diff --git a/.github/workflows/ci-cd.yaml b/.github/workflows/dev-ci-cd.yaml similarity index 95% rename from .github/workflows/ci-cd.yaml rename to .github/workflows/dev-ci-cd.yaml index c225345..e560936 100644 --- a/.github/workflows/ci-cd.yaml +++ b/.github/workflows/dev-ci-cd.yaml @@ -1,5 +1,5 @@ -name: Deploy A2rchi -run-name: ${{ github.actor }} deploys A2rchi +name: Deploy A2rchi Dev +run-name: ${{ github.actor }} deploys A2rchi to dev on: [push] jobs: deploy-dev-system: @@ -72,17 +72,17 @@ jobs: # stop any existing docker compose that's running - name: Stop Docker Compose run: | - ssh submit-a2rchi 'bash -s' < ${{ github.workspace }}/deploy/dev-stop.sh + ssh submit-dev 'bash -s' < ${{ github.workspace }}/deploy/stop.sh # copy repository to machine - name: Copy Repository run: | - rsync -e ssh -r ${{ github.workspace}} --exclude .git/ --delete submit-a2rchi:~/ + rsync -e ssh -r ${{ github.workspace}} --exclude .git/ --delete submit-dev:~/ # run deploy script - name: Run Deploy Script run: | - ssh submit-a2rchi 'bash -s' < ${{ github.workspace }}/deploy/dev-install.sh + ssh submit-dev 'bash -s' < ${{ github.workspace }}/deploy/install.sh # clean up secret files - name: Remove Secrets from Runner diff --git a/.github/workflows/prod-ci-cd.yaml b/.github/workflows/prod-ci-cd.yaml new file mode 100644 index 0000000..9e441d6 --- /dev/null +++ b/.github/workflows/prod-ci-cd.yaml @@ -0,0 +1,101 @@ +name: Deploy A2rchi Prod +run-name: ${{ github.actor }} deploys A2rchi to prod +on: + push: + branches: + - release +jobs: + deploy-prod-system: + runs-on: ubuntu-latest + env: + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + steps: + # boilerplate message and pull repository to CI runner + - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." + - uses: actions/checkout@v3 + - run: echo "The ${{ github.repository }} repository has been cloned to the runner." + + # setup SSH + - name: Setup SSH + run: | + mkdir -p /home/runner/.ssh/ + echo "${{ secrets.SSH_PRIVATE_KEY_MDRUSSO }}" > /home/runner/.ssh/id_rsa_submit + chmod 600 /home/runner/.ssh/id_rsa_submit + echo "${{ secrets.SSH_SUBMIT_KNOWN_HOSTS }}" > ~/.ssh/known_hosts + cp ${{ github.workspace}}/deploy/ssh_config /home/runner/.ssh/config + ssh-agent -a $SSH_AUTH_SOCK > /dev/null + ssh-add /home/runner/.ssh/id_rsa_submit + + # create secrets files for docker-compose + - name: Create Secrets Files + run: | + touch ${{ github.workspace }}/deploy/imap_user.txt + echo "${{ secrets.PROD_IMAP_USER }}" >> ${{ github.workspace }}/deploy/imap_user.txt + chmod 400 ${{ github.workspace }}/deploy/imap_user.txt + touch ${{ github.workspace }}/deploy/imap_pw.txt + echo "${{ secrets.PROD_IMAP_PW }}" >> ${{ github.workspace }}/deploy/imap_pw.txt + chmod 400 ${{ github.workspace }}/deploy/imap_pw.txt + touch ${{ github.workspace }}/deploy/cleo_url.txt + echo "${{ secrets.PROD_CLEO_URL }}" >> ${{ github.workspace }}/deploy/cleo_url.txt + chmod 400 ${{ github.workspace }}/deploy/cleo_url.txt + touch ${{ github.workspace }}/deploy/cleo_user.txt + echo "${{ secrets.PROD_CLEO_USER }}" >> ${{ github.workspace }}/deploy/cleo_user.txt + chmod 400 ${{ github.workspace }}/deploy/cleo_user.txt + touch ${{ github.workspace }}/deploy/cleo_pw.txt + echo "${{ secrets.PROD_CLEO_PW }}" >> ${{ github.workspace }}/deploy/cleo_pw.txt + chmod 400 ${{ github.workspace }}/deploy/cleo_pw.txt + touch ${{ github.workspace }}/deploy/cleo_project.txt + echo "${{ secrets.PROD_CLEO_PROJECT }}" >> ${{ github.workspace }}/deploy/cleo_project.txt + chmod 400 ${{ github.workspace }}/deploy/cleo_project.txt + touch ${{ github.workspace }}/deploy/sender_server.txt + echo "${{ secrets.PROD_SENDER_SERVER }}" >> ${{ github.workspace }}/deploy/sender_server.txt + chmod 400 ${{ github.workspace }}/deploy/sender_server.txt + touch ${{ github.workspace }}/deploy/sender_port.txt + echo "${{ secrets.PROD_SENDER_PORT }}" >> ${{ github.workspace }}/deploy/sender_port.txt + chmod 400 ${{ github.workspace }}/deploy/sender_port.txt + touch ${{ github.workspace }}/deploy/sender_replyto.txt + echo "${{ secrets.PROD_SENDER_REPLYTO }}" >> ${{ github.workspace }}/deploy/sender_replyto.txt + chmod 400 ${{ github.workspace }}/deploy/sender_replyto.txt + touch ${{ github.workspace }}/deploy/sender_user.txt + echo "${{ secrets.PROD_SENDER_USER }}" >> ${{ github.workspace }}/deploy/sender_user.txt + chmod 400 ${{ github.workspace }}/deploy/sender_user.txt + touch ${{ github.workspace }}/deploy/sender_pw.txt + echo "${{ secrets.PROD_SENDER_PW }}" >> ${{ github.workspace }}/deploy/sender_pw.txt + chmod 400 ${{ github.workspace }}/deploy/sender_pw.txt + touch ${{ github.workspace }}/deploy/flask_uploader_app_secret_key.txt + echo "${{ secrets.PROD_FLASK_UPLOADER_APP_SECRET_KEY }}" >> ${{ github.workspace }}/deploy/flask_uploader_app_secret_key.txt + chmod 400 ${{ github.workspace }}/deploy/flask_uploader_app_secret_key.txt + touch ${{ github.workspace }}/deploy/uploader_salt.txt + echo "${{ secrets.PROD_UPLOADER_SALT }}" >> ${{ github.workspace }}/deploy/uploader_salt.txt + chmod 400 ${{ github.workspace }}/deploy/uploader_salt.txt + touch ${{ github.workspace }}/deploy/openai_api_key.txt + echo "${{ secrets.OPENAI_API_KEY }}" >> ${{ github.workspace }}/deploy/openai_api_key.txt + chmod 400 ${{ github.workspace }}/deploy/openai_api_key.txt + + # stop any existing docker compose that's running + - name: Stop Docker Compose + run: | + ssh submit-prod 'bash -s' < ${{ github.workspace }}/deploy/stop.sh + + # copy repository to machine + - name: Copy Repository + run: | + rsync -e ssh -r ${{ github.workspace}} --exclude .git/ --delete submit-prod:~/ + + # run deploy script + - name: Run Deploy Script + run: | + ssh submit-prod 'bash -s' < ${{ github.workspace }}/deploy/install.sh + + # clean up secret files + - name: Remove Secrets from Runner + run: | + rm ${{ github.workspace }}/deploy/cleo_*.txt + rm ${{ github.workspace }}/deploy/imap_*.txt + rm ${{ github.workspace }}/deploy/sender_*.txt + rm ${{ github.workspace }}/deploy/flask_uploader_app_secret_key.txt + rm ${{ github.workspace }}/deploy/uploader_salt.txt + rm ${{ github.workspace }}/deploy/openai_api_key.txt + + # print job status + - run: echo "🍏 This job's status is ${{ job.status }}." diff --git a/deploy/compose.yaml b/deploy/compose.yaml index 072283a..a8a6a3e 100644 --- a/deploy/compose.yaml +++ b/deploy/compose.yaml @@ -29,7 +29,7 @@ services: - openai_api_key volumes: - a2rchi-data:/root/data/ - restart: on-failure + restart: always chat: build: @@ -45,7 +45,7 @@ services: - a2rchi-data:/root/data/ ports: - 7861:7860 # host:container - restart: on-failure + restart: always mailbox: build: @@ -79,7 +79,7 @@ services: - sender_user - sender_pw - openai_api_key - restart: on-failure + restart: always data-manager: build: @@ -97,7 +97,7 @@ services: - openai_api_key volumes: - a2rchi-data:/root/data/ - restart: on-failure + restart: always chromadb: image: ghcr.io/chroma-core/chroma:latest @@ -106,6 +106,7 @@ services: - 8002:8002 # host:container volumes: - a2rchi-data:/chroma/chroma/ + restart: always # create-account: # build: @@ -117,7 +118,7 @@ services: # - uploader_salt # volumes: # - a2rchi-data:/root/data/ - # restart: on-failure + # restart: always volumes: diff --git a/deploy/dev-install.sh b/deploy/install.sh similarity index 100% rename from deploy/dev-install.sh rename to deploy/install.sh diff --git a/deploy/ssh_config b/deploy/ssh_config index a150f1e..3800ad1 100644 --- a/deploy/ssh_config +++ b/deploy/ssh_config @@ -1,5 +1,5 @@ -Host submit-a2rchi - HostName submit05.mit.edu +Host submit-prod + HostName submit06.mit.edu User a2rchi IdentitiesOnly=yes PreferredAuthentications publickey @@ -7,9 +7,9 @@ Host submit-a2rchi IdentityFile ~/.ssh/id_rsa_submit StrictHostKeyChecking no -Host submit-gpu +Host submit-dev HostName t3desk019.mit.edu - User mdrusso + User a2rchi IdentitiesOnly=yes PreferredAuthentications publickey PasswordAuthentication no diff --git a/deploy/dev-stop.sh b/deploy/stop.sh similarity index 100% rename from deploy/dev-stop.sh rename to deploy/stop.sh