# Gitea Actions Workflow: Backend ECR Deployment # Place at: .gitea/workflows/backend-ecr.yaml (in repository root) name: Backend ECR Deployment on: push: branches: ['**'] workflow_dispatch: {} permissions: contents: read packages: write env: # Build-time / workflow context BACKEND_DIR: workspace/sprint_1_2/CODEBASE/backend ECR_REGISTRY: public.ecr.aws ECR_REPOSITORY: ${{ vars.ECR_PUBLIC_REGISTRY_ALIAS }}/msk-cv-inference-server DOCKERFILE_PATH: deps/implementation/backend_deploy/Dockerfile # CV inference server runtime configuration # These are Gitea repository variables (or secrets) that are forwarded # to the container at deploy time. The Docker image itself does NOT bake # them in — the FastAPI app reads them from the environment via pydantic-settings. TRITON_ENDPOINT: ${{ vars.TRITON_ENDPOINT }} CV_INFERENCE_HOST: ${{ vars.CV_INFERENCE_HOST }} CV_INFERENCE_PORT: ${{ vars.CV_INFERENCE_PORT }} BASE_URL: ${{ vars.BASE_URL }} CORS_ORIGINS: ${{ vars.CORS_ORIGINS }} jobs: build-and-push: runs-on: ubuntu-latest container: image: gitea-modal-runner:latest timeout-minutes: 30 steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: '3.12' - name: Lint backend code run: | python -m py_compile backend/cv_inference_server.py find backend -name '*.py' -exec python -m py_compile {} + - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: us-east-1 - name: Login to Amazon ECR Public id: login-ecr uses: aws-actions/amazon-ecr-login@v2 with: registry-type: public mask-password: 'true' - name: Extract metadata for Docker id: meta uses: docker/metadata-action@v5 with: # Full ECR Public image reference: public.ecr.aws/{alias}/{repo} images: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }} tags: | type=ref,event=branch type=sha,prefix= type=raw,value=latest,enable={{is_default_branch}} labels: | org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }} org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.title=VKIST CV Inference Server - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: ./${{ env.BACKEND_DIR }} file: ./${{ env.DOCKERFILE_PATH }} push: true platforms: linux/amd64,linux/arm64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - name: Print image URI and digest run: | echo "Pushed ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ steps.meta.outputs.version }}" echo "Digest: ${{ steps.meta.outputs.tags }}" # trigger-triton: # needs: build-and-push # if: success() && github.event_name == 'push' # runs-on: ubuntu-latest # steps: # - name: Trigger Modal Triton deployment # uses: gitea/gitea-actions-workflow-trigger@v1 # with: # repository: ${{ github.repository }} # workflow: trigger_modal_triton.yaml # ref: ${{ github.ref }} # inputs: '{}' notify-deploy: needs: build-and-push if: success() && github.event_name == 'push' runs-on: ubuntu-latest steps: - name: Trigger deployment webhook if: env.DEPLOY_WEBHOOK_URL != '' env: DEPLOY_WEBHOOK_URL: ${{ secrets.DEPLOY_WEBHOOK_URL }} WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }} run: | cat <