Deploy workbench-service from public repo (#63)

microsoft · Sep 30, 2024 · 0fa0f25 · 0fa0f25
1 parent ce4161f
commit 0fa0f25
Show file tree

Hide file tree

Showing 9 changed files with 130 additions and 14 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,19 @@
+# files
+
+.DS_Store
+.dockerignore
+.env
+README.md
+Dockerfile
+Dockerfile.*
+Makefile
+
+# dirs
+
+.vscode
+.github
+.devcontainer
+.data
+__pycache__
+.pytest_cache
+.venv
diff --git a/.github/workflows/semantic-workbench-service.yml b/.github/workflows/semantic-workbench-service.yml
@@ -1,4 +1,4 @@
-name: semantic workbench service validation
+name: workbench service test and deploy
 
 on:
   pull_request:
@@ -53,3 +53,46 @@ jobs:
       - name: pytest
         run: |
           poetry run pytest --dbtype=${{ matrix.dbtype }}
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: docker-build-workbench
+        run: |
+          make docker-build-workbench
+
+  deploy:
+    runs-on: ubuntu-latest
+    environment: production
+    permissions:
+      id-token: write # for OIDC login
+      contents: read
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}-workbench
+    needs: [build, test]
+    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+    env:
+      DOCKER_IMAGE_TAG: ${{ github.sha }}
+      DOCKER_REGISTRY_NAME: ${{ secrets.AZURE_CONTAINER_REGISTRY_NAME }}
+      AZURE_WEBSITE_NAME: ${{ secrets.AZURE_WORKBENCH_SERVICE_NAME }}
+      AZURE_WEBSITE_RESOURCE_GROUP: ${{ secrets.AZURE_WEBSITE_RESOURCE_GROUP }}
+      AZURE_WEBSITE_SUBSCRIPTION: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: azure/login@v2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: docker-push-workbench
+        run: |
+          make docker-push-workbench
+
+      - name: docker-deploy-workbench
+        run: |
+          make docker-deploy-workbench
diff --git a/...h-service/scripts/azure_website_sshd.conf → tools/docker/azure_website_sshd.conf b/...h-service/scripts/azure_website_sshd.conf → tools/docker/azure_website_sshd.conf
diff --git a/tools/docker/docker-entrypoint.sh b/tools/docker/docker-entrypoint.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -e
+
+# if SSHD_PORT is set, start sshd
+if [ -n "${SSHD_PORT}" ]; then
+    service ssh start
+fi
+
+exec "$@"
diff --git a/tools/makefiles/docker.mk b/tools/makefiles/docker.mk
@@ -11,8 +11,8 @@ DOCKER_BUILD_ARGS ?=
 AZURE_WEBSITE_NAME ?=
 AZURE_WEBSITE_SLOT ?= staging
 AZURE_WEBSITE_TARGET_SLOT ?= production
-AZURE_WEBSITE_SUBSCRIPTION ?= 8a673afb-d858-4a97-a490-2625396d1484
-AZURE_WEBSITE_RESOURCE_GROUP ?= rg-semantic-workbench
+AZURE_WEBSITE_SUBSCRIPTION ?= 
+AZURE_WEBSITE_RESOURCE_GROUP ?= 
 
 require_value = $(foreach var,$(1),$(if $(strip $($(var))),,$(error "Variable $(var) is not set: $($(var))")))
 
@@ -24,11 +24,7 @@ require_value = $(foreach var,$(1),$(if $(strip $($(var))),,$(error "Variable $(
 .PHONY: .docker-push
 .docker-push: .docker-build
 	$(call require_value,DOCKER_REGISTRY_NAME DOCKER_REGISTRY_HOST DOCKER_IMAGE_NAME DOCKER_IMAGE_TAG)
-ifndef DOCKER_PASSWORD
 	az acr login --name $(DOCKER_REGISTRY_NAME)
-else
-	@ echo "$(DOCKER_PASSWORD)" | docker login $(DOCKER_REGISTRY_HOST) --username $(DOCKER_USERNAME) --password-stdin
-endif
 	docker tag $(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) $(DOCKER_REGISTRY_HOST)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)
 	docker push $(DOCKER_REGISTRY_HOST)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)
 ifeq ($(DOCKER_PUSH_LATEST),true)

diff --git a/workbench-service/.dockerignore b/workbench-service/.dockerignore
@@ -0,0 +1,3 @@
+infra/
+devdb/
+tests/
diff --git a/workbench-service/Dockerfile b/workbench-service/Dockerfile
@@ -0,0 +1,46 @@
+ARG python_image=python:3.11-slim
+
+FROM ${python_image} AS build
+
+RUN python3 -m venv /venv
+ENV PATH=/venv/bin:$PATH
+
+RUN pip3 install --no-cache-dir --upgrade pip
+
+COPY ./libraries/python/semantic-workbench-api-model /packages/libraries/python/semantic-workbench-api-model
+COPY ./workbench-service /packages/workbench-service
+
+RUN pip3 install --no-cache-dir /packages/workbench-service
+
+FROM ${python_image}
+
+# BEGIN: enable ssh in azure web app - comment out if not needed
+########
+# install sshd and set password for root
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    openssh-server \
+    && rm -rf /var/lib/apt/lists/* \
+    && echo "root:Docker!" | chpasswd
+
+# azure sshd config
+COPY ./tools/docker/azure_website_sshd.conf /etc/ssh/sshd_config
+ENV SSHD_PORT=2222
+########
+# END: enable ssh in azure web app
+
+COPY --from=build /venv /venv
+ENV PATH=/venv/bin:$PATH
+
+# alembic migrations related files
+COPY ./workbench-service/alembic.ini /workbench-service/alembic.ini
+COPY ./workbench-service/migrations /workbench-service/migrations
+
+# entrypoint script
+COPY ./tools/docker/docker-entrypoint.sh /scripts/docker-entrypoint.sh
+RUN chmod +x /scripts/docker-entrypoint.sh
+
+WORKDIR /workbench-service
+
+SHELL ["/bin/bash", "-c"]
+ENTRYPOINT ["/scripts/docker-entrypoint.sh"]
+CMD ["start-semantic-workbench-service"]
diff --git a/workbench-service/Makefile b/workbench-service/Makefile
@@ -22,3 +22,9 @@ ifndef migration
 else
 	WORKBENCH__DB__URL="$(WORKBENCH__DB__URL)" alembic revision --autogenerate -m "$(migration)"
 endif
+
+include $(repo_root)/tools/makefiles/docker.mk
+
+DOCKER_PATH = ../
+
+docker-%: DOCKER_IMAGE_NAME := workbench
diff --git a/workbench-service/scripts/docker-entrypoint.sh b/workbench-service/scripts/docker-entrypoint.sh