build: create app infra and ci components (#2)

rustam-kevuru · tehno-for · web-flow · commit 6ba164ebf48d · 2025-12-05T14:11:54.000+04:00
* build: security file ignore

* build: manifests for app

* build: cicd pipeline for app

---------

Co-authored-by: rustam.sharipov &lt;keoroot@gmail.com&gt;
diff --git a/.github/workflows/deployment.yaml b/.github/workflows/deployment.yaml
@@ -0,0 +1,133 @@
+name: Deployment
+
+on:  
+  push:
+    branches:
+      - nodejs
+      - dev
+  release:
+    types:
+      - published
+
+jobs:
+  prepare:
+    name: Prepare
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Read Version
+        id: version
+        run: |
+          echo "Reading package.json"
+          PACKAGE_VERSION=0.0.1 
+          ## ./package.json
+          echo "value=$PACKAGE_VERSION-build.${{ github.run_id }}" >> $GITHUB_OUTPUT
+
+      - name: Check Version
+        run: |
+          VERSION="${{ steps.version.outputs.value }}"
+          if [[ "$VERSION" =~ ^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-((0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(\+([0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*))?$ ]]; then
+            echo "Version: $VERSION"
+          else
+            echo "Invalid Version: $VERSION"
+            exit 1
+          fi
+
+      - name: Select Environment
+        id: environment
+        run: |
+          COMMIT_MSG="$(git log -1 --pretty=%B)"
+          echo "Commit: $COMMIT_MSG"
+          if [[ "${{ github.event_name }}" == "push" ]]; then
+            if [[ "${{ github.ref_name }}" == 'nodejs' ]]; then
+              echo "value=stage" >> $GITHUB_OUTPUT
+            elif [[ "${{ github.ref_name }}" == 'dev' ]]; then
+              echo "value=dev" >> $GITHUB_OUTPUT
+            fi
+            if [[ "$COMMIT_MSG" == *_ci* ]]; then
+              echo "condition=ci" >> $GITHUB_OUTPUT
+            else
+              echo "condition=all" >> $GITHUB_OUTPUT
+            fi
+          elif [[ "${{ github.event_name }}" == "release" && "${{ github.event.release.target_commitish }}" == 'main' ]]; then
+            echo "value=prod" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Check Environment
+        run: |
+          ENV="${{ steps.environment.outputs.value }}"
+          if [[ "$ENV" != "stage" && "$ENV" != "prod" && "$ENV" != "dev" ]]; then
+            echo "Invalid Environment: $ENV"
+            exit 1
+          fi
+          echo "Environment: $ENV"
+          echo "Condition: ${{ steps.environment.outputs.condition }}"
+
+    outputs:
+      version: ${{ steps.version.outputs.value }}
+      environment: ${{ steps.environment.outputs.value }}
+      condition: ${{ steps.environment.outputs.condition }}
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    if: needs.prepare.outputs.condition != 'ci'
+    needs: [prepare]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+
+      - name: Set repository info
+        run: | 
+              echo "REPO=${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com" >> $GITHUB_ENV
+              echo $value
+
+      - name: Build and push Document Parcer image to ECR
+        uses: docker/build-push-action@v2
+        if: needs.prepare.outputs.environment == 'stage' || needs.prepare.outputs.environment == 'dev' ## || (needs.prepare.outputs.environment == 'prod'
+        with:
+          context: .
+          tags: ${{ env.REPO }}/document-parcer:${{ needs.prepare.outputs.version }}, ${{ env.REPO }}/document-parcer:${{ needs.prepare.outputs.environment }}-latest
+          push: true
+
+  rollout:
+    name: Rollout
+    if: needs.prepare.outputs.condition != 'ci'
+    needs: [prepare, build]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Login to Amazon EKS for stage cluster
+        run: |
+          aws eks update-kubeconfig --name ${{ secrets.EKS_CLUSTER_NAME }} --region ${{ secrets.AWS_REGION }}
+
+      - name: Apply new workflow configurations for Document Parcer
+        run: |
+          kubectl apply -f .infra/${{ needs.prepare.outputs.environment }}/apps/document-parcer.yaml
+
+      - name: Rollout Document Parcer Deployment
+        run: |
+          kubectl rollout restart deploy document-parcer -n ${{ needs.prepare.outputs.environment }}
+          kubectl rollout status deploy document-parcer -n ${{ needs.prepare.outputs.environment }} --timeout=300s
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+/.infra/stage/security
diff --git a/.infra/stage/apps/document-parcer.yaml b/.infra/stage/apps/document-parcer.yaml
@@ -0,0 +1,71 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: document-parcer
+  namespace: stage
+  labels:
+    app: document-parcer
+spec:
+  replicas: 1  # Number of replicas of the application
+  selector:
+    matchLabels:
+      app: document-parcer
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: document-parcer
+    spec:
+      volumes:
+        - name: hoa-data
+          persistentVolumeClaim:
+            claimName: hoa-pvc
+      containers:
+      - name: document-parcer
+        image: 533267116071.dkr.ecr.eu-central-1.amazonaws.com/document-parcer:stage-latest # The image to be used
+        imagePullPolicy: Always
+        command: ["/bin/sh", "-c"]
+        args: 
+          - |
+            uvicorn main:app --host 0.0.0.0 --port 8000
+              # echo "--------Start migrate-----"
+              # sleep 1200
+              # echo "--------Finish seeding-----"
+        ports:
+          - containerPort: 5004 # App works on this port
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "256m"
+          limits:
+            memory: "1280Mi"
+            cpu: "1000m"
+
+        envFrom:
+          - configMapRef:
+              name: main-configs-document-parcer-01
+          - secretRef:
+              name: main-creds-document-parcer-02
+        volumeMounts:
+          - mountPath: "/app/cache"
+            name: hoa-data
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: document-parcer-svc
+  namespace: stage
+  annotations:
+    alb.ingress.kubernetes.io/healthcheck-path: /health
+    alb.ingress.kubernetes.io/healthcheck-interval-seconds: "300"
+    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: "5"
+    alb.ingress.kubernetes.io/healthy-threshold-count: "3"
+    alb.ingress.kubernetes.io/unhealthy-threshold-count: "3"
+spec:
+  type: ClusterIP
+  selector:
+    app: document-parcer
+  ports:
+    - port: 5004
+      targetPort: 5004
diff --git a/.infra/stage/configs/main-configs.yaml b/.infra/stage/configs/main-configs.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: main-configs-document-parcer-01
+  namespace: stage
+data:
+  BASE_URL: "http://document-parcer.svc.cluster.local"
+  LM_STUDIO_URL: "https://chat-stg.zentegrio.com"
+  DOCUMENT_CONVERTER_URL: "http://document-parcer.svc.cluster.local:5004/convert"
