Merge branch 'main' of https://github.com/alexechoi/junction-hack

Author: albinjal

.github/workflows/deploy-cloud-run.yml

@@ -0,0 +1,46 @@
+name: Deploy to Google Cloud Run
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "deep_security/**"
+
+jobs:
+  deploy:
+    name: Build & Deploy Deep Security
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Authenticate with Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v2
+
+      - name: Configure Docker for Google Artifact Registry
+        run: gcloud auth configure-docker gcr.io
+
+      - name: Build Docker Image
+        working-directory: ./deep_security
+        run: |
+          docker build --platform linux/amd64 -t gcr.io/junction-hack-50b8a/deep-security .
+
+      - name: Push Docker Image
+        run: |
+          docker push gcr.io/junction-hack-50b8a/deep-security
+
+      - name: Deploy to Cloud Run
+        run: |
+          gcloud run deploy deep-security \
+            --image gcr.io/junction-hack-50b8a/deep-security \
+            --platform managed \
+            --region europe-west1 \
+            --allow-unauthenticated \
+            --project junction-hack-50b8a

.github/workflows/deploy-container-registry.yml

@@ -0,0 +1,37 @@
+name: Push Deep Security to GCP Container Registry
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "deep_security/**"
+
+jobs:
+  deploy:
+    name: Build & Deploy Factory
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Authenticate with Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v2
+
+      - name: Configure Docker for Google Artifact Registry
+        run: gcloud auth configure-docker gcr.io
+
+      - name: Build Docker Image
+        working-directory: ./deep_security
+        run: |
+          docker build --platform linux/amd64 -t gcr.io/junction-hack-50b8a/deep-security .
+
+      - name: Push Docker Image
+        run: |
+          docker push gcr.io/junction-hack-50b8a/deep-security

deep_security/.dockerignore

@@ -0,0 +1,60 @@
+# Virtual environments
+.venv/
+venv/
+env/
+ENV/
+
+# Python cache
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+.Python
+*.so
+*.egg-info/
+.eggs/
+dist/
+build/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+.DS_Store
+
+# Git
+.git/
+.gitignore
+
+# LangGraph specific
+.langgraph/
+.langgraph_api/
+
+# Environment files (user should mount these or set via docker run -e)
+.env
+.env.local
+.env.*.local
+
+# Documentation
+README.md
+CLAUDE.md
+LICENSE
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+.tox/
+
+# Logs
+*.log
+logs/
+tmp/
+temp/
+
+# Jupyter
+.ipynb_checkpoints/
+
+
+

deep_security/Dockerfile

@@ -0,0 +1,31 @@
+FROM python:3.12-slim
+
+# Install build-essential for g++ and other build tools
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    curl \
+    build-essential \
+    g++ \
+    && rm -rf /var/lib/apt/lists/*
+
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PIP_NO_CACHE_DIR=1
+
+WORKDIR /app
+
+# Install uv and make sure it is on PATH
+RUN curl -LsSf https://astral.sh/uv/install.sh | sh
+ENV PATH="/root/.local/bin:${PATH}"
+
+# Copy the application source
+COPY . .
+
+RUN uv sync
+
+# Expose the LangGraph server port
+EXPOSE 2024
+
+# Run langgraph dev server using uv run to execute in the venv
+# --host 0.0.0.0 allows external connections in Docker
+CMD ["uv", "run", "langgraph", "dev", "--allow-blocking", "--host", "0.0.0.0", "--port", "2024"]
+