Enable Langfuse tracing: add Actions secrets, write .env, update comp… #33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Push Portfolio Images | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_TOKEN }} | |
| # IMPORTANT: NEXT_PUBLIC_* vars are build-time only in Next.js! | |
| # They get embedded into the JS bundle during build. | |
| # Set NEXT_PUBLIC_API_URL secret in GitHub repo settings, or change the default below. | |
| # This should be the URL where users' browsers can reach the backend API. | |
| - name: Build frontend image | |
| run: | | |
| API_URL="${{ secrets.NEXT_PUBLIC_API_URL }}" | |
| if [ -z "$API_URL" ]; then | |
| API_URL="https://portfolio-api.medevs.local" | |
| fi | |
| echo "Building frontend with API_URL: ${API_URL}" | |
| docker build \ | |
| --build-arg NEXT_PUBLIC_API_URL=${API_URL} \ | |
| -t ghcr.io/${{ github.repository_owner }}/portfolio-frontend:latest \ | |
| ./frontend | |
| - name: Build backend image | |
| run: | | |
| docker build -t ghcr.io/${{ github.repository_owner }}/portfolio-backend:latest ./backend | |
| - name: Push frontend image | |
| run: | | |
| docker push ghcr.io/${{ github.repository_owner }}/portfolio-frontend:latest | |
| - name: Push backend image | |
| run: | | |
| docker push ghcr.io/${{ github.repository_owner }}/portfolio-backend:latest | |
| deploy: | |
| runs-on: self-hosted | |
| needs: build-and-push | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Deploy to homelab | |
| run: | | |
| set -e | |
| cd ~/projects/local-smart-portfolio | |
| echo "📦 Pulling latest code from GitHub..." | |
| git pull origin main | |
| echo "� Updating environment variables for Langfuse..." | |
| LF_HOST="${{ secrets.LANGFUSE_HOST }}" | |
| if [ -z "$LF_HOST" ]; then LF_HOST="http://langfuse:3000"; fi | |
| touch .env | |
| sed -i '/^LANGFUSE_/d' .env | |
| printf "LANGFUSE_ENABLED=true\n" >> .env | |
| printf "LANGFUSE_PUBLIC_KEY=%s\n" "${{ secrets.LANGFUSE_PUBLIC_KEY }}" >> .env | |
| printf "LANGFUSE_SECRET_KEY=%s\n" "${{ secrets.LANGFUSE_SECRET_KEY }}" >> .env | |
| printf "LANGFUSE_HOST=%s\n" "$LF_HOST" >> .env | |
| if [ -n "${{ secrets.LANGFUSE_NEXTAUTH_SECRET }}" ]; then printf "LANGFUSE_NEXTAUTH_SECRET=%s\n" "${{ secrets.LANGFUSE_NEXTAUTH_SECRET }}" >> .env; fi | |
| if [ -n "${{ secrets.LANGFUSE_SALT }}" ]; then printf "LANGFUSE_SALT=%s\n" "${{ secrets.LANGFUSE_SALT }}" >> .env; fi | |
| if [ -n "${{ secrets.LANGFUSE_ENCRYPTION_KEY }}" ]; then printf "LANGFUSE_ENCRYPTION_KEY=%s\n" "${{ secrets.LANGFUSE_ENCRYPTION_KEY }}" >> .env; fi | |
| if [ -n "${{ secrets.LANGFUSE_NEXTAUTH_URL }}" ]; then printf "LANGFUSE_NEXTAUTH_URL=%s\n" "${{ secrets.LANGFUSE_NEXTAUTH_URL }}" >> .env; fi | |
| echo "�📥 Pulling latest GHCR images..." | |
| docker compose -f docker-compose.yml -f docker-compose.homelab.yml --profile observability pull | |
| echo "🔄 Recreating containers with homelab overrides..." | |
| # The ollama-init service will automatically pull required models | |
| # (llama3.2:3b for LLM, nomic-embed-text for embeddings) | |
| # --profile observability enables Langfuse tracing services | |
| docker compose -f docker-compose.yml -f docker-compose.homelab.yml --profile observability up -d --force-recreate | |
| echo "📋 Checking ollama-init logs..." | |
| docker compose -f docker-compose.yml -f docker-compose.homelab.yml --profile observability logs ollama-init || true | |
| echo "🧹 Cleaning up old images..." | |
| docker image prune -f | |
| echo "✅ Deployment complete!" |