streamlit deployment #41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Deploy Terraform and Helm' | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: # allows to manually run the workflow from the Actions tab | |
jobs: | |
Deploy: | |
name: 'Deploy Terraform and Helm' | |
runs-on: ubuntu-latest | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Configure Kubectl | |
uses: azure/setup-kubectl@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Configure kubeconfig | |
run: aws eks update-kubeconfig --region us-east-1 --name zeno-production-cluster | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.5.1 | |
- name: Terraform Format | |
id: fmt | |
working-directory: ./terraform | |
run: terraform fmt -no-color | |
- name: Terraform Init | |
id: init | |
working-directory: ./terraform | |
run: terraform init | |
- name: Terraform Validate | |
id: validate | |
working-directory: ./terraform | |
run: terraform validate -no-color | |
- name: Terraform Plan | |
id: plan | |
working-directory: ./terraform | |
if: github.event_name == 'pull_request' | |
run: terraform plan -no-color -input=false | |
continue-on-error: true | |
- name: Update Pull Request | |
uses: actions/github-script@v6 | |
if: github.event_name == 'pull_request' | |
env: | |
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` | |
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` | |
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\` | |
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` | |
<details><summary>Show Plan</summary> | |
\`\`\`\n | |
${process.env.PLAN} | |
\`\`\` | |
</details> | |
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: output | |
}) | |
- name: Terraform Plan Status | |
working-directory: ./terraform | |
if: steps.plan.outcome == 'failure' | |
run: exit 1 | |
- name: Terraform Apply | |
working-directory: ./terraform | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
run: terraform apply -auto-approve | |
- name: Update Helm Repos | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
working-directory: ./helm | |
run: | | |
helm repo add ollama-helm https://otwld.github.io/ollama-helm/ | |
helm repo add langfuse https://langfuse.github.io/langfuse-k8s | |
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts | |
helm repo add grafana https://grafana.github.io/helm-charts | |
helm repo update | |
- name: Helm Deploy Ollama | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
working-directory: ./helm | |
run: helm upgrade --install ollama ollama-helm/ollama -f ollama/values.yaml | |
- name: Helm Deploy Langfuse | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
working-directory: ./helm | |
run: > | |
helm upgrade --install langfuse langfuse/langfuse | |
-f langfuse/values.yaml | |
--set postgresql.auth.password=${{ secrets.DATABASE_PASSWORD }} | |
--set langfuse.nextauth.secret=${{ secrets.LANGFUSE_NEXTAUTH_SECRET }} | |
--set langfuse.salt=${{ secrets.LANGFUSE_SALT }} | |
- name: Helm Deploy Kube Prometheus Stack | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
working-directory: ./helm | |
run: > | |
helm upgrade --install | |
kube-prometheus-stack | |
--namespace support | |
--create-namespace | |
prometheus-community/kube-prometheus-stack | |
-f support/kube-prometheus-stack/values.yaml | |
--set grafana.adminPassword=${{ secrets.GRAFANA_ADMIN_PASSWORD }} | |
- name: Helm Deploy Loki | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
working-directory: ./helm | |
run: > | |
helm upgrade --install | |
--namespace support | |
--create-namespace | |
loki | |
grafana/loki-stack | |
-f support/loki/loki-values.yaml | |
# Deploy Zeno instances | |
- name: Helm Deploy Zeno | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
working-directory: ./helm | |
run: > | |
helm upgrade --install zeno ./zeno | |
-f zeno/values.yaml | |
--set secrets.langfuse.INIT_USER_PASSWORD=${{ secrets.LANGFUSE_INIT_USER_PASSWORD }} | |
--set secrets.langfuse.INIT_PROJECT_SECRET_KEY=${{ secrets.LANGFUSE_INIT_PROJECT_SECRET_KEY }} | |
--set secrets.langfuse.INIT_PROJECT_PUBLIC_KEY=${{ secrets.LANGFUSE_INIT_PROJECT_PUBLIC_KEY }} | |
--set secrets.api.OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} | |
--set secrets.api.ANTHROPIC_API_KEY=${{ secrets.ANTHROPIC_API_KEY }} | |
--set secrets.api.AWS_ACCESS_KEY_ID=${{ secrets.S3_READONLY_AWS_ACCESS_KEY_ID }} | |
--set secrets.api.AWS_SECRET_ACCESS_KEY=${{ secrets.S3_READONLY_AWS_SECRET_ACCESS_KEY }} | |
--set secrets.api.GEE_SERVICE_ACCOUNT_JSON=${{ secrets.GEE_SERVICE_ACCOUNT_JSON }} | |
- name: Helm Deploy Zeno Dev Instance | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
working-directory: ./helm | |
run: > | |
helm upgrade --install zeno-dev ./zeno | |
-f zeno/values-dev.yaml | |
--namespace zeno-dev | |
--create-namespace | |
--set secrets.langfuse.INIT_USER_PASSWORD=${{ secrets.LANGFUSE_INIT_USER_PASSWORD }} | |
--set secrets.langfuse.INIT_PROJECT_SECRET_KEY=${{ secrets.DEV_LANGFUSE_INIT_PROJECT_SECRET_KEY }} | |
--set secrets.langfuse.INIT_PROJECT_PUBLIC_KEY=${{ secrets.DEV_LANGFUSE_INIT_PROJECT_PUBLIC_KEY }} | |
--set secrets.api.OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} | |
--set secrets.api.ANTHROPIC_API_KEY=${{ secrets.ANTHROPIC_API_KEY }} | |
--set secrets.api.AWS_ACCESS_KEY_ID=${{ secrets.S3_READONLY_AWS_ACCESS_KEY_ID }} | |
--set secrets.api.AWS_SECRET_ACCESS_KEY=${{ secrets.S3_READONLY_AWS_SECRET_ACCESS_KEY }} | |
--set secrets.api.GEE_SERVICE_ACCOUNT_JSON=${{ secrets.GEE_SERVICE_ACCOUNT_JSON }} |