Devops cositas

.github/workflows/deploy.yml

@@ -0,0 +1,72 @@
+name: Deploy to Kubernetes
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+env:
+  REGISTRY: crretoxmas2024.azurecr.io
+  NAMESPACE: reto-xmas-2025-goland-ia-backend
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        service:
+          - name: docs-manager
+            path: ./DocsManager
+            image: reto-xmas-2025-goland-ia-backend-docs-manager
+            deployment: docs-manager
+          - name: rag-manager
+            path: ./RAGManager
+            image: reto-xmas-2025-goland-ia-backend-rag-manager
+            deployment: rag-manager
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to ACR
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ secrets.ACR_USERNAME }}
+        password: ${{ secrets.ACR_PASSWORD }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: ${{ matrix.service.path }}
+        platforms: linux/amd64
+        push: true
+        tags: |
+          ${{ env.REGISTRY }}/${{ matrix.service.image }}:latest
+          ${{ env.REGISTRY }}/${{ matrix.service.image }}:${{ github.sha }}
+        cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ matrix.service.image }}:buildcache
+        cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ matrix.service.image }}:buildcache,mode=max
+
+    - name: Set up kubectl
+      uses: azure/setup-kubectl@v3
+      with:
+        version: 'latest'
+
+    - name: Configure kubectl
+      run: |
+        mkdir -p $HOME/.kube
+        echo "${{ secrets.KUBECONFIG }}" | base64 -d > $HOME/.kube/config
+        chmod 600 $HOME/.kube/config
+
+    - name: Restart deployment
+      run: |
+        kubectl rollout restart deployment/${{ matrix.service.deployment }} -n ${{ env.NAMESPACE }}
+        kubectl rollout status deployment/${{ matrix.service.deployment }} -n ${{ env.NAMESPACE }} --timeout=5m
+
+    - name: Verify deployment
+      run: |
+        kubectl get pods -n ${{ env.NAMESPACE }} -l app=${{ matrix.service.deployment }}

.github/workflows/pr-validation.yml

@@ -0,0 +1,99 @@
+name: PR Validation
+
+on:
+  pull_request:
+    branches:
+      - main
+
+env:
+  REGISTRY: crretoxmas2024.azurecr.io
+  DOCS_MANAGER_IMAGE: reto-xmas-2025-goland-ia-backend-docs-manager
+  RAG_MANAGER_IMAGE: reto-xmas-2025-goland-ia-backend-rag-manager
+
+jobs:
+  build-validation:
+    name: Build Validation
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        service:
+          - name: docs-manager
+            path: ./DocsManager
+            image: reto-xmas-2025-goland-ia-backend-docs-manager
+          - name: rag-manager
+            path: ./RAGManager
+            image: reto-xmas-2025-goland-ia-backend-rag-manager
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Build Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: ${{ matrix.service.path }}
+        platforms: linux/amd64
+        load: true
+        tags: ${{ matrix.service.image }}:pr-${{ github.event.pull_request.number }}
+        cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ matrix.service.image }}:buildcache
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: ${{ matrix.service.image }}:pr-${{ github.event.pull_request.number }}
+        format: 'sarif'
+        output: 'trivy-results-${{ matrix.service.name }}.sarif'
+        severity: 'CRITICAL,HIGH'
+        exit-code: '0'
+
+    - name: Upload Trivy results to GitHub Security
+      uses: github/codeql-action/upload-sarif@v4
+      if: always()
+      with:
+        sarif_file: 'trivy-results-${{ matrix.service.name }}.sarif'
+        category: 'trivy-${{ matrix.service.name }}'
+
+    - name: Print Trivy results
+      if: always()
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: ${{ matrix.service.image }}:pr-${{ github.event.pull_request.number }}
+        format: 'table'
+        severity: 'CRITICAL,HIGH'
+        exit-code: '0'
+
+  pr-summary:
+    name: PR Summary
+    runs-on: ubuntu-latest
+    needs: [build-validation]
+    if: always()
+    steps:
+    - name: PR Comment
+      uses: actions/github-script@v7
+      with:
+        script: |
+          const buildStatus = '${{ needs.build-validation.result }}';
+
+          const statusEmoji = (status) => {
+            if (status === 'success') return '✅';
+            if (status === 'failure') return '❌';
+            return '⚠️';
+          };
+
+          let message = '## 🔍 PR Validation Results\n\n';
+          message += `| Check | Status |\n`;
+          message += `|-------|--------|\n`;
+          message += `| Build | ${statusEmoji(buildStatus)} ${buildStatus} |\n`;
+          message += `| Trivy | Check Security tab |\n\n`;
+          message += `[View detailed results](${context.payload.repository.html_url}/actions/runs/${context.runId})`;
+
+          github.rest.issues.createComment({
+            issue_number: context.issue.number,
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: message
+          });

DocsManager/Dockerfile

@@ -0,0 +1,13 @@
+FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim
+
+WORKDIR /app
+
+COPY pyproject.toml uv.lock* ./
+
+RUN uv sync --frozen --no-cache || uv sync --no-cache
+
+COPY . .
+
+EXPOSE 8000
+
+CMD ["uv", "run", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]

RAGManager/.python-version

@@ -1 +1 @@
-3.14
+3.12

RAGManager/Dockerfile

@@ -0,0 +1,13 @@
+FROM ghcr.io/astral-sh/uv:python3.12-bookworm-slim
+
+WORKDIR /app
+
+COPY pyproject.toml uv.lock* ./
+
+RUN uv sync --frozen --no-cache || uv sync --no-cache
+
+COPY . .
+
+EXPOSE 8000
+
+CMD ["uv", "run", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]

compose.yml

@@ -0,0 +1,85 @@
+services:
+  docs-manager:
+    build:
+      context: ./DocsManager
+      dockerfile: Dockerfile
+    container_name: docs-manager
+    ports:
+      - "8000:8000"
+    env_file:
+      - .env
+      - ./DocsManager/.env
+    depends_on:
+      db:
+        condition: service_healthy
+    restart: unless-stopped
+    environment:
+      - PYTHONUNBUFFERED=1
+      - SERVICE_NAME=docs-manager
+      - SERVICE_ROLE=document-handler
+
+  rag-manager:
+    build:
+      context: ./RAGManager
+      dockerfile: Dockerfile
+    container_name: rag-manager
+    ports:
+      - "8001:8000"
+    env_file:
+      - .env
+      - ./RAGManager/.env
+    depends_on:
+      db:
+        condition: service_healthy
+      rabbitmq:
+        condition: service_healthy
+    restart: unless-stopped
+    environment:
+      - PYTHONUNBUFFERED=1
+      - SERVICE_NAME=rag-manager
+      - SERVICE_ROLE=document-processor
+
+  db:
+    image: pgvector/pgvector:pg16
+    container_name: postgres-db
+    env_file:
+      - .env
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: ${POSTGRES_DB}
+    ports:
+      - "5432:5432"
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+      - ./db-init:/docker-entrypoint-initdb.d
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  rabbitmq:
+    image: rabbitmq:3.13-management-alpine
+    container_name: rabbitmq
+    ports:
+      - "5672:5672"
+      - "15672:15672"
+    env_file:
+      - .env
+    environment:
+      RABBITMQ_DEFAULT_USER: ${RABBITMQ_USER}
+      RABBITMQ_DEFAULT_PASS: ${RABBITMQ_PASSWORD}
+    volumes:
+      - rabbitmq_data:/var/lib/rabbitmq
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "rabbitmq-diagnostics", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+volumes:
+  postgres_data:
+  rabbitmq_data: