# Gitea Actions Workflow: Backend ECR Deployment # Place at: .gitea/workflows/backend-ecr.yaml (in repository root) name: Backend EC - Modal Deployment on: push: branches: ['**'] workflow_dispatch: {} permissions: contents: read packages: write env: # Build-time / workflow context BACKEND_DIR: workspace/sprint_1_2/CODEBASE/backend ECR_REGISTRY: public.ecr.aws ECR_REPOSITORY: ${{ vars.ECR_PUBLIC_REGISTRY_ALIAS }}/msk-cv-inference-server DOCKERFILE_PATH: deps/implementation/backend_deploy/Dockerfile MODAL_SCRIPT: workspace/sprint_1_2/CODEBASE/deps/implementation/backend_deploy/gitea_modal_build.py # CV inference server runtime configuration # These are Gitea repository variables (or secrets) that are forwarded # to the container at deploy time. The Docker image itself does NOT bake # them in — the FastAPI app reads them from the environment via pydantic-settings. TRITON_ENDPOINT: ${{ vars.TRITON_ENDPOINT }} CV_INFERENCE_HOST: ${{ vars.CV_INFERENCE_HOST }} CV_INFERENCE_PORT: ${{ vars.CV_INFERENCE_PORT }} BASE_URL: ${{ vars.BASE_URL }} CORS_ORIGINS: ${{ vars.CORS_ORIGINS }} ECR_PUBLIC_REGISTRY_ALIAS: ${{ vars.ECR_PUBLIC_REGISTRY_ALIAS }} jobs: build-and-push: runs-on: ubuntu-latest container: image: gitea-modal-runner:latest timeout-minutes: 30 steps: - name: Checkout repository uses: actions/checkout@v4 - name: Lint backend code run: | python -m py_compile workspace/sprint_1_2/CODEBASE/backend/cv_inference_server.py find workspace/sprint_1_2/CODEBASE/backend -name '*.py' -exec python -m py_compile {} + - name: Extract metadata for Docker id: meta uses: docker/metadata-action@v5 with: # Full ECR Public image reference: public.ecr.aws/{alias}/{repo} images: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }} tags: | type=ref,event=branch type=sha,prefix= type=raw,value=latest,enable={{is_default_branch}} labels: | org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }} org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.title=VKIST CV Inference Server - name: Print image URI and digest run: | echo "Pushed ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ steps.meta.outputs.version }}" echo "Digest: ${{ steps.meta.outputs.tags }}" - name: Determine image tag id: tag run: | if [ -n "${{ github.event.inputs.tag }}" ]; then echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT elif [ "${{ github.ref_type }}" = "tag" ]; then echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT else echo "tag=${{ github.sha }}" >> $GITHUB_OUTPUT fi echo "tag=latest" >> $GITHUB_OUTPUT - name: Build and push via Modal id: modal-build env: MODAL_TOKEN_ID: ${{ secrets.MODAL_KEY }} MODAL_TOKEN_SECRET: ${{ secrets.MODAL_SECRET }} run: | modal token set --token-id ${{ env.MODAL_TOKEN_ID }} \ --token-secret ${{ env.MODAL_TOKEN_SECRET }} modal run ${{ env.MODAL_SCRIPT }} \ --registry ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }} \ --image-name "" \ --tag ${{ steps.tag.outputs.tag }} \ --platform linux/amd64 \ --push notify-deploy: needs: modal-build if: success() && github.event_name == 'push' runs-on: ubuntu-latest steps: - name: Trigger deployment webhook if: env.DEPLOY_WEBHOOK_URL != '' env: DEPLOY_WEBHOOK_URL: ${{ secrets.DEPLOY_WEBHOOK_URL }} WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }} run: | cat <