Feature/prod release pipeline

.github/workflows/ci-cd.yaml → .github/workflows/dev-ci-cd.yaml

@@ -1,5 +1,5 @@
-name: Deploy A2rchi
-run-name: ${{ github.actor }} deploys A2rchi
+name: Deploy A2rchi Dev
+run-name: ${{ github.actor }} deploys A2rchi to dev
 on: [push]
 jobs:
   deploy-dev-system:
@@ -72,17 +72,17 @@ jobs:
       # stop any existing docker compose that's running
       - name: Stop Docker Compose
         run: |
-          ssh submit-a2rchi 'bash -s' < ${{ github.workspace }}/deploy/dev-stop.sh
+          ssh submit-dev 'bash -s' < ${{ github.workspace }}/deploy/stop.sh
 
       # copy repository to machine
       - name: Copy Repository
         run: |
-          rsync -e ssh -r ${{ github.workspace}} --exclude .git/ --delete submit-a2rchi:~/
+          rsync -e ssh -r ${{ github.workspace}} --exclude .git/ --delete submit-dev:~/
 
       # run deploy script
       - name: Run Deploy Script
         run: |
-          ssh submit-a2rchi 'bash -s' < ${{ github.workspace }}/deploy/dev-install.sh
+          ssh submit-dev 'bash -s' < ${{ github.workspace }}/deploy/install.sh
 
       # clean up secret files
       - name: Remove Secrets from Runner

.github/workflows/prod-ci-cd.yaml

@@ -0,0 +1,101 @@
+name: Deploy A2rchi Prod
+run-name: ${{ github.actor }} deploys A2rchi to prod
+on:
+  push:
+    branches:
+      - release
+jobs:
+  deploy-prod-system:
+    runs-on: ubuntu-latest
+    env:
+      SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+    steps:
+      # boilerplate message and pull repository to CI runner
+      - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
+      - uses: actions/checkout@v3
+      - run: echo "The ${{ github.repository }} repository has been cloned to the runner."
+
+      # setup SSH 
+      - name: Setup SSH
+        run: |
+          mkdir -p /home/runner/.ssh/
+          echo "${{ secrets.SSH_PRIVATE_KEY_MDRUSSO }}" > /home/runner/.ssh/id_rsa_submit
+          chmod 600 /home/runner/.ssh/id_rsa_submit
+          echo "${{ secrets.SSH_SUBMIT_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
+          cp ${{ github.workspace}}/deploy/ssh_config /home/runner/.ssh/config
+          ssh-agent -a $SSH_AUTH_SOCK > /dev/null
+          ssh-add /home/runner/.ssh/id_rsa_submit
+
+      # create secrets files for docker-compose
+      - name: Create Secrets Files
+        run: |
+          touch ${{ github.workspace }}/deploy/imap_user.txt
+          echo "${{ secrets.PROD_IMAP_USER }}" >> ${{ github.workspace }}/deploy/imap_user.txt
+          chmod 400 ${{ github.workspace }}/deploy/imap_user.txt
+          touch ${{ github.workspace }}/deploy/imap_pw.txt
+          echo "${{ secrets.PROD_IMAP_PW }}" >> ${{ github.workspace }}/deploy/imap_pw.txt
+          chmod 400 ${{ github.workspace }}/deploy/imap_pw.txt
+          touch ${{ github.workspace }}/deploy/cleo_url.txt
+          echo "${{ secrets.PROD_CLEO_URL }}" >> ${{ github.workspace }}/deploy/cleo_url.txt
+          chmod 400 ${{ github.workspace }}/deploy/cleo_url.txt
+          touch ${{ github.workspace }}/deploy/cleo_user.txt
+          echo "${{ secrets.PROD_CLEO_USER }}" >> ${{ github.workspace }}/deploy/cleo_user.txt
+          chmod 400 ${{ github.workspace }}/deploy/cleo_user.txt
+          touch ${{ github.workspace }}/deploy/cleo_pw.txt
+          echo "${{ secrets.PROD_CLEO_PW }}" >> ${{ github.workspace }}/deploy/cleo_pw.txt
+          chmod 400 ${{ github.workspace }}/deploy/cleo_pw.txt
+          touch ${{ github.workspace }}/deploy/cleo_project.txt
+          echo "${{ secrets.PROD_CLEO_PROJECT }}" >> ${{ github.workspace }}/deploy/cleo_project.txt
+          chmod 400 ${{ github.workspace }}/deploy/cleo_project.txt
+          touch ${{ github.workspace }}/deploy/sender_server.txt
+          echo "${{ secrets.PROD_SENDER_SERVER }}" >> ${{ github.workspace }}/deploy/sender_server.txt
+          chmod 400 ${{ github.workspace }}/deploy/sender_server.txt
+          touch ${{ github.workspace }}/deploy/sender_port.txt
+          echo "${{ secrets.PROD_SENDER_PORT }}" >> ${{ github.workspace }}/deploy/sender_port.txt
+          chmod 400 ${{ github.workspace }}/deploy/sender_port.txt
+          touch ${{ github.workspace }}/deploy/sender_replyto.txt
+          echo "${{ secrets.PROD_SENDER_REPLYTO }}" >> ${{ github.workspace }}/deploy/sender_replyto.txt
+          chmod 400 ${{ github.workspace }}/deploy/sender_replyto.txt
+          touch ${{ github.workspace }}/deploy/sender_user.txt
+          echo "${{ secrets.PROD_SENDER_USER }}" >> ${{ github.workspace }}/deploy/sender_user.txt
+          chmod 400 ${{ github.workspace }}/deploy/sender_user.txt
+          touch ${{ github.workspace }}/deploy/sender_pw.txt
+          echo "${{ secrets.PROD_SENDER_PW }}" >> ${{ github.workspace }}/deploy/sender_pw.txt
+          chmod 400 ${{ github.workspace }}/deploy/sender_pw.txt
+          touch ${{ github.workspace }}/deploy/flask_uploader_app_secret_key.txt
+          echo "${{ secrets.PROD_FLASK_UPLOADER_APP_SECRET_KEY }}" >> ${{ github.workspace }}/deploy/flask_uploader_app_secret_key.txt
+          chmod 400 ${{ github.workspace }}/deploy/flask_uploader_app_secret_key.txt
+          touch ${{ github.workspace }}/deploy/uploader_salt.txt
+          echo "${{ secrets.PROD_UPLOADER_SALT }}" >> ${{ github.workspace }}/deploy/uploader_salt.txt
+          chmod 400 ${{ github.workspace }}/deploy/uploader_salt.txt
+          touch ${{ github.workspace }}/deploy/openai_api_key.txt
+          echo "${{ secrets.OPENAI_API_KEY }}" >> ${{ github.workspace }}/deploy/openai_api_key.txt
+          chmod 400 ${{ github.workspace }}/deploy/openai_api_key.txt
+
+      # stop any existing docker compose that's running
+      - name: Stop Docker Compose
+        run: |
+          ssh submit-prod 'bash -s' < ${{ github.workspace }}/deploy/stop.sh
+
+      # copy repository to machine
+      - name: Copy Repository
+        run: |
+          rsync -e ssh -r ${{ github.workspace}} --exclude .git/ --delete submit-prod:~/
+
+      # run deploy script
+      - name: Run Deploy Script
+        run: |
+          ssh submit-prod 'bash -s' < ${{ github.workspace }}/deploy/install.sh
+
+      # clean up secret files
+      - name: Remove Secrets from Runner
+        run: |
+          rm ${{ github.workspace }}/deploy/cleo_*.txt
+          rm ${{ github.workspace }}/deploy/imap_*.txt
+          rm ${{ github.workspace }}/deploy/sender_*.txt
+          rm ${{ github.workspace }}/deploy/flask_uploader_app_secret_key.txt
+          rm ${{ github.workspace }}/deploy/uploader_salt.txt
+          rm ${{ github.workspace }}/deploy/openai_api_key.txt
+
+      # print job status
+      - run: echo "🍏 This job's status is ${{ job.status }}."

deploy/compose.yaml

@@ -29,7 +29,7 @@ services:
       - openai_api_key
     volumes:
       - a2rchi-data:/root/data/
-    restart: on-failure
+    restart: always
 
   chat:
     build:
@@ -45,7 +45,7 @@ services:
       - a2rchi-data:/root/data/
     ports:
       - 7861:7860  # host:container
-    restart: on-failure
+    restart: always
 
   mailbox:
     build:
@@ -79,7 +79,7 @@ services:
       - sender_user
       - sender_pw
       - openai_api_key
-    restart: on-failure
+    restart: always
 
   data-manager:
     build:
@@ -97,7 +97,7 @@ services:
       - openai_api_key
     volumes:
       - a2rchi-data:/root/data/
-    restart: on-failure
+    restart: always
 
   chromadb:
     image: ghcr.io/chroma-core/chroma:latest
@@ -106,6 +106,7 @@ services:
       - 8002:8002  # host:container
     volumes:
       - a2rchi-data:/chroma/chroma/
+    restart: always
 
   # create-account:
   #   build:
@@ -117,7 +118,7 @@ services:
   #     - uploader_salt
   #   volumes:
   #     - a2rchi-data:/root/data/
-  #   restart: on-failure
+  #   restart: always
 
 
 volumes:

deploy/ssh_config

@@ -1,15 +1,15 @@
-Host submit-a2rchi
-  HostName submit05.mit.edu
+Host submit-prod
+  HostName submit06.mit.edu
   User a2rchi
   IdentitiesOnly=yes
   PreferredAuthentications publickey
   PasswordAuthentication no
   IdentityFile ~/.ssh/id_rsa_submit
   StrictHostKeyChecking no
 
-Host submit-gpu
+Host submit-dev
   HostName t3desk019.mit.edu
-  User mdrusso
+  User a2rchi
   IdentitiesOnly=yes
   PreferredAuthentications publickey
   PasswordAuthentication no