feat: add DeepSeek integration, Docker, Terraform IaC, and GitHub Actions

- DeepSeek API integration (llm.py) replacing rule engine
- Dockerfile for provider service
- Terraform IaC for OSS + FaaS
- GitHub Actions workflow for Docker build & push
- Deployment scripts for studio and provider
- OSS credentials use environment variables

Author: raojiacui

.github/workflows/deploy-provider.yml

@@ -0,0 +1,38 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'src/provider/**'
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: src/provider
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Alibaba Cloud Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: crpi-uorshhk4a32pmmio.cn-hangzhou.personal.cr.aliyuncs.com
+          username: ${{ secrets.ALIYUN_REGISTRY_USERNAME }}
+          password: ${{ secrets.ALIYUN_REGISTRY_PASSWORD }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: src/provider
+          push: true
+          tags: |
+            crpi-uorshhk4a32pmmio.cn-hangzhou.personal.cr.aliyuncs.com/quanttide/qtcloud-write-provider:latest
+            crpi-uorshhk4a32pmmio.cn-hangzhou.personal.cr.aliyuncs.com/quanttide/qtcloud-write-provider:${{ github.sha }}

manifests/iac/main.tf

@@ -0,0 +1,36 @@
+terraform {
+  required_version = ">= 1.6.0"
+
+  required_providers {
+    alicloud = {
+      source  = "hashicorp/alicloud"
+      version = "~> 1.230.0"
+    }
+  }
+
+  backend "oss" {
+    bucket     = "qtcloud-write-terraform-state"
+    prefix     = "state"
+    region     = "cn-hangzhou"
+    encrypt    = true
+  }
+}
+
+provider "alicloud" {
+  region = var.region
+}
+
+module "oss" {
+  source = "./modules/oss"
+
+  bucket_name = "qtcloud-write-studio"
+  region      = var.region
+}
+
+module "fc" {
+  source = "./modules/fc"
+
+  service_name  = "qtcloud-write"
+  function_name = "provider"
+  region        = var.region
+}

manifests/iac/modules/fc/main.tf

@@ -0,0 +1,79 @@
+# 函数计算模块
+variable "service_name" {
+  type    = string
+  default = "qtcloud-write"
+}
+
+variable "function_name" {
+  type    = string
+  default = "provider"
+}
+
+variable "region" {
+  type = string
+}
+
+resource "alicloud_fc_service" "this" {
+  service_name = var.service_name
+}
+
+resource "alicloud_fc_function" "this" {
+  service_name  = alicloud_fc_service.this.service_name
+  function_name = var.function_name
+  runtime       = "custom-container"
+  handler       = "main.handler"
+  memory_size   = 512
+  timeout       = 60
+
+  container {
+    image = "crpi-uorshhk4a32pmmio.cn-hangzhou.personal.cr.aliyuncs.com/quanttide/qtcloud-write-provider:latest"
+  }
+}
+
+resource "alicloud_fc_trigger" "http_trigger" {
+  service_name  = alicloud_fc_service.this.service_name
+  function_name = alicloud_fc_function.this.function_name
+  trigger_name   = "http-trigger"
+  trigger_type   = "http"
+  invocation_role = alicloud_ram_role.this.arn
+
+  trigger_config = {
+    authType = "anonymous"
+    methods  = ["GET", "POST", "PUT", "DELETE"]
+  }
+}
+
+resource "alicloud_ram_role" "this" {
+  name = "${var.service_name}-fc-role"
+
+  assume_role_policy = jsonencode({
+    Version = "1"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = ["fc.aliyuncs.com"]
+        }
+      }
+    ]
+  })
+}
+
+resource "alicloud_ram_role_policy_attachment" "this" {
+  role_name   = alicloud_ram_role.this.name
+  policy_name  = "AliyunFCFullAccess"
+  policy_type  = "System"
+}
+
+output "service_name" {
+  value = alicloud_fc_service.this.service_name
+}
+
+output "function_name" {
+  value = alicloud_fc_function.this.function_name
+}
+
+output "invoke_url" {
+  value = "https://${alicloud_fc_service.this.service_name}.${var.region}.fc.aliyuncs.com/2016-08-15/proxy/${alicloud_fc_function.this.function_name}/"
+}

manifests/iac/modules/oss/main.tf

@@ -0,0 +1,39 @@
+# OSS 模块 - 存储 Flutter Web 构建产物
+variable "bucket_name" {
+  type    = string
+  default = "qtcloud-write-studio"
+}
+
+variable "region" {
+  type = string
+}
+
+resource "alicloud_oss_bucket" "this" {
+  bucket = var.bucket_name
+  acl    = "public-read"
+
+  lifecycle_rule {
+    name      = "default"
+    enabled   = "true"
+    precedence = 0
+  }
+}
+
+resource "alicloud_oss_bucket_cors" "this" {
+  bucket = alicloud_oss_bucket.this.id
+
+  rule {
+    allowed_origins = ["*"]
+    allowed_methods = ["GET", "HEAD"]
+    allowed_headers = ["*"]
+    max_age_seconds = 3600
+  }
+}
+
+output "bucket_name" {
+  value = alicloud_oss_bucket.this.bucket
+}
+
+output "endpoint" {
+  value = "https://${alicloud_oss_bucket.this.bucket}.oss-${var.region}.aliyuncs.com"
+}

manifests/iac/variables.tf

@@ -0,0 +1,11 @@
+variable "region" {
+  description = "阿里云区域"
+  type        = string
+  default     = "cn-hangzhou"
+}
+
+variable "environment" {
+  description = "环境名称"
+  type        = string
+  default     = "prod"
+}

pyproject.toml

@@ -2,7 +2,7 @@
 name = "qtcloud-write"
 version = "0.1.0-alpha.1"
 requires-python = ">=3.11"
-dependencies = ["fastapi", "uvicorn"]
+dependencies = ["fastapi", "uvicorn", "openai", "pydantic", "pydantic-settings"]
 
 [tool.uv.workspace]
 members = ["provider"]

scripts/deploy-provider.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+# 构建并部署 qtcloud-write-provider 到阿里云 FaaS
+
+set -euo pipefall
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
+PROVIDER_DIR="$PROJECT_ROOT/src/provider"
+IMAGE_NAME="qtcloud-write-provider"
+REGISTRY="crpi-uorshhk4a32pmmio.cn-hangzhou.personal.cr.aliyuncs.com"
+
+echo "=== 1. 构建 Docker 镜像 ==="
+cd "$PROVIDER_DIR"
+docker build -t "$IMAGE_NAME:latest" .
+
+echo ""
+echo "=== 2. 推送到阿里云容器镜像服务 ==="
+docker tag "$IMAGE_NAME:latest" "$REGISTRY/quanttide/$IMAGE_NAME:latest"
+docker push "$REGISTRY/quanttide/$IMAGE_NAME:latest"
+
+echo ""
+echo "=== 完成 ==="
+echo "镜像已推送，请登录阿里云函数计算控制台创建函数"
+echo "镜像地址: $REGISTRY/quanttide/$IMAGE_NAME:latest"

scripts/deploy-studio.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+# 构建 Flutter Web 并上传到 OSS
+
+set -euo pipefall
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
+STUDIO_DIR="$PROJECT_ROOT/src/studio"
+
+echo "=== 1. 构建 Flutter Web ==="
+cd "$STUDIO_DIR"
+flutter build web --release
+
+echo ""
+echo "=== 2. 上传到 OSS ==="
+python3 "$SCRIPT_DIR/upload-studio-oss.py"
+
+echo ""
+echo "=== 完成 ==="
+echo "访问: https://qtcloud-write-studio.oss-cn-hangzhou.aliyuncs.com"

scripts/upload-studio-oss.py

@@ -0,0 +1,68 @@
+#!/usr/bin/env python3
+"""上传 qtcloud-write Flutter Web 构建产物到阿里云 OSS"""
+
+import oss2
+import os
+from pathlib import Path
+
+# 阿里云配置
+ACCESS_KEY_ID = os.environ.get("OSS_ACCESS_KEY_ID", "")
+ACCESS_KEY_SECRET = os.environ.get("OSS_ACCESS_KEY_SECRET", "")
+BUCKET_NAME = "qtcloud-write"
+REGION = "cn-hangzhou"
+ENDPOINT = f"oss-{REGION}.aliyuncs.com"
+
+# 本地 build 目录
+BUILD_DIR = Path(__file__).parent.parent / "src" / "studio" / "build" / "web"
+
+
+def upload_file(bucket, local_path: Path, remote_path: str):
+    """上传单个文件"""
+    with open(local_path, "rb") as f:
+        content = f.read()
+
+    result = bucket.put_object(remote_path, content)
+    if result.status == 200:
+        print(f"  OK {remote_path}")
+    else:
+        print(f"  FAIL {remote_path} (status={result.status})")
+    return result.status == 200
+
+
+def main():
+    print(f"Connecting OSS: {BUCKET_NAME} ({ENDPOINT})...")
+
+    auth = oss2.Auth(ACCESS_KEY_ID, ACCESS_KEY_SECRET)
+    bucket = oss2.Bucket(auth, ENDPOINT, BUCKET_NAME)
+
+    if not BUILD_DIR.exists():
+        print(f"错误: build 目录不存在: {BUILD_DIR}")
+        print("请先运行: cd src/studio && flutter build web --release")
+        return
+
+    print(f"Uploading from: {BUILD_DIR}")
+    print("-" * 50)
+
+    success = 0
+    failed = 0
+
+    for root, dirs, files in os.walk(BUILD_DIR):
+        root_path = Path(root)
+
+        for filename in files:
+            local_path = root_path / filename
+            relative = local_path.relative_to(BUILD_DIR)
+            remote_path = str(relative).replace("\\", "/")
+
+            if upload_file(bucket, local_path, remote_path):
+                success += 1
+            else:
+                failed += 1
+
+    print("-" * 50)
+    print(f"完成: {success} 成功, {failed} 失败")
+    print(f"访问: https://{BUCKET_NAME}.{ENDPOINT}")
+
+
+if __name__ == "__main__":
+    main()

src/provider/.env.example

@@ -0,0 +1,2 @@
+llm_api_key=your_deepseek_api_key_here
+llm_base_url=https://api.deepseek.com