ -z "${INPUT_IMAGE_TAG}" ];
+          then
+            IMAGE_TAG=${GITHUB_SHA:0:7}
+          else
+            IMAGE_TAG=${INPUT_IMAGE_TAG}
+          fi
+
+          echo "tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
+          echo "Image Tag: ${IMAGE_TAG}" >> $GITHUB_STEP_SUMMARY
+
+      - name: Deploy to Dev EKS
+        uses: hinge-health/infra-deploy-helm/to-eks-dev@v1
+        with:
+          github_token: ${{ secrets.HH_SRE_ROBOT_GITHUB_TOKEN }}
+          image_tag: ${{ steps.image.outputs.tag }}

.github/workflows/deploy-to-stage-eks.yml

@@ -0,0 +1,45 @@
+name: Deploy to Stage EKS
+
+on:
+  workflow_dispatch:
+    inputs:
+      image_tag:
+        description: "The docker image tag to deploy"
+        required: true
+        type: string
+
+concurrency: llm-playground-service-eks-stage
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment: stage
+    if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Image Tag
+        id: image
+        run: |
+          INPUT_IMAGE_TAG="${{ github.event.inputs.image_tag }}"
+
+          if [ -z "${INPUT_IMAGE_TAG}" ];
+          then
+            IMAGE_TAG=${GITHUB_SHA:0:7}
+          else
+            IMAGE_TAG=${INPUT_IMAGE_TAG}
+          fi
+
+          echo "tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
+          echo "Image Tag: ${IMAGE_TAG}" >> $GITHUB_STEP_SUMMARY
+
+      - name: Deploy to Stage EKS
+        uses: hinge-health/infra-deploy-helm/to-eks-stage@v1
+        with:
+          github_token: ${{ secrets.HH_SRE_ROBOT_GITHUB_TOKEN }}
+          image_tag: ${{ steps.image.outputs.tag }}

.github/workflows/docker-image.yml

@@ -1,69 +1,69 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
+# # This workflow uses actions that are not certified by GitHub.
+# # They are provided by a third-party and are governed by
+# # separate terms of service, privacy policy, and support
+# # documentation.
 
-# GitHub recommends pinning actions to a commit SHA.
-# To get a newer version, you will need to update the SHA.
-# You can also reference a tag or branch, but the action may change without warning.
+# # GitHub recommends pinning actions to a commit SHA.
+# # To get a newer version, you will need to update the SHA.
+# # You can also reference a tag or branch, but the action may change without warning.
 
-name: Create and publish Docker images
+# name: Create and publish Docker images
 
-on:
-  push:
-    branches:
-      - main
-      #- main-stable  # Disabled as the v* tag is used for stable releases
-    tags:
-      - 'v*'  # Trigger on version tags (e.g., v1.7.0)
+# on:
+#   push:
+#     branches:
+#       - main
+#       #- main-stable  # Disabled as the v* tag is used for stable releases
+#     tags:
+#       - 'v*'  # Trigger on version tags (e.g., v1.7.0)
 
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
+# env:
+#   REGISTRY: ghcr.io
+#   IMAGE_NAME: ${{ github.repository }}
 
-jobs:
-  build-and-push-image:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
+# jobs:
+#   build-and-push-image:
+#     runs-on: ubuntu-latest
+#     permissions:
+#       contents: read
+#       packages: write
 
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
+#     steps:
+#       - name: Checkout repository
+#         uses: actions/checkout@v4
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+#       - name: Set up QEMU
+#         uses: docker/setup-qemu-action@v3
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+#       - name: Set up Docker Buildx
+#         uses: docker/setup-buildx-action@v3
 
-      - name: Log in to the Container registry
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+#       - name: Log in to the Container registry
+#         uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+#         with:
+#           registry: ${{ env.REGISTRY }}
+#           username: ${{ github.actor }}
+#           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          tags: |
-            type=raw,value=development,enable=${{ github.ref == 'refs/heads/main' }}
-            type=raw,value=stable,enable=${{ github.ref == 'refs/heads/main-stable' }}
-            type=ref,event=tag  # Use the tag name as a tag for tag builds
-            type=semver,pattern={{version}}  # Generate semantic versioning tags for tag builds
-            type=sha # Just in case none of the above applies
+#       - name: Extract metadata (tags, labels) for Docker
+#         id: meta
+#         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+#         with:
+#           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+#           tags: |
+#             type=raw,value=development,enable=${{ github.ref == 'refs/heads/main' }}
+#             type=raw,value=stable,enable=${{ github.ref == 'refs/heads/main-stable' }}
+#             type=ref,event=tag  # Use the tag name as a tag for tag builds
+#             type=semver,pattern={{version}}  # Generate semantic versioning tags for tag builds
+#             type=sha # Just in case none of the above applies
 
-      - name: Build and push Docker image
-        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
-        with:
-          context: .
-          file: Dockerfile
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          build-args: NEXT_PUBLIC_GA4_MEASUREMENT_ID=${{ secrets.GA4_MEASUREMENT_ID }}
+#       - name: Build and push Docker image
+#         uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+#         with:
+#           context: .
+#           file: Dockerfile
+#           platforms: linux/amd64,linux/arm64
+#           push: true
+#           tags: ${{ steps.meta.outputs.tags }}
+#           labels: ${{ steps.meta.outputs.labels }}
+#           build-args: NEXT_PUBLIC_GA4_MEASUREMENT_ID=${{ secrets.GA4_MEASUREMENT_ID }}

Makefile

@@ -0,0 +1,58 @@
+SERVICE_NAME := llm-playground-service
+ENVIRONMENT := ${ENVIRONMENT}
+SENTRY_ORG := hingehealth
+AWS_DEFAULT_REGION := us-east-1
+ECR_REGISTRY := 711154312405.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/${SERVICE_NAME}
+GIT_SHA := $$(git rev-parse --short HEAD)
+CURRENT_TIME := $$(date -u +"%Y-%m-%dT%H:%M:%S")
+
+# Login to AWS registry (must have docker running)
+ecr-login:
+	aws ecr get-login-password --region ${AWS_DEFAULT_REGION} | docker login -u AWS --password-stdin ${ECR_REGISTRY}
+
+# Build docker target, use
+docker-build:
+	sh ci/read_version.sh > version.json
+	docker build -f Dockerfile --no-cache -t ${SERVICE_NAME} .
+
+# Push to registry
+docker-push:
+	docker push $(ECR_REGISTRY):${GIT_SHA}
+
+# Tag docker image
+docker-tag:
+	aws ecr batch-delete-image --region ${AWS_DEFAULT_REGION}  --repository-name ${SERVICE_NAME} --image-ids imageTag=${GIT_SHA}; \
+	docker tag ${SERVICE_NAME} $(ECR_REGISTRY):${GIT_SHA}
+
+# Remove current latest image from container registry, then update with newest (to run after master merge)
+docker-tag-latest:
+	aws ecr batch-delete-image --region ${AWS_DEFAULT_REGION}  --repository-name ${SERVICE_NAME} --image-ids imageTag=latest; \
+	docker tag ${SERVICE_NAME} $(ECR_REGISTRY):latest; \
+	docker push $(ECR_REGISTRY):latest;
+
+
+
+# Rebuild images and remove orphaned containers
+restart:
+	docker-compose up -d --build --remove-orphans
+
+# Start the service through Docker
+start:
+	docker-compose up -d
+
+# Stop the service
+stop:
+	docker-compose down
+
+# Stop container, remove all images, containers, volumes
+clean:
+	docker-compose down -v --remove-orphans
+
+# Tail logs
+logs:
+	docker-compose logs -f main
+
+
+## source the virtual environment
+source-venv:
+	source ./venv/bin/activate

deploy/values-common.yml

@@ -0,0 +1,29 @@
+global:
+  image:
+    name: "llm-playground-service"
+
+app:
+  livenessProbes:
+    httpGet:
+      path: /healthz
+      port: 3000
+    initialDelaySeconds: 5
+    periodSeconds: 5
+    failureThreshold: 3
+    timeoutSeconds: 2
+  readinessProbes:
+    httpGet:
+      path: /healthz
+      port: 3000
+    initialDelaySeconds: 8
+    periodSeconds: 5
+    failureThreshold: 3
+    timeoutSeconds: 2
+  ports:
+    - containerPort: 3000
+      name: http
+      protocol: TCP
+  service:
+    port: 3000
+    targetPort: http
+