trust remote code when downloading rerankers #19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Dev Environment | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| - feature/PAKTON_backend # Testing branch | |
| env: | |
| REGISTRY: ghcr.io | |
| jobs: | |
| build-and-deploy: | |
| name: Build and Deploy to Dev EC2 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata for API | |
| id: meta-api | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/petrosrapto/pakton/pakton-api | |
| flavor: | | |
| latest=false | |
| tags: | | |
| type=ref,event=branch | |
| type=sha,prefix=dev- | |
| sep-tags: ',' | |
| sep-labels: ',' | |
| - name: Build and push API Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./PAKTON Framework | |
| file: ./PAKTON Framework/API/Dockerfile | |
| platforms: linux/amd64 | |
| push: true | |
| tags: ${{ steps.meta-api.outputs.tags }} | |
| labels: ${{ steps.meta-api.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Extract metadata for Frontend | |
| id: meta-frontend | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/petrosrapto/pakton/pakton-frontend | |
| flavor: | | |
| latest=false | |
| tags: | | |
| type=ref,event=branch | |
| type=sha,prefix=dev- | |
| sep-tags: ',' | |
| sep-labels: ',' | |
| - name: Build and push Frontend Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./PAKTON Framework/Frontend/v0.2 | |
| file: ./PAKTON Framework/Frontend/v0.2/Dockerfile | |
| platforms: linux/amd64 | |
| push: true | |
| tags: ${{ steps.meta-frontend.outputs.tags }} | |
| labels: ${{ steps.meta-frontend.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-args: | | |
| NEXT_PUBLIC_SUPABASE_URL=${{ secrets.DEV_NEXT_PUBLIC_SUPABASE_URL }} | |
| NEXT_PUBLIC_SUPABASE_ANON_KEY=${{ secrets.DEV_NEXT_PUBLIC_SUPABASE_ANON_KEY }} | |
| NEXT_PUBLIC_SUPABASE_URL_DOCUMENTS=${{ secrets.DEV_NEXT_PUBLIC_SUPABASE_URL_DOCUMENTS }} | |
| NEXT_PUBLIC_SUPABASE_ANON_KEY_DOCUMENTS=${{ secrets.DEV_NEXT_PUBLIC_SUPABASE_ANON_KEY_DOCUMENTS }} | |
| NEXT_PUBLIC_ARCHIVIST_API_URL=${{ secrets.DEV_NEXT_PUBLIC_ARCHIVIST_API_URL }} | |
| NODE_ENV=production | |
| LOCAL_DEVELOPMENT=false | |
| - name: Deploy to Dev EC2 | |
| uses: appleboy/[email protected] | |
| env: | |
| DEV_SUPABASE_URL: ${{ secrets.DEV_SUPABASE_URL }} | |
| DEV_SUPABASE_JWT_SECRET: ${{ secrets.DEV_SUPABASE_JWT_SECRET }} | |
| DEV_ENABLE_AUTHENTICATION: ${{ secrets.DEV_ENABLE_AUTHENTICATION }} | |
| DEV_POSTGRES_DB: ${{ secrets.DEV_POSTGRES_DB }} | |
| DEV_POSTGRES_USER: ${{ secrets.DEV_POSTGRES_USER }} | |
| DEV_POSTGRES_PASSWORD: ${{ secrets.DEV_POSTGRES_PASSWORD }} | |
| DEV_HUGGINGFACE_TOKEN: ${{ secrets.DEV_HUGGINGFACE_TOKEN }} | |
| DEV_AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }} | |
| DEV_AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} | |
| DEV_AWS_REGION_NAME: ${{ secrets.DEV_AWS_REGION_NAME }} | |
| DEV_EMBEDDINGS_API_KEY: ${{ secrets.DEV_EMBEDDINGS_API_KEY }} | |
| DEV_OPENAI_API_KEY: ${{ secrets.DEV_OPENAI_API_KEY }} | |
| DEV_TAVILY_API_KEY: ${{ secrets.DEV_TAVILY_API_KEY }} | |
| DEV_LANGCHAIN_API_KEY: ${{ secrets.DEV_LANGCHAIN_API_KEY }} | |
| DEV_LANGCHAIN_PROJECT: ${{ secrets.DEV_LANGCHAIN_PROJECT }} | |
| DEV_PINECONE_API_KEY: ${{ secrets.DEV_PINECONE_API_KEY }} | |
| DEV_GOOGLE_API_KEY: ${{ secrets.DEV_GOOGLE_API_KEY }} | |
| DEV_NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.DEV_NEXT_PUBLIC_SUPABASE_URL }} | |
| DEV_NEXT_PUBLIC_SUPABASE_ANON_KEY: ${{ secrets.DEV_NEXT_PUBLIC_SUPABASE_ANON_KEY }} | |
| DEV_NEXT_PUBLIC_SUPABASE_URL_DOCUMENTS: ${{ secrets.DEV_NEXT_PUBLIC_SUPABASE_URL_DOCUMENTS }} | |
| DEV_NEXT_PUBLIC_SUPABASE_ANON_KEY_DOCUMENTS: ${{ secrets.DEV_NEXT_PUBLIC_SUPABASE_ANON_KEY_DOCUMENTS }} | |
| DEV_NEXT_PUBLIC_ARCHIVIST_API_URL: ${{ secrets.DEV_NEXT_PUBLIC_ARCHIVIST_API_URL }} | |
| DEV_LOCAL_DEVELOPMENT: ${{ secrets.DEV_LOCAL_DEVELOPMENT }} | |
| with: | |
| host: ${{ secrets.DEV_EC2_HOST }} | |
| username: ${{ secrets.DEV_EC2_USER }} | |
| key: ${{ secrets.DEV_EC2_SSH_KEY }} | |
| port: ${{ secrets.DEV_EC2_PORT || 22 }} | |
| envs: DEV_SUPABASE_URL,DEV_SUPABASE_JWT_SECRET,DEV_ENABLE_AUTHENTICATION,DEV_POSTGRES_DB,DEV_POSTGRES_USER,DEV_POSTGRES_PASSWORD,DEV_HUGGINGFACE_TOKEN,DEV_AWS_ACCESS_KEY_ID,DEV_AWS_SECRET_ACCESS_KEY,DEV_AWS_REGION_NAME,DEV_EMBEDDINGS_API_KEY,DEV_OPENAI_API_KEY,DEV_TAVILY_API_KEY,DEV_LANGCHAIN_API_KEY,DEV_LANGCHAIN_PROJECT,DEV_PINECONE_API_KEY,DEV_GOOGLE_API_KEY,DEV_NEXT_PUBLIC_SUPABASE_URL,DEV_NEXT_PUBLIC_SUPABASE_ANON_KEY,DEV_NEXT_PUBLIC_SUPABASE_URL_DOCUMENTS,DEV_NEXT_PUBLIC_SUPABASE_ANON_KEY_DOCUMENTS,DEV_NEXT_PUBLIC_ARCHIVIST_API_URL,DEV_LOCAL_DEVELOPMENT | |
| script: | | |
| # Create deployment directory and clean up any conflicts | |
| mkdir -p /home/${{ secrets.DEV_EC2_USER }}/pakton-dev | |
| cd /home/${{ secrets.DEV_EC2_USER }}/pakton-dev | |
| # Clone or pull latest code | |
| if [ ! -d ".git" ]; then | |
| git clone https://github.com/${{ github.repository }}.git . | |
| else | |
| # Clean up any untracked files that might conflict | |
| git clean -fd | |
| git reset --hard | |
| fi | |
| git fetch origin | |
| git checkout ${{ github.ref_name }} | |
| git pull origin ${{ github.ref_name }} | |
| # Create environment files from secrets | |
| bash ./deployment/scripts/create-env-files.sh ./deployment/env | |
| # Login to GitHub Container Registry | |
| echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| # Sanitize branch name for Docker tag (replace / with -) | |
| TAG_NAME=$(echo "${{ github.ref_name }}" | sed 's/\//-/g') | |
| # Pull latest images | |
| docker pull ghcr.io/petrosrapto/pakton/pakton-api:$TAG_NAME || docker pull ghcr.io/petrosrapto/pakton/pakton-api:develop | |
| docker pull ghcr.io/petrosrapto/pakton/pakton-frontend:$TAG_NAME || docker pull ghcr.io/petrosrapto/pakton/pakton-frontend:develop | |
| # Run deployment script | |
| export GITHUB_REPOSITORY="petrosrapto/pakton" | |
| export BRANCH_NAME="$TAG_NAME" | |
| bash ./deployment/deploy-dev.sh | |
| - name: Verify deployment | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.DEV_EC2_HOST }} | |
| username: ${{ secrets.DEV_EC2_USER }} | |
| key: ${{ secrets.DEV_EC2_SSH_KEY }} | |
| port: ${{ secrets.DEV_EC2_PORT || 22 }} | |
| script: | | |
| # Check if containers are running | |
| docker ps | grep pakton | |
| # Check API health | |
| curl -f http://localhost:5001/health || exit 1 | |
| # Check Frontend health | |
| curl -f http://localhost:3000 || exit 1 | |
| - name: Notify on success | |
| if: success() | |
| run: | | |
| echo "✅ Deployment to dev environment successful!" | |
| echo "API: http://${{ secrets.DEV_EC2_HOST }}:5001" | |
| echo "Frontend: http://${{ secrets.DEV_EC2_HOST }}:3000" | |
| - name: Notify on failure | |
| if: failure() | |
| run: | | |
| echo "❌ Deployment to dev environment failed!" | |
| exit 1 |