test_workflow
Some checks failed
Backend ECR Deployment / build-and-push (push) Has been cancelled
Backend ECR Deployment / notify-deploy (push) Has been cancelled
Backend Modal Build / notify-deploy (push) Has been cancelled
Backend Modal Build / Build & Push via Modal (push) Has been cancelled

This commit is contained in:
DatTT127
2026-07-18 17:48:19 +07:00
parent 7d5c583475
commit 57a8bac1be
87 changed files with 36291 additions and 155 deletions

View File

@@ -0,0 +1,141 @@
# Gitea Actions Workflow: Backend ECR Deployment
# Place at: .gitea/workflows/backend-ecr.yaml (in repository root)
name: Backend ECR Deployment
on:
push:
branches:
- '**'
paths:
- 'workspace/sprint_1_2/CODEBASE/backend/**'
- 'workspace/sprint_1_2/CODEBASE/requirements.txt'
- 'workspace/sprint_1_2/CODEBASE/deps/implementation/backend_deploy/**'
workflow_dispatch: {}
permissions:
contents: read
packages: write
env:
# Build-time / workflow context
BACKEND_DIR: workspace/sprint_1_2/CODEBASE/backend
ECR_REGISTRY: public.ecr.aws
ECR_REPOSITORY: ${{ vars.ECR_PUBLIC_REGISTRY_ALIAS }}/msk-cv-inference-server
DOCKERFILE_PATH: deps/implementation/backend_deploy/Dockerfile
# CV inference server runtime configuration
# These are Gitea repository variables (or secrets) that are forwarded
# to the container at deploy time. The Docker image itself does NOT bake
# them in — the FastAPI app reads them from the environment via pydantic-settings.
TRITON_ENDPOINT: ${{ vars.TRITON_ENDPOINT }}
CV_INFERENCE_HOST: ${{ vars.CV_INFERENCE_HOST }}
CV_INFERENCE_PORT: ${{ vars.CV_INFERENCE_PORT }}
BASE_URL: ${{ vars.BASE_URL }}
CORS_ORIGINS: ${{ vars.CORS_ORIGINS }}
jobs:
build-and-push:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Lint backend code
run: |
python -m py_compile backend/cv_inference_server.py
find backend -name '*.py' -exec python -m py_compile {} +
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR Public
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
mask-password: 'true'
- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v5
with:
# Full ECR Public image reference: public.ecr.aws/{alias}/{repo}
images: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}
tags: |
type=ref,event=branch
type=sha,prefix=
type=raw,value=latest,enable={{is_default_branch}}
labels: |
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.title=VKIST CV Inference Server
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: ./${{ env.BACKEND_DIR }}
file: ./${{ env.DOCKERFILE_PATH }}
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Print image URI and digest
run: |
echo "Pushed ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ steps.meta.outputs.version }}"
echo "Digest: ${{ steps.meta.outputs.tags }}"
# trigger-triton:
# needs: build-and-push
# if: success() && github.event_name == 'push'
# runs-on: ubuntu-latest
# steps:
# - name: Trigger Modal Triton deployment
# uses: gitea/gitea-actions-workflow-trigger@v1
# with:
# repository: ${{ github.repository }}
# workflow: trigger_modal_triton.yaml
# ref: ${{ github.ref }}
# inputs: '{}'
notify-deploy:
needs: build-and-push
if: success() && github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- name: Trigger deployment webhook
if: env.DEPLOY_WEBHOOK_URL != ''
env:
DEPLOY_WEBHOOK_URL: ${{ secrets.DEPLOY_WEBHOOK_URL }}
WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
run: |
cat <<EOF | curl -X POST "${DEPLOY_WEBHOOK_URL}" \
-H "Content-Type: application/json" \
-H "X-Gitea-Signature: sha256=$(echo -n '@-' | openssl dgst -sha256 -hmac "${WEBHOOK_SECRET}" | cut -d' ' -f2)" \
-d @-
{
"service": "cv-inference-server",
"image": "${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ steps.meta.outputs.version }}",
"env": {
"TRITON_ENDPOINT": "${{ vars.TRITON_ENDPOINT }}",
"CV_INFERENCE_HOST": "${{ vars.CV_INFERENCE_HOST }}",
"CV_INFERENCE_PORT": "${{ vars.CV_INFERENCE_PORT }}",
"BASE_URL": "${{ vars.BASE_URL }}",
"CORS_ORIGINS": "${{ vars.CORS_ORIGINS }}",
"ECR_PUBLIC_REGISTRY_ALIAS": "${{ vars.ECR_PUBLIC_REGISTRY_ALIAS }}"
}
}
EOF

View File

@@ -0,0 +1,156 @@
# Gitea Actions Workflow: Backend Build via Modal (Serverless)
# Place at: .gitea/workflows/backend-modal.yaml
#
# This workflow offloads the heavy Docker build to Modal's serverless infrastructure,
# avoiding resource constraints on the 2GB RAM Lightsail VM runner.
#
# Required Gitea Repository Secrets:
# MODAL_TOKEN - Modal API token (from modal.com/settings)
# AWS_ACCESS_KEY_ID - For ECR push
# AWS_SECRET_ACCESS_KEY
# AWS_REGION - e.g., us-east-1
#
# Required Gitea Repository Variables:
# ECR_PUBLIC_REGISTRY_ALIAS - Your public.ecr.aws alias (e.g., vkist-project)
# TRITON_ENDPOINT - Modal Triton endpoint for CV inference
# CV_INFERENCE_HOST - Bind host (default: 0.0.0.0)
# CV_INFERENCE_PORT - Bind port (default: 8001)
# BASE_URL - External base URL for routing
name: Backend Modal Build
on:
push:
branches:
- '**'
paths:
- 'workspace/sprint_1_2/CODEBASE/backend/**'
- 'workspace/sprint_1_2/CODEBASE/requirements.txt'
- 'workspace/sprint_1_2/CODEBASE/deps/implementation/backend_deploy/**'
workflow_dispatch:
inputs:
tag:
description: 'Image tag (default: git SHA)'
required: false
type: string
platform:
description: 'Target platform'
required: false
type: string
default: 'linux/amd64'
permissions:
contents: read
packages: write
env:
BACKEND_DIR: workspace/sprint_1_2/CODEBASE/backend
ECR_REGISTRY: public.ecr.aws
ECR_REPOSITORY: ${{ vars.ECR_PUBLIC_REGISTRY_ALIAS }}/msk-cv-inference-server
DOCKERFILE_PATH: deps/implementation/backend_deploy/Dockerfile
MODAL_SCRIPT: workspace/sprint_1_2/CODEBASE/deps/implementation/backend_deploy/gitea_modal_build.py
# Runtime config (forwarded to container via deployment)
TRITON_ENDPOINT: ${{ vars.TRITON_ENDPOINT }}
CV_INFERENCE_HOST: ${{ vars.CV_INFERENCE_HOST }}
CV_INFERENCE_PORT: ${{ vars.CV_INFERENCE_PORT }}
BASE_URL: ${{ vars.BASE_URL }}
CORS_ORIGINS: ${{ vars.CORS_ORIGINS }}
ECR_PUBLIC_REGISTRY_ALIAS: ${{ vars.ECR_PUBLIC_REGISTRY_ALIAS }}
jobs:
build-via-modal:
name: Build & Push via Modal
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install Modal CLI
run: pip install modal
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION || 'us-east-1' }}
- name: Login to Amazon ECR Public
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
mask-password: 'true'
- name: Determine image tag
id: tag
run: |
if [ -n "${{ github.event.inputs.tag }}" ]; then
echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT
elif [ "${{ github.ref_type }}" = "tag" ]; then
echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
else
echo "tag=${{ github.sha }}" >> $GITHUB_OUTPUT
fi
echo "tag=latest" >> $GITHUB_OUTPUT
- name: Build and push via Modal
id: modal-build
env:
MODAL_TOKEN: ${{ secrets.MODAL_TOKEN }}
run: |
modal run ${{ env.MODAL_SCRIPT }} \
--registry ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }} \
--image-name "" \
--tag ${{ steps.tag.outputs.tag }} \
--platform linux/amd64 \
--push
- name: Print image URI
run: |
echo "Successfully pushed: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ steps.tag.outputs.tag }}"
echo "image=${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ steps.tag.outputs.tag }}" >> $GITHUB_OUTPUT
# Optional: Trigger dependent deployments
# trigger-triton:
# needs: build-via-modal
# if: success() && github.event_name == 'push'
# uses: ./.gitea/workflows/trigger_modal_triton.yaml
# secrets: inherit
notify-deploy:
needs: build-via-modal
if: success() && github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- name: Trigger deployment webhook
if: env.DEPLOY_WEBHOOK_URL != ''
env:
DEPLOY_WEBHOOK_URL: ${{ secrets.DEPLOY_WEBHOOK_URL }}
WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
run: |
cat <<EOF | curl -X POST "${DEPLOY_WEBHOOK_URL}" \
-H "Content-Type: application/json" \
-H "X-Gitea-Signature: sha256=$(echo -n '@-' | openssl dgst -sha256 -hmac "${WEBHOOK_SECRET}" | cut -d' ' -f2)" \
-d @-
{
"service": "cv-inference-server",
"image": "${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ steps.tag.outputs.tag }}",
"env": {
"TRITON_ENDPOINT": "${{ vars.TRITON_ENDPOINT }}",
"CV_INFERENCE_HOST": "${{ vars.CV_INFERENCE_HOST }}",
"CV_INFERENCE_PORT": "${{ vars.CV_INFERENCE_PORT }}",
"BASE_URL": "${{ vars.BASE_URL }}",
"CORS_ORIGINS": "${{ vars.CORS_ORIGINS }}",
"ECR_PUBLIC_REGISTRY_ALIAS": "${{ vars.ECR_PUBLIC_REGISTRY_ALIAS }}"
}
}
EOF

View File

@@ -0,0 +1,110 @@
# Gitea Actions Workflow: Frontend CI/CD to Amazon ECR Public
# Place at: .gitea/workflows/frontend.yaml (in repository root)
name: Frontend CI/CD
on:
push:
branches: [main]
paths:
- 'workspace/sprint_1_2/CODEBASE/frontend/implementation/**'
workflow_dispatch: {}
permissions:
contents: read
packages: write
env:
FRONTEND_DIR: workspace/sprint_1_2/CODEBASE/frontend/implementation
ECR_REGISTRY: public.ecr.aws
ECR_REPOSITORY: ${{ vars.ECR_PUBLIC_REGISTRY_ALIAS }}/lumina-frontend
jobs:
build-and-push:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR Public
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
mask-password: 'true'
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
cache-dependency-path: ${{ env.FRONTEND_DIR }}/package-lock.json
- name: Install dependencies
run: npm ci
working-directory: ./${{ env.FRONTEND_DIR }}
- name: Build frontend (verify)
run: npm run build
working-directory: ./${{ env.FRONTEND_DIR }}
- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}
tags: |
type=ref,event=branch
type=sha,prefix=
type=raw,value=latest,enable={{is_default_branch}}
labels: |
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.title=Lumina MSK Frontend
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: ./${{ env.FRONTEND_DIR }}
file: ./${{ env.FRONTEND_DIR }}/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Image digest
run: echo "Pushed ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ steps.meta.outputs.tags }}"
notify-deploy:
needs: build-and-push
if: success() && github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- name: Trigger Lightsail deployment webhook
if: env.DEPLOY_WEBHOOK_URL != ''
env:
DEPLOY_WEBHOOK_URL: ${{ secrets.DEPLOY_WEBHOOK_URL }}
WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
run: |
cat <<EOF | curl -X POST "${DEPLOY_WEBHOOK_URL}" \
-H "Content-Type: application/json" \
-H "X-Gitea-Signature: sha256=$(echo -n '@-' | openssl dgst -sha256 -hmac "${WEBHOOK_SECRET}" | cut -d' ' -f2)" \
-d @-
{
"service": "lumina-frontend",
"image": "${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ steps.meta.outputs.version }}",
"env": {
"ECR_PUBLIC_REGISTRY_ALIAS": "${{ vars.ECR_PUBLIC_REGISTRY_ALIAS }}",
"CORS_ORIGINS": "${{ vars.CORS_ORIGINS }}"
}
}
EOF

View File

@@ -1,7 +1,8 @@
# What is the purpose of this workflows
# for a modal GPU instance that hosting the CV model's on Nvidia Triton
name: Triton Modal Trigger
on: [push]
on: workflow_dispatch # set to on [push] for check after each code push what happens
jobs:
deploy-to-modal: