ci: Initial ci run

Terre8055 · Oct 20, 2024 · ff7cdda · ff7cdda
1 parent f7c1efe
commit ff7cdda
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 33 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -1,8 +1,8 @@
-name: Deploy LLM CI/CD
+name: Deploy SUSDB CI/CD
 
 on:
   push:
-    branches: [ server ]
+    branches: [ main ]
   workflow_dispatch:
     inputs:
       version_increment:
@@ -15,9 +15,11 @@ permissions:
   packages: write
 
 env:
-  SECRETS_NAME: poc/elcam/llm
-  ECR_REPO: elcam-llm-api
-  PROJECT_ID: elcam-llm
+  SECRETS_NAME: susdb
+  ECR_REPO: susdb
+  ECR_REGISTRY: 590183661216.dkr.ecr.us-east-1.amazonaws.com
+  PROJECT_ID: susdb
+  S3_BUCKET: susdb
 
 jobs:
   build-push-and-tag:
@@ -85,13 +87,13 @@ jobs:
       run: |
         echo "Retrieving secrets from AWS Secrets Manager..."
         SECRETS=$(aws secretsmanager get-secret-value --secret-id ${{ env.SECRETS_NAME }} --query SecretString --output text)
-        echo "$SECRETS" | jq -r 'to_entries | map("\(.key)=\(.value)") | .[]' > .env.llm
+        echo "$SECRETS" | jq -r 'to_entries | map("\(.key)=\(.value)") | .[]' > .env
 
 
     - name: Temporarily Store .env in s3 config store
       run: |
-        echo "Upload llm env variables to s3..."
-        aws s3 cp .env.llm s3://elcam-configdonotremove
+        echo "Upload  env variables to s3..."
+        aws s3 cp .env s3://${{ env.S3_BUCKET }}-configdonotremove
 
     - name: Build, tag, and push image to Amazon ECR
       env:
@@ -107,7 +109,7 @@ jobs:
 
     - name: Clean up
       if: always()
-      run: rm -f .env.llm
+      run: rm -f .env
 
 
   deploy_to_managed_instances:
@@ -133,7 +135,7 @@ jobs:
         run: |
           # Fetch instance IDs with specific tags, e.g., Environment=prod
           instance_ids=$(aws ec2 describe-instances \
-            --filters "Name=tag:Project,Values=Elcam" "Name=instance-state-name,Values=running" \
+            --filters "Name=tag:Project,Values=Susdb" "Name=instance-state-name,Values=running" \
             --query "Reservations[].Instances[].InstanceId" \
             --output text)
           
@@ -166,13 +168,13 @@ jobs:
             cd /home/ec2-user && \
             rm -rf .env.llm && \
             echo 'Downloading docker-compose.yml from S3...' && \
-            aws s3 cp s3://elcam-configdonotremove/docker-compose.yml . && \
-            echo 'Downloading .env.llm from S3...' && \
-            aws s3 cp s3://elcam-configdonotremove/.env.llm . && \
+            aws s3 cp s3://${{ env.S3_BUCKET }}/docker-compose.yml . && \
+            echo 'Downloading .env from S3...' && \
+            aws s3 cp s3://${{ env.S3_BUCKET }}/.env . && \
             echo 'Stopping existing Docker containers...' && \
             /usr/local/bin/docker-compose -f /home/ec2-user/docker-compose.yml down && \
             echo 'Logging in to Amazon ECR...' && \
-            aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin 330858616968.dkr.ecr.eu-west-1.amazonaws.com && \
+            aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username AWS --password-stdin ${{ env.ECR_REGISTRY }} && \
             echo 'Pulling latest Docker images...' && \
             /usr/local/bin/docker-compose -f /home/ec2-user/docker-compose.yml pull && \
             echo 'Starting Docker services with Docker Compose...' && \
@@ -317,7 +319,7 @@ jobs:
         git config user.email michaelappiah2018@icloud.com
         git add VERSION
         git commit -m "Bump version to ${{ needs.build-push-and-tag.outputs.new_version }}"
-        git pull --rebase origin main
+        git pull --no-edit origin main
         git push
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/Dockerfile b/Dockerfile
@@ -1,29 +1,51 @@
-# Use an official Python runtime as a parent image
-FROM python:3.10
-
-# Set the working directory in the container
+# Stage 1: Build stage
+FROM python:3.9-slim AS builder
+
+# Set environment variables for security and non-interactive installs
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PIP_DISABLE_PIP_VERSION_CHECK=1 \
+    PIP_DEFAULT_TIMEOUT=100
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
+    gcc \
+    libpq-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set working directory
 WORKDIR /app
 
+# Copy requirements file
+COPY requirements.txt .
 
-# Copy the requirements.txt file into the container
-COPY requirements.txt /app
+# Install python dependencies in a temporary directory
+RUN pip install --prefix=/install -r requirements.txt
 
-# Install any dependencies
-RUN pip install -r requirements.txt
+# Stage 2: Production stage
+FROM python:3.9-slim
 
-# Copy the SusDB source code into the container
-COPY . /app
+# Set environment variables for security and non-interactive installs
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1
 
-# Set the PYTHONPATH environment variable
-ENV PYTHONPATH=/app/src
+# Install system dependencies for runtime only (no build tools)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libpq-dev \
+    && rm -rf /var/lib/apt/lists/*
 
-# Copy the script into the container
-COPY welcome_script.sh /usr/local/bin/welcome_script.sh
+# Copy the python dependencies from the build stage
+COPY --from=builder /install /usr/local
 
-# Make the script executable
-RUN chmod +x /usr/local/bin/welcome_script.sh
+# Set working directory
+WORKDIR /app
 
-# Run the script when the container starts
-CMD ["/usr/local/bin/welcome_script.sh"]
+# Copy project files
+COPY . .
+
+ENV PYTHONPATH=/app/src
 
+RUN chmod +x welcome_script.sh
 
+CMD ["./welcome_script.sh"]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,10 @@
+version: '3.8'
+
+services:
+  susdb:
+    image: 590183661216.dkr.ecr.us-east-1.amazonaws.com/susdb:latest
+    container_name: susdb
+    ports:
+      - 8000:8000
+    env_file:
+      - .env