Delete secrets if exists #16

Workflow file for this run

.github/workflows/genai-deployment.yaml at b36e2b4

	name: Pipeline For GenAI Deployment

	on:
	push:
	branches: [main]

	env:
	KUBE_NAMESPACE: genai-app
	RELEASE_NAME: team-divops-genai
	HELM_CHART_PATH: ./helm/divops/genai
	IMAGE_REPOSITORY: ghcr.io/aet-devops25/team-divops-genai
	AWS_REGION: us-east-1

	jobs:

	linting:
	name: Code Linting
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	testing:
	name: Testing
	runs-on: ubuntu-latest
	needs: linting
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Setup Python
	uses: actions/setup-python@v5
	with:
	python-version: 3.13.5
	- name: Install dependencies
	run: pip install -r requirements.txt
	working-directory: ./genai
	- name: Create .env file
	run: \|
	echo "GEMINI_API_KEY=${{ secrets.GEMINI_API_KEY }}" > ./genai/app/.env
	echo "WEAVIATE_API_KEY=${{ secrets.WEAVIATE_API_KEY }}" >> ./genai/app/.env
	echo "WEAVIATE_URL=${{ secrets.WEAVIATE_URL }}" >> ./genai/app/.env
	working-directory: .
	- name: Run FastAPI in background
	run: \|
	pip install uvicorn
	uvicorn server.server:app --host 0.0.0.0 --port 8000 &
	working-directory: ./genai

	- name: Wait for server to be ready
	run: \|
	for i in {1..10}; do
	curl -s http://localhost:8000/genai/health && exit 0
	sleep 1
	done
	echo "Server failed to start" && exit 1

	- name: Run all tests
	run: python -m unittest discover tests
	working-directory: ./genai

	build-and-push-genai-app:
	name: Build and Push GenAI Docker Image
	runs-on: ubuntu-latest
	needs: testing
	permissions:
	contents: read
	packages: write
	outputs:
	image_tag: ${{ steps.set-tag.outputs.image_tag }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	- name: Log in to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Set IMAGE_TAG to short SHA
	id: set-tag
	run: echo "IMAGE_TAG=$(echo $GITHUB_SHA \| cut -c1-7)" >> $GITHUB_OUTPUT
	- name: Create .env file
	run: \|
	echo "GEMINI_API_KEY=${{ secrets.GEMINI_API_KEY }}" > ./genai/app/.env
	echo "WEAVIATE_API_KEY=${{ secrets.WEAVIATE_API_KEY }}" >> ./genai/app/.env
	echo "WEAVIATE_URL=${{ secrets.WEAVIATE_URL }}" >> ./genai/app/.env
	working-directory: .
	- name: Build genai Docker image with both tags
	run: docker build -f ./genai/Dockerfile -t ${{ env.IMAGE_REPOSITORY }}:latest -t ${{ env.IMAGE_REPOSITORY }}:${{ steps.set-tag.outputs.image_tag }} ./genai
	- name: Push latest tag
	run: docker push ${{ env.IMAGE_REPOSITORY }}:latest
	- name: Push SHA tag
	run: docker push ${{ env.IMAGE_REPOSITORY }}:${{ steps.set-tag.outputs.image_tag }}

	deploy-helm:
	name: Deploy Helm Chart
	runs-on: ubuntu-latest
	needs: build-and-push-genai-app
	env:
	IMAGE_TAG: ${{ needs.build-and-push-genai-app.outputs.IMAGE_TAG }}
	HELM_DRIVER: configmap
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Set up kubectl
	uses: azure/setup-kubectl@v3
	with:
	version: 'latest'

	- name: Set up Helm
	uses: azure/setup-helm@v3
	with:
	version: 'latest'

	- name: Create .kube directory
	run: mkdir -p $HOME/.kube

	- name: Configure kubeconfig
	run: echo "${{ secrets.GENAI_KUBECONFIG }}" > $HOME/.kube/config

	- name: Cleanup old Helm secrets (if any)
	run: \|
	echo "Deleting old Helm secrets in namespace $KUBE_NAMESPACE"
	kubectl delete secret -n $KUBE_NAMESPACE -l owner=helm \|\| true

	- name: Deploy Helm Chart with SHA tag
	run: \|
	helm upgrade --install $RELEASE_NAME $HELM_CHART_PATH \
	--namespace $KUBE_NAMESPACE \
	--set genai.image.repository=$IMAGE_REPOSITORY \
	--set genai.image.tag=$IMAGE_TAG \
	--force --wait



	deploy-aws:
	name: Deploy To AWS EC2
	needs: build-and-push-genai-app
	runs-on: ubuntu-latest
	if: ${{ vars.RUN_AWS_DEPLOYMENT == 'true' }}
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
	AWS_REGION: us-east-1
	TF_LOG: ""
	steps:
	- name: Checkout repo
	uses: actions/checkout@v4
	- name: Cache Terraform files
	uses: actions/cache@v3
	with:
	path: \|
	./terraform/terraform.tfstate
	./terraform/terraform.tfstate.backup
	./terraform/.terraform
	key: terraform-state-${{ hashFiles('terraform/*/.tf') }}
	restore-keys: terraform-state-
	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	terraform_version: 1.5.6
	terraform_wrapper: false
	- name: Terraform Init
	working-directory: ./terraform
	run: terraform init
	- name: Terraform Validate
	working-directory: ./terraform
	run: terraform validate
	- name: Terraform Plan
	working-directory: ./terraform
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_REGION: us-east-1
	run: terraform plan -out=tfplan
	- name: Terraform Apply
	working-directory: ./terraform
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	run: terraform apply -auto-approve tfplan
	- name: Output EC2 public IP
	working-directory: ./terraform
	id: ec2-ip
	run: \|
	EC2_IP=$(terraform output -raw ec2_public_ip)
	echo "ec2_ip=$EC2_IP" >> $GITHUB_OUTPUT
	- name: Show EC2 Public IP
	run: echo "EC2 Public IP is ${{ steps.ec2-ip.outputs.ec2_ip }}"
	- name: Setup Ansible and run playbook
	working-directory: ./ansible
	run: \|
	sudo apt-get update && sudo apt-get install -y ansible
	mkdir -p ~/.ssh
	echo "${{ secrets.AWS_EC2_SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
	chmod 600 ~/.ssh/id_rsa
	ssh-keyscan -H ${{ steps.ec2-ip.outputs.ec2_ip }} >> ~/.ssh/known_hosts
	echo "[ec2]" > inventory.ini
	echo "${{ steps.ec2-ip.outputs.ec2_ip }}" >> inventory.ini
	ansible-playbook -i inventory.ini genai-playbook.yml --private-key ~/.ssh/id_rsa -u ubuntu -b -v

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Delete secrets if exists #16

Workflow file

Delete secrets if exists #16

Uh oh!

Workflow file for this run