Skip to content

What 75 students shipped in one semester with Jac (#46) #299

What 75 students shipped in one semester with Jac (#46)

What 75 students shipped in one semester with Jac (#46) #299

Workflow file for this run

name: Deploy jaseci-blogs with jac-scale
on:
push:
branches:
- main
workflow_dispatch:
permissions:
id-token: write
contents: read
jobs:
deploy-jaseci-blogs:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4.2.0
with:
aws-region: us-east-2
role-to-assume: arn:aws:iam::776241927220:role/GitHubActionsJaseciDeployRole
role-session-name: GitHubActions-JaseciBlogs
audience: sts.amazonaws.com
- name: Update kubeconfig for EKS
run: |
aws eks update-kubeconfig --region us-east-2 --name jaseci-cluster
kubectl config current-context
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install Jac toolchain and project dependencies
run: |
pip install --upgrade pip
# jaclang core ships the `jac` CLI and is pip-installable. The Jac
# plugins (jac-scale, jac-client) no longer carry a pyproject.toml
# (jaseci-labs/jaseci#6322), so they install via `jac install`, which
# reads [dependencies] in jac.toml into the project's .jac/venv.
# `jac start` adds that venv to sys.path automatically.
# Pin jaclang: the unpinned `pip install jaclang` pulls the latest,
# whose newer in-pod binary bootstrap ("[jac] Fetching latest version
# … Could not determine latest version from GitHub Releases") crash-
# loops the pod. Pinned to the last pre-breakage release. Bump in
# lockstep with the jac-scale/jac-client pins in jac.toml.
pip install jaclang==0.16.0
jac install
- name: Deploy jaseci-blogs with jac-scale
working-directory: .
env:
# Submission-portal secrets. jac.toml's [plugins.scale.secrets]
# interpolates these ${...} env vars at deploy time into the
# jaseci-blogs-secrets k8s Secret. Unset values deploy as empty,
# which gracefully disables /submit + /reviewer. Only an OAuth App is
# needed — every GitHub action runs as the signed-in user (fork + PR).
# See SUBMIT_FLOW.md.
GH_OAUTH_CLIENT_ID: ${{ vars.BLOG_OAUTH_CLIENT_ID }}
GH_OAUTH_CLIENT_SECRET: ${{ secrets.BLOG_OAUTH_CLIENT_SECRET }}
# One random value backs both: jac-scale signs the session JWT with
# JWT_SECRET, and SUBMIT_SESSION_SECRET is the Fernet key for the GitHub
# token at rest. Reused so there's no extra secret to manage (and so an
# unset JWT_SECRET can't silently fall back to jac-scale's default).
JWT_SECRET: ${{ secrets.BLOG_SESSION_SECRET }}
SUBMIT_SESSION_SECRET: ${{ secrets.BLOG_SESSION_SECRET }}
run: |
# `jac install` put jaclang + jac-scale + jac-client into the project
# venv (.jac/venv). Run THAT venv's jac so the jac-scale plugin loads
# at startup and registers the `--scale` flag — the global `jac` (from
# `pip install jaclang`) builds its arg parser before the venv is on
# the path, so it does not recognize `--scale`.
.jac/venv/bin/jac start main.jac --scale
- name: Verify deployment
run: |
echo "Checking deployment status..."
kubectl get deployments -n jaseci-blogs
kubectl get services -n jaseci-blogs
kubectl get pods -n jaseci-blogs
- name: Deployment Summary
if: always()
run: |
echo "## jaseci-blogs Deployment Summary" >> $GITHUB_STEP_SUMMARY
echo "### Configuration" >> $GITHUB_STEP_SUMMARY
echo "- **App Name**: jaseci-blogs" >> $GITHUB_STEP_SUMMARY
echo "- **Namespace**: jaseci-blogs" >> $GITHUB_STEP_SUMMARY
echo "- **Cluster**: jaseci-cluster" >> $GITHUB_STEP_SUMMARY
echo "- **Region**: us-east-2" >> $GITHUB_STEP_SUMMARY
echo "- **Triggered By**: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Deployment Status" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
kubectl get all -n jaseci-blogs 2>&1 >> $GITHUB_STEP_SUMMARY || echo "Unable to fetch deployment status" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY