fix ai-service #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Azure VM | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| workflow_dispatch: | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ secrets.GHCR_USERNAME }} | |
| password: ${{ secrets.GHCR_TOKEN }} | |
| # Ensure GHCR namespace is lowercase (GHCR requires lowercase repository names) | |
| - name: Compute lowercase owner | |
| id: lower-owner | |
| run: | | |
| echo "OWNER_LC=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_ENV | |
| # ---------- Buildx + Cache Setup ---------- | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| # ---------- Build Backend (API) ---------- | |
| - name: Build and push backend image | |
| run: | | |
| docker buildx build --no-cache --platform linux/amd64 \ | |
| --platform linux/amd64 \ | |
| --file backend/Dockerfile \ | |
| --tag ghcr.io/${{ env.OWNER_LC }}/ai-project-backend:prod-latest \ | |
| --tag ghcr.io/${{ env.OWNER_LC }}/ai-project-backend:${{ github.sha }} \ | |
| --push \ | |
| backend | |
| # ---------- Build Worker ---------- | |
| - name: Build and push worker image | |
| run: | | |
| docker buildx build --no-cache --platform linux/amd64 \ | |
| --platform linux/amd64 \ | |
| --file backend/Dockerfile \ | |
| --tag ghcr.io/${{ env.OWNER_LC }}/ai-project-worker:prod-latest \ | |
| --tag ghcr.io/${{ env.OWNER_LC }}/ai-project-worker:${{ github.sha }} \ | |
| --push \ | |
| backend | |
| # ---------- Build AI Service ---------- | |
| - name: Build and push AI service image | |
| run: | | |
| docker buildx build --no-cache --platform linux/amd64 \ | |
| --platform linux/amd64 \ | |
| --file ai-service/Dockerfile \ | |
| --tag ghcr.io/${{ env.OWNER_LC }}/ai-service:prod-latest \ | |
| --tag ghcr.io/${{ env.OWNER_LC }}/ai-service:${{ github.sha }} \ | |
| --push \ | |
| --cache-from type=local,src=/tmp/.buildx-cache \ | |
| --cache-to type=local,dest=/tmp/.buildx-cache-new,mode=max \ | |
| ai-service | |
| - name: Move buildx cache | |
| if: always() | |
| run: | | |
| rm -rf /tmp/.buildx-cache || true | |
| if [ -d "/tmp/.buildx-cache-new" ]; then mv /tmp/.buildx-cache-new /tmp/.buildx-cache; fi | |
| # ---------- Copy compose files to VM ---------- | |
| - name: Upload compose and proxy config | |
| uses: appleboy/scp-action@v0.1.7 | |
| with: | |
| host: ${{ secrets.SSH_HOST }} | |
| username: ${{ secrets.SSH_USER }} | |
| key: ${{ secrets.SSH_KEY }} | |
| source: "docker-compose.yml,Caddyfile" | |
| target: "~/app" | |
| # ---------- SSH Deploy ---------- | |
| - name: Deploy to Azure VM | |
| uses: appleboy/ssh-action@v1.0.3 | |
| with: | |
| host: ${{ secrets.SSH_HOST }} | |
| username: ${{ secrets.SSH_USER }} | |
| key: ${{ secrets.SSH_KEY }} | |
| script: | | |
| set -e | |
| mkdir -p ~/app | |
| cd ~/app | |
| echo "${{ secrets.BACKEND_ENV }}" > backend.env | |
| if [ -n "${{ secrets.AI_ENV }}" ]; then echo "${{ secrets.AI_ENV }}" > ai.env; fi | |
| echo "Logging into GHCR on remote..." | |
| echo "${{ secrets.GHCR_TOKEN }}" | docker login ghcr.io -u "${{ secrets.GHCR_USERNAME }}" --password-stdin | |
| docker compose pull | |
| docker compose up -d | |
| docker image prune -af |