diff --git a/.github/workflows/image-build.yml b/.github/workflows/image-build.yml index 2d323f7f..5129ef0a 100644 --- a/.github/workflows/image-build.yml +++ b/.github/workflows/image-build.yml @@ -20,6 +20,10 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 + - name: Fetch latest FE commit SHA + id: fetch_commit_fe_sha + run: | + echo "LATEST_COMMIT_SHA=$(curl -LSsk 'https://api.github.com/repos/stacklok/codegate-ui/commits?per_page=1' -H 'Authorization: Bearer ${{ secrets.GH_CI_TOKEN }}' | jq -r '.[0].sha')" >> $GITHUB_ENV - name: Test build on x86 id: docker_build uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v5 @@ -30,4 +34,8 @@ jobs: push: false # Only attempt to build, to verify the Dockerfile is working load: true cache-from: type=gha - cache-to: type=gha,mode=max \ No newline at end of file + cache-to: type=gha,mode=max + secrets: | + gh_token=${{ secrets.GH_CI_TOKEN }} + build-args: | + LATEST_COMMIT_SHA=${{ env.LATEST_COMMIT_SHA }} diff --git a/.github/workflows/image-publish.yml b/.github/workflows/image-publish.yml index f5319785..2d549277 100644 --- a/.github/workflows/image-publish.yml +++ b/.github/workflows/image-publish.yml @@ -61,6 +61,10 @@ jobs: name_is_regexp: true skip_unpack: false if_no_artifact_found: ignore + - name: Fetch latest FE commit SHA + id: fetch_commit_fe_sha + run: | + echo "LATEST_COMMIT_SHA=$(curl -LSsk 'https://api.github.com/repos/stacklok/codegate-ui/commits?per_page=1' -H 'Authorization: Bearer ${{ secrets.GH_CI_TOKEN }}' | jq -r '.[0].sha')" >> $GITHUB_ENV - name: Rename to accomodate to image run: mv ./backup_weaviate ./weaviate_backup - name: Build image @@ -76,3 +80,7 @@ jobs: labels: ${{ steps.docker-metadata.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max + secrets: | + gh_token=${{ secrets.GH_CI_TOKEN }} + build-args: | + LATEST_COMMIT_SHA=${{ env.LATEST_COMMIT_SHA }} diff --git a/Dockerfile b/Dockerfile index 955e8d82..1f3552f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,16 +21,62 @@ RUN poetry config virtualenvs.create false && \ # Copy the rest of the application COPY . /app +# Build the webapp +FROM node:20.18-slim AS webbuilder + +# Install curl for downloading the webapp from GH and unzip to extract it +RUN apt-get update && apt-get install -y --no-install-recommends \ + curl \ + unzip\ + ca-certificates + +WORKDIR /usr/src/ + +# Get the latest commit sha as a build arg +# This is needed otherwise Docker will cache the git clone step. With this workaround +# we can force Docker to re-run the git clone step if the latest commit sha changes. +# --build-arg LATEST_COMMIT_SHA=$(curl \ +# -LSsk "https://api.github.com/repos/stacklok/codegate-ui/commits?per_page=1" \ +# -H "Authorization: Bearer $GH_CI_TOKEN" | jq -r '.[0].sha') +ARG LATEST_COMMIT_SHA=LATEST +RUN echo "Latest FE commit: $LATEST_COMMIT_SHA" +# Download the webapp from GH +# -L to follow redirects +RUN --mount=type=secret,id=gh_token \ + LATEST_COMMIT_SHA=${LATEST_COMMIT_SHA} \ + curl -L -o main.zip "https://api.github.com/repos/stacklok/codegate-ui/zipball/main" \ + -H "Authorization: Bearer $(cat /run/secrets/gh_token)" + +# Extract the downloaded zip file +RUN unzip main.zip +RUN rm main.zip +# Rename the extracted folder +RUN mv *codegate-ui* webapp + +WORKDIR /usr/src/webapp + +# Install the webapp dependencies and build it +RUN npm install +RUN npm run build + # Runtime stage: Create the final lightweight image FROM python:3.12-slim AS runtime # Install runtime system dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ libgomp1 \ + nginx \ && rm -rf /var/lib/apt/lists/* -# Create a non-root user and switch to it +# Create a non-root user RUN useradd -m -u 1000 -r codegate + +# Set permissions for user codegate to run nginx +RUN chown -R codegate /var/lib/nginx && \ + chown -R codegate /var/log/nginx && \ + chown -R codegate /run + +# Switch to codegate user USER codegate WORKDIR /app @@ -38,6 +84,11 @@ WORKDIR /app COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages COPY --from=builder /app /app +# Copy necessary artifacts from the webbuilder stage +COPY --from=webbuilder /usr/src/webapp/dist /var/www/html +# Expose nginx +EXPOSE 80 + # Set the PYTHONPATH environment variable ENV PYTHONPATH=/app/src diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 955e42c2..ae12a69c 100755 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -9,6 +9,10 @@ else echo "No backup found at $1/$2. Skipping restore." fi -# Step 2: Start the main application (serve) +# Step 2: Start the Nginx server with FE +echo "Starting the dashboard.. " +exec nginx -g 'daemon off;' & + +# Step 3: Start the main application (serve) echo "Starting the application..." -exec python -m src.codegate.cli serve --port 8989 --host 0.0.0.0 \ No newline at end of file +exec python -m src.codegate.cli serve --port 8989 --host 0.0.0.0 --vllm-url https://inference.codegate.ai