Set GEE_SERVICE_ACCOUNT_JSON for staging too #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Deploy Terraform and Helm' | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: # allows to manually run the workflow from the Actions tab | |
| jobs: | |
| Deploy: | |
| name: 'Deploy Terraform and Helm' | |
| runs-on: ubuntu-latest | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Configure Kubectl | |
| uses: azure/setup-kubectl@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Configure kubeconfig | |
| run: aws eks update-kubeconfig --region us-east-1 --name zeno-production-cluster | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_version: 1.5.1 | |
| - name: Terraform Format | |
| id: fmt | |
| working-directory: ./terraform | |
| run: terraform fmt -no-color | |
| - name: Terraform Init | |
| id: init | |
| working-directory: ./terraform | |
| run: terraform init | |
| - name: Terraform Validate | |
| id: validate | |
| working-directory: ./terraform | |
| run: terraform validate -no-color | |
| - name: Terraform Plan | |
| id: plan | |
| working-directory: ./terraform | |
| if: github.event_name == 'pull_request' | |
| run: terraform plan -no-color -input=false | |
| continue-on-error: true | |
| - name: Update Pull Request | |
| uses: actions/github-script@v6 | |
| if: github.event_name == 'pull_request' | |
| env: | |
| PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` | |
| #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` | |
| #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` | |
| #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` | |
| <details><summary>Show Plan</summary> | |
| \`\`\`\n | |
| ${process.env.PLAN} | |
| \`\`\` | |
| </details> | |
| *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }) | |
| - name: Terraform Plan Status | |
| working-directory: ./terraform | |
| if: steps.plan.outcome == 'failure' | |
| run: exit 1 | |
| - name: Terraform Apply | |
| working-directory: ./terraform | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| run: terraform apply -auto-approve | |
| - name: Update Helm Repos | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| working-directory: ./helm | |
| run: | | |
| helm repo add ollama-helm https://otwld.github.io/ollama-helm/ | |
| helm repo add langfuse https://langfuse.github.io/langfuse-k8s | |
| helm repo update | |
| - name: Helm Deploy Ollama | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| working-directory: ./helm | |
| run: helm upgrade --install ollama ollama-helm/ollama -f ollama/values.yaml | |
| - name: Helm Deploy Langfuse | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| working-directory: ./helm | |
| run: > | |
| helm upgrade --install langfuse langfuse/langfuse | |
| -f langfuse/values.yaml | |
| --set postgresql.auth.password=${{ secrets.DATABASE_PASSWORD }} | |
| --set langfuse.nextauth.secret=${{ secrets.LANGFUSE_NEXTAUTH_SECRET }} | |
| --set langfuse.salt=${{ secrets.LANGFUSE_SALT }} | |
| - name: Helm Deploy Zeno | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| working-directory: ./helm | |
| run: > | |
| helm upgrade --install zeno ./zeno | |
| -f zeno/values.yaml | |
| --set secrets.langfuse.INIT_USER_PASSWORD=${{ secrets.LANGFUSE_INIT_USER_PASSWORD }} | |
| --set secrets.langfuse.INIT_PROJECT_SECRET_KEY=${{ secrets.LANGFUSE_INIT_PROJECT_SECRET_KEY }} | |
| --set secrets.langfuse.INIT_PROJECT_PUBLIC_KEY=${{ secrets.LANGFUSE_INIT_PROJECT_PUBLIC_KEY }} | |
| --set secrets.api.OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} | |
| --set secrets.api.ANTHROPIC_API_KEY=${{ secrets.ANTHROPIC_API_KEY }} | |
| --set secrets.api.AWS_ACCESS_KEY_ID=${{ secrets.S3_READONLY_AWS_ACCESS_KEY_ID }} | |
| --set secrets.api.AWS_SECRET_ACCESS_KEY=${{ secrets.S3_READONLY_AWS_SECRET_ACCESS_KEY }} | |
| --set secrets.api.GEE_SERVICE_ACCOUNT_JSON=${{ secrets.GEE_SERVICE_ACCOUNT_JSON }} | |
| - name: Helm Deploy Zeno Dev Instance | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| working-directory: ./helm | |
| run: > | |
| helm upgrade --install zeno-dev ./zeno | |
| -f zeno/values-dev.yaml | |
| --namespace zeno-dev | |
| --create-namespace | |
| --set secrets.langfuse.INIT_USER_PASSWORD=${{ secrets.LANGFUSE_INIT_USER_PASSWORD }} | |
| --set secrets.langfuse.INIT_PROJECT_SECRET_KEY=${{ secrets.DEV_LANGFUSE_INIT_PROJECT_SECRET_KEY }} | |
| --set secrets.langfuse.INIT_PROJECT_PUBLIC_KEY=${{ secrets.DEV_LANGFUSE_INIT_PROJECT_PUBLIC_KEY }} | |
| --set secrets.api.OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} | |
| --set secrets.api.ANTHROPIC_API_KEY=${{ secrets.ANTHROPIC_API_KEY }} | |
| --set secrets.api.AWS_ACCESS_KEY_ID=${{ secrets.S3_READONLY_AWS_ACCESS_KEY_ID }} | |
| --set secrets.api.AWS_SECRET_ACCESS_KEY=${{ secrets.S3_READONLY_AWS_SECRET_ACCESS_KEY }} | |
| --set secrets.api.GEE_SERVICE_ACCOUNT_JSON=${{ secrets.GEE_SERVICE_ACCOUNT_JSON }} |