-
Notifications
You must be signed in to change notification settings - Fork 0
205 lines (176 loc) · 8.02 KB
/
lightsail-mgmt.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
name: "Lightsail service management"
run-name: "For subdomain ${{inputs.subdomain}}: ${{inputs.command}}"
on:
workflow_dispatch:
inputs:
command:
description: "Command to perform on Lightsail service"
required: true
type: choice
default: 'status'
options:
- 'status'
- 'list_images'
- 'delete_old_images'
- 'enable'
- 'disable'
- 'disable_all'
- 'update_power'
- 'create_new'
- 'delete_service'
subdomain:
description: 'Subdomain of navalabs.co on which to run command'
type: choice
default: ''
options:
- ''
- 'chat'
- 'chatbot'
- 'chatbdt'
- 'chat-bdt'
- 'bdtbot'
- 'bdt-bot'
- 'bdt-chat'
- 'bdt-chatbot'
- 'chatbot-prototype'
- 'chat.zone'
power:
description: "(Only for update_power and create_new commands) power of service"
type: choice
default: ''
options:
- ''
# - nano
- micro
- small
- medium
- large
- xlarge
permissions:
id-token: write # This is required for requesting the JWT from GitHub's OIDC provider for AWS authentication
env:
AWS_REGION: us-east-1
SERVICE_NAME: ${{ inputs.subdomain }}-svc
DOMAIN_NAME: navalabs.co
FULL_DOMAIN: ${{ inputs.subdomain }}.navalabs.co
jobs:
lightsail:
runs-on: ubuntu-latest
steps:
- name: "Configure AWS credentials"
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: arn:aws:iam::654654379445:role/Lightsail_Mgmt_role
role-session-name: GitHub_to_AWS_via_FederatedOIDC
- name: "Install AWS lightsail command"
run: |
# Uncomment the following lines if you need to upgrade the AWS CLI version
# aws --version
# curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
# unzip awscliv2.zip
# sudo ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update
# which aws
aws --version
aws sts get-caller-identity
sudo curl "https://s3.us-west-2.amazonaws.com/lightsailctl/latest/linux-amd64/lightsailctl" -o "/usr/local/bin/lightsailctl"
sudo chmod +x /usr/local/bin/lightsailctl
- name: "Extract branch name"
id: extract_branch
run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
- name: "Install waitForLightsail.sh"
run: |
echo "https://raw.githubusercontent.com/$GITHUB_REPOSITORY/${{ steps.extract_branch.outputs.branch }}/.github/workflows/waitForLightsail.sh"
curl https://raw.githubusercontent.com/$GITHUB_REPOSITORY/${{ steps.extract_branch.outputs.branch }}/.github/workflows/waitForLightsail.sh -o waitForLightsail.sh
chmod +x waitForLightsail.sh
- name: "Enable service"
if: inputs.command == 'enable'
run: |
aws lightsail update-container-service --service-name "$SERVICE_NAME" --no-is-disabled
SLEEP_INTERVAL=5 ./waitForLightsail.sh service READY RUNNING
- name: "Disable service"
if: inputs.command == 'disable'
run: |
aws lightsail update-container-service --service-name "$SERVICE_NAME" --is-disabled
SLEEP_INTERVAL=10 ./waitForLightsail.sh service DISABLED
- name: "Disable all services"
if: inputs.command == 'disable_all'
run: |
SERVICES=$(aws lightsail get-container-services | jq -r '.containerServices[].containerServiceName')
while read SERVICE_NAME; do
if [ "$SERVICE_NAME" == "" ]; then
continue
fi
echo "Disabling service $SERVICE_NAME"
aws lightsail update-container-service --service-name "$SERVICE_NAME" --is-disabled
SLEEP_INTERVAL=5 ./waitForLightsail.sh service UPDATING
done <<< "$SERVICES"
while read SERVICE_NAME; do
SLEEP_INTERVAL=10 ./waitForLightsail.sh service DISABLED
done <<< "$SERVICES"
- name: "Update the power of the service to ${{inputs.power}}"
if: inputs.command == 'update_power'
run: |
aws lightsail update-container-service --service-name "$SERVICE_NAME" --power ${{inputs.power}}
SLEEP_INTERVAL=5 ./waitForLightsail.sh service READY RUNNING
- name: "List images associated with service"
if: inputs.command == 'list_images'
run: |
aws lightsail get-container-images --service-name "$SERVICE_NAME"
- name: "Delete previous images"
if: inputs.command == 'delete_old_images'
run: |
IMAGE_NAMES=$(aws lightsail get-container-images --service-name "$SERVICE_NAME" | jq -r '.containerImages[].image')
# Skip the first image, which is the current image
OLD_IMAGE_NAMES=$(echo $IMAGE_NAMES | tail -n +2)
while read IMG_NAME; do
if [ "$IMG_NAME" == "" ]; then
continue
fi
echo "Deleting image $IMG_NAME"
echo aws lightsail delete-container-image --service-name "$SERVICE_NAME" --image $IMG_NAME;
done <<< "$OLD_IMAGE_NAMES"
echo "Images:"
aws lightsail get-container-images --service-name "$SERVICE_NAME"
- name: "Create new container service"
if: inputs.command == 'create_new'
run: |
# check if service already exists
if aws lightsail get-container-services --service-name "$SERVICE_NAME" > /dev/null; then
echo "Already exists: $SERVICE_NAME"
exit 0
fi
# `micro` power is needed for it's memory capacity; 60%+ memory is needed for the vector DB
aws lightsail create-container-service --service-name $SERVICE_NAME --power ${{inputs.power}} --scale 1 --public-domain-names navalabs-cert=$FULL_DOMAIN
SLEEP_INTERVAL=15 ./waitForLightsail.sh service READY
SVC_URL=$(aws lightsail get-container-services --service-name "$SERVICE_NAME" | jq -r '.containerServices[0].url')
# Remove 'https://' prefix
URL_DOMAIN=${SVC_URL#https://}
# Remove '/' suffix
TARGET_DOMAIN=${URL_DOMAIN%/}
# If domain entry exists, delete it
OLD_TARGET=$(aws lightsail get-domain --domain-name $DOMAIN_NAME | jq -r ".domain.domainEntries[] | select( .name == \"$FULL_DOMAIN\" ) | .target")
if [ "$OLD_TARGET" ] ; then
echo "Deleting existing '$FULL_DOMAIN' entry with target '$OLD_TARGET'"
aws lightsail delete-domain-entry --domain-name $DOMAIN_NAME --domain-entry "type=A,isAlias=true,name=$FULL_DOMAIN,target=$OLD_TARGET"
fi
echo "Creating DNS assignment by adding a domain entry $FULL_DOMAIN to target $TARGET_DOMAIN"
aws lightsail create-domain-entry --domain-name $DOMAIN_NAME --domain-entry "type=A,isAlias=true,name=$FULL_DOMAIN,target=$TARGET_DOMAIN"
- name: "Delete container service"
if: inputs.command == 'delete_service'
run: |
# check if service exists
if ! aws lightsail get-container-services --service-name "$SERVICE_NAME"; then
echo "Service does not exist: $SERVICE_NAME"
exit 0
fi
aws lightsail delete-container-service --service-name "$SERVICE_NAME"
- name: "Print status"
if: always()
run: |
aws lightsail get-container-services | jq '.containerServices[] | { containerServiceName, createdAt, state, isDisabled, power,
"deployment_state": .currentDeployment.state,
"container_image": .currentDeployment.containers.chatbot.image,
"container_BUILD_DATE": .currentDeployment.containers.chatbot.environment.BUILD_DATE,
"container_GIT_SHA": .currentDeployment.containers.chatbot.environment.GIT_SHA,
"publicDomainNames": .publicDomainNames["navalabs-cert"] }'