Merge pull request #141 from rostilos/1.5.1-rc

Refactor deployment scripts and configuration

Author: rostilos

.github/workflows/deploy.yml

@@ -0,0 +1,140 @@
+###############################################################################
+# CodeCrow CI/CD Pipeline
+#
+# Triggers: push to main branch, or manual dispatch
+#
+# Flow:
+#   1. Checkout code (with submodules)
+#   2. Build Java artifacts (Maven)
+#   3. Build all 5 Docker images
+#   4. Save images as a compressed tarball
+#   5. SCP tarball to production server
+#   6. SSH into server and run deployment script
+#
+# Required GitHub Secrets:
+#   DEPLOY_SSH_KEY              — Private SSH key for env
+#   DEPLOY_HOST                 — Server IP
+#   DEPLOY_USER                 — SSH user
+#   DEPLOY_HOST_FINGERPRINT     — Server SSH host key (ssh-keyscan -H <ip>)
+#   ENV_INFERENCE_ORCHESTRATOR  — Contents of inference-orchestrator/.env
+#   ENV_RAG_PIPELINE            — Contents of rag-pipeline/.env
+#   ENV_WEB_FRONTEND            — Contents of frontend/.env
+###############################################################################
+
+name: Deploy to Production
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+    inputs:
+      skip_build:
+        description: "Skip build (deploy existing images on server)"
+        required: false
+        default: "false"
+
+concurrency:
+  group: production-deploy
+  cancel-in-progress: false
+
+env:
+  DEPLOY_PATH: /opt/codecrow
+
+jobs:
+  build:
+    name: Build Docker Images
+    runs-on: ubuntu-latest
+    if: github.event.inputs.skip_build != 'true'
+    timeout-minutes: 30
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          fetch-depth: 0
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 17
+          cache: maven
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build (ci-build.sh)
+        env:
+          ENV_INFERENCE_ORCHESTRATOR: ${{ secrets.ENV_INFERENCE_ORCHESTRATOR }}
+          ENV_RAG_PIPELINE: ${{ secrets.ENV_RAG_PIPELINE }}
+          ENV_WEB_FRONTEND: ${{ secrets.ENV_WEB_FRONTEND }}
+        run: |
+          chmod +x deployment/ci/ci-build.sh
+          deployment/ci/ci-build.sh
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: codecrow-images
+          path: build-output/codecrow-images.tar.gz
+          retention-days: 7
+          compression-level: 0
+
+  deploy:
+    name: Deploy to Server
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: always() && (needs.build.result == 'success' || github.event.inputs.skip_build == 'true')
+    timeout-minutes: 15
+    environment: production
+
+    steps:
+      - name: Checkout (for compose file + deploy script)
+        uses: actions/checkout@v4
+
+      - name: Download artifact
+        if: github.event.inputs.skip_build != 'true'
+        uses: actions/download-artifact@v4
+        with:
+          name: codecrow-images
+          path: build-output
+
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key
+          chmod 600 ~/.ssh/deploy_key
+          # Use pre-registered host fingerprint instead of ssh-keyscan (MITM-safe)
+          # Generate with:  ssh-keyscan -H <server-ip> 2>/dev/null
+          echo "${{ secrets.DEPLOY_HOST_FINGERPRINT }}" >> ~/.ssh/known_hosts
+
+      - name: Upload docker-compose.prod.yml and deploy script
+        run: |
+          scp -i ~/.ssh/deploy_key \
+            deployment/docker-compose.prod.yml \
+            deployment/ci/server-deploy.sh \
+            ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:${{ env.DEPLOY_PATH }}/
+
+      - name: Upload Docker images tarball
+        if: github.event.inputs.skip_build != 'true'
+        run: |
+          scp -i ~/.ssh/deploy_key \
+            build-output/codecrow-images.tar.gz \
+            ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:${{ env.DEPLOY_PATH }}/releases/
+
+      - name: Deploy on server
+        run: |
+          ssh -i ~/.ssh/deploy_key \
+            ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} \
+            "chmod +x ${{ env.DEPLOY_PATH }}/server-deploy.sh && ${{ env.DEPLOY_PATH }}/server-deploy.sh"
+
+      - name: Verify deployment
+        run: |
+          ssh -i ~/.ssh/deploy_key \
+            ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} \
+            "cd ${{ env.DEPLOY_PATH }} && docker compose -f docker-compose.prod.yml ps --format 'table {{.Name}}\t{{.Status}}'"
+
+      - name: Cleanup SSH key
+        if: always()
+        run: rm -f ~/.ssh/deploy_key

.gitignore

@@ -3,10 +3,9 @@
 *.iws
 *.iml
 *.ipr
-.github
 .vscode
 .venv
-docker-compose.yml
+
 
 **/newrelic.jar
 **/newrelic.yml

deployment/.env.sample

@@ -0,0 +1,4 @@
+INTERNAL_API_SECRET=secret-change-me
+POSTGRES_DB=codecrow_ai
+POSTGRES_USER=codecrow
+POSTGRES_PASSWORD=codecrow_pass

deployment/.gitignore

@@ -1,7 +1,5 @@
-### IntelliJ IDEA ###
 .idea
 *.iws
 *.iml
 *.ipr
-docker-compose.yml
 .env

deployment/production-build.sh deployment/build/production-build.shdeployment/production-build.sh renamed to deployment/build/production-build.sh

@@ -4,26 +4,26 @@ set -e
 MCP_SERVERS_JAR_PATH="java-ecosystem/mcp-servers/vcs-mcp/target/codecrow-vcs-mcp-1.0.jar"
 PLATFORM_MCP_JAR_PATH="java-ecosystem/mcp-servers/platform-mcp/target/codecrow-platform-mcp-1.0.jar"
 FRONTEND_DIR="frontend"
-FRONTEND_BRANCH="epic/CA-1-self-host"
+FRONTEND_BRANCH="main"
 JAVA_DIR="java-ecosystem"
 DOCKER_PATH="deployment"
 CONFIG_PATH="deployment/config"
 
-cd "$(dirname "$0")/../"
-
-echo "--- 1. Ensuring frontend submodule is synchronized ---"
-if [ -d "$FRONTEND_DIR" ] && [ ! -f "$FRONTEND_DIR/.git" ]; then
-   echo "Stale frontend directory detected (not a submodule). Removing and re-initializing..."
-   rm -rf "$FRONTEND_DIR"
-   git submodule update --init --remote -- "$FRONTEND_DIR"
-elif [ -d "$FRONTEND_DIR" ]; then
-   echo "Frontend submodule exists. Updating..."
-   git submodule update --remote -- "$FRONTEND_DIR"
-else
-   echo "Initializing frontend submodule..."
-   git submodule update --init --remote -- "$FRONTEND_DIR"
-fi
-(cd "$FRONTEND_DIR" && git checkout "$FRONTEND_BRANCH" && git pull origin "$FRONTEND_BRANCH")
+cd "$(dirname "$0")/../../"
+
+# echo "--- 1. Ensuring frontend submodule is synchronized ---"
+# if [ -d "$FRONTEND_DIR" ] && [ ! -f "$FRONTEND_DIR/.git" ]; then
+#    echo "Stale frontend directory detected (not a submodule). Removing and re-initializing..."
+#    rm -rf "$FRONTEND_DIR"
+#    git submodule update --init --remote -- "$FRONTEND_DIR"
+# elif [ -d "$FRONTEND_DIR" ]; then
+#    echo "Frontend submodule exists. Updating..."
+#    git submodule update --remote -- "$FRONTEND_DIR"
+# else
+#    echo "Initializing frontend submodule..."
+#    git submodule update --init --remote -- "$FRONTEND_DIR"
+# fi
+# (cd "$FRONTEND_DIR" && git checkout "$FRONTEND_BRANCH" && git pull origin "$FRONTEND_BRANCH")
 
 echo "--- 2. Injecting Environment Configurations ---"
 

deployment/ci/ci-build.sh

@@ -0,0 +1,107 @@
+#!/bin/bash
+###############################################################################
+# ci-build.sh — Runs inside the GitHub Actions runner.
+#
+# 1. Builds Java artifacts (Maven)
+# 2. Copies MCP JARs to inference-orchestrator context
+# 3. Writes .env files from GitHub secrets
+# 4. Builds all 5 Docker images
+# 5. Saves them to a single compressed tarball
+#
+# Required env vars (set by GH Actions):
+#   ENV_INFERENCE_ORCHESTRATOR  — contents of inference-orchestrator/.env
+#   ENV_RAG_PIPELINE            — contents of rag-pipeline/.env
+#   ENV_WEB_FRONTEND            — contents of web-frontend/.env
+###############################################################################
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+ROOT_DIR="$(cd "$SCRIPT_DIR/../.." && pwd)"
+
+MCP_JAR="java-ecosystem/mcp-servers/vcs-mcp/target/codecrow-vcs-mcp-1.0.jar"
+PLATFORM_MCP_JAR="java-ecosystem/mcp-servers/platform-mcp/target/codecrow-platform-mcp-1.0.jar"
+JAVA_DIR="java-ecosystem"
+OUTPUT_DIR="$ROOT_DIR/build-output"
+
+cd "$ROOT_DIR"
+mkdir -p "$OUTPUT_DIR"
+
+echo "=========================================="
+echo "  CodeCrow CI Build"
+echo "=========================================="
+
+# ── 1. Inject .env files from secrets ──────────────────────────────────────
+echo "--- 1. Writing .env files from CI secrets ---"
+
+if [ -n "${ENV_INFERENCE_ORCHESTRATOR:-}" ]; then
+  echo "$ENV_INFERENCE_ORCHESTRATOR" > python-ecosystem/inference-orchestrator/.env
+  echo "  ✓ inference-orchestrator/.env written"
+fi
+
+if [ -n "${ENV_RAG_PIPELINE:-}" ]; then
+  echo "$ENV_RAG_PIPELINE" > python-ecosystem/rag-pipeline/.env
+  echo "  ✓ rag-pipeline/.env written"
+fi
+
+if [ -n "${ENV_WEB_FRONTEND:-}" ]; then
+  echo "$ENV_WEB_FRONTEND" > frontend/.env
+  echo "  ✓ web-frontend/.env written"
+fi
+
+# ── 2. Build Java Artifacts ────────────────────────────────────────────────
+echo "--- 2. Building Java artifacts (mvn clean package) ---"
+(cd "$JAVA_DIR" && mvn clean package -DskipTests -q)
+echo "  ✓ Java build complete"
+
+# ── 3. Copy MCP JARs ──────────────────────────────────────────────────────
+echo "--- 3. Copying MCP server JARs ---"
+cp "$MCP_JAR" python-ecosystem/inference-orchestrator/codecrow-vcs-mcp-1.0.jar
+echo "  ✓ VCS MCP JAR copied"
+
+if [ -f "$PLATFORM_MCP_JAR" ]; then
+  cp "$PLATFORM_MCP_JAR" python-ecosystem/inference-orchestrator/codecrow-platform-mcp-1.0.jar
+  echo "  ✓ Platform MCP JAR copied"
+else
+  echo "  ⚠ Platform MCP JAR not found (optional)"
+fi
+
+# ── 4. Build Docker Images ────────────────────────────────────────────────
+echo "--- 4. Building Docker images ---"
+
+IMAGES=(
+  "codecrow/web-server|java-ecosystem/services/web-server|Dockerfile.observable"
+  "codecrow/pipeline-agent|java-ecosystem/services/pipeline-agent|Dockerfile.observable"
+  "codecrow/inference-orchestrator|python-ecosystem/inference-orchestrator"
+  "codecrow/rag-pipeline|python-ecosystem/rag-pipeline"
+  "codecrow/web-frontend|frontend"
+)
+
+for entry in "${IMAGES[@]}"; do
+  IFS='|' read -r IMAGE_NAME CONTEXT DOCKERFILE <<< "$entry"
+  echo "  Building $IMAGE_NAME from $CONTEXT ..."
+  if [ -n "${DOCKERFILE:-}" ]; then
+    docker build -t "${IMAGE_NAME}:latest" -f "$CONTEXT/$DOCKERFILE" "$CONTEXT"
+  else
+    docker build -t "${IMAGE_NAME}:latest" "$CONTEXT"
+  fi
+  echo "  ✓ $IMAGE_NAME built"
+done
+
+# ── 5. Save images to tarball ─────────────────────────────────────────────
+echo "--- 5. Saving Docker images to tarball ---"
+
+IMAGE_LIST=""
+for entry in "${IMAGES[@]}"; do
+  IFS='|' read -r IMAGE_NAME _ _ <<< "$entry"
+  IMAGE_LIST="$IMAGE_LIST ${IMAGE_NAME}:latest"
+done
+
+docker save $IMAGE_LIST | gzip > "$OUTPUT_DIR/codecrow-images.tar.gz"
+
+TARBALL_SIZE=$(du -h "$OUTPUT_DIR/codecrow-images.tar.gz" | cut -f1)
+echo "  ✓ Tarball created: codecrow-images.tar.gz ($TARBALL_SIZE)"
+
+echo ""
+echo "=========================================="
+echo "  Build complete! Artifact: build-output/codecrow-images.tar.gz"
+echo "=========================================="