-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
23 changed files
with
721 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
coverage: | ||
status: | ||
project: | ||
default: false | ||
pkg: | ||
paths: | ||
- ai_commons | ||
informational: true | ||
patch: off |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
# Config for Dependabot updates. See Documentation here: | ||
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates | ||
|
||
version: 2 | ||
updates: | ||
# Update GitHub actions in workflows | ||
- package-ecosystem: 'github-actions' | ||
directory: '/' | ||
# Every weekday | ||
schedule: | ||
interval: 'daily' | ||
|
||
# Enable version updates for Docker | ||
# We need to specify each Dockerfile in a separate entry because Dependabot doesn't | ||
# support wildcards or recursively checking subdirectories. Check this issue for updates: | ||
# https://github.com/dependabot/dependabot-core/issues/2178 | ||
- package-ecosystem: 'docker' | ||
# Look for a `Dockerfile` in the `compose/local/django` directory | ||
directory: 'compose/local/django/' | ||
# Every weekday | ||
schedule: | ||
interval: 'daily' | ||
# Ignore minor version updates (3.10 -> 3.11) but update patch versions | ||
ignore: | ||
- dependency-name: '*' | ||
update-types: | ||
- 'version-update:semver-major' | ||
- 'version-update:semver-minor' | ||
|
||
- package-ecosystem: 'docker' | ||
# Look for a `Dockerfile` in the `compose/local/docs` directory | ||
directory: 'compose/local/docs/' | ||
# Every weekday | ||
schedule: | ||
interval: 'daily' | ||
# Ignore minor version updates (3.10 -> 3.11) but update patch versions | ||
ignore: | ||
- dependency-name: '*' | ||
update-types: | ||
- 'version-update:semver-major' | ||
- 'version-update:semver-minor' | ||
|
||
- package-ecosystem: 'docker' | ||
# Look for a `Dockerfile` in the `compose/local/node` directory | ||
directory: 'compose/local/node/' | ||
# Every weekday | ||
schedule: | ||
interval: 'daily' | ||
|
||
- package-ecosystem: 'docker' | ||
# Look for a `Dockerfile` in the `compose/production/aws` directory | ||
directory: 'compose/production/aws/' | ||
# Every weekday | ||
schedule: | ||
interval: 'daily' | ||
|
||
- package-ecosystem: 'docker' | ||
# Look for a `Dockerfile` in the `compose/production/django` directory | ||
directory: 'compose/production/django/' | ||
# Every weekday | ||
schedule: | ||
interval: 'daily' | ||
# Ignore minor version updates (3.10 -> 3.11) but update patch versions | ||
ignore: | ||
- dependency-name: '*' | ||
update-types: | ||
- 'version-update:semver-major' | ||
- 'version-update:semver-minor' | ||
|
||
- package-ecosystem: 'docker' | ||
# Look for a `Dockerfile` in the `compose/production/postgres` directory | ||
directory: 'compose/production/postgres/' | ||
# Every weekday | ||
schedule: | ||
interval: 'daily' | ||
|
||
- package-ecosystem: 'docker' | ||
# Look for a `Dockerfile` in the `compose/production/traefik` directory | ||
directory: 'compose/production/traefik/' | ||
# Every weekday | ||
schedule: | ||
interval: 'daily' | ||
|
||
# Enable version updates for Python/Pip - Production | ||
- package-ecosystem: 'pip' | ||
# Look for a `requirements.txt` in the `root` directory | ||
# also 'setup.cfg', 'runtime.txt' and 'requirements/*.txt' | ||
directory: '/' | ||
# Every weekday | ||
schedule: | ||
interval: 'daily' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
# Refer to Kubernetes for size/* Settings | ||
# https://github.com/Kubernetes/Kubernetes | ||
XS: | ||
name: size/XS | ||
lines: 0 | ||
color: 3CBF00 | ||
S: | ||
name: size/S | ||
lines: 10 | ||
color: 5D9801 | ||
M: | ||
name: size/M | ||
lines: 30 | ||
color: 7F7203 | ||
L: | ||
name: size/L | ||
lines: 100 | ||
color: A14C05 | ||
XL: | ||
name: size/XL | ||
lines: 500 | ||
color: C32607 | ||
XXL: | ||
name: size/XXL | ||
lines: 1000 | ||
color: E50009 | ||
comment: | | ||
## 🤖 Whoa! Easy there, Partner! | ||
This PR is too big. It's over 1000. Please break it up into smaller PRs. | ||
XXXL: | ||
name: size/XXXL | ||
lines: 5000 | ||
color: FF0000 | ||
comment: | | ||
## 🤖 Whoa! Easy there, Partner! | ||
This PR is too big. It's over 5000. Please break it up into smaller PRs. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
publishDay: sun | ||
canPublishIssues: true | ||
canPublishPullRequests: true | ||
canPublishContributors: true | ||
canPublishStargazers: true | ||
canPublishCommits: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
name: Docker Build and Push | ||
|
||
on: | ||
push: | ||
tags: | ||
- 'v*.*.*' # 例如 v1.0.0, v2.1.3 | ||
- 'v*.*.*-*' # 例如 v1.0.0-beta.1 | ||
branches: | ||
- main | ||
workflow_dispatch: | ||
|
||
jobs: | ||
build-and-push: | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
include: | ||
- project: django | ||
context: . | ||
dockerfile: ./compose/production/django/Dockerfile | ||
architectures: linux/amd64,linux/arm64 | ||
- project: postgres | ||
context: . | ||
dockerfile: ./compose/production/postgres/Dockerfile | ||
architectures: linux/amd64,linux/arm64 | ||
- project: traefik | ||
context: . | ||
dockerfile: ./compose/production/traefik/Dockerfile | ||
architectures: linux/amd64,linux/arm64 | ||
- project: nginx | ||
context: . | ||
dockerfile: ./compose/production/nginx/Dockerfile | ||
architectures: linux/amd64,linux/arm64 | ||
- project: awscli | ||
context: . | ||
dockerfile: ./compose/production/aws/Dockerfile | ||
architectures: linux/amd64,linux/arm64 | ||
|
||
steps: | ||
# 1. 检出代码 | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 # 确保获取所有标签 | ||
|
||
# 2. 设置 Docker Buildx | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
# 3. 登录 Docker Hub | ||
- name: Log in to Docker Hub | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ secrets.DOCKER_USERNAME }} | ||
password: ${{ secrets.DOCKER_PASSWORD }} | ||
|
||
# 4. 登录阿里云容器注册表 | ||
- name: Log in to AliYun Docker Registry | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: registry.cn-hangzhou.aliyuncs.com | ||
username: ${{ secrets.ALIREGISTRY_USERNAME }} | ||
password: ${{ secrets.ALIREGISTRY_TOKEN }} | ||
|
||
# 5. 登录 GitHub Container Registry | ||
- name: Log in to GitHub Container Registry | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.repository_owner }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
# 6. 获取 Docker 元数据 | ||
- name: Get Docker metadata | ||
id: metadata | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: | | ||
docker.io/yourdockerhubusername/ai_feedback_production_${{ matrix.project }} | ||
registry.cn-hangzhou.aliyuncs.com/youraliyunusername/ai_feedback_production_${{ matrix.project }} | ||
ghcr.io/yourgithubusername/ai_feedback_production_${{ matrix.project }} | ||
tags: | | ||
type=ref,event=tag | ||
type=semver,pattern={{version}} | ||
type=semver,pattern=v{{version}} | ||
type=semver,pattern={{major}}.{{minor}} | ||
type=semver,pattern={{major}} | ||
type=sha | ||
# 7. 构建并推送 Docker 镜像 | ||
- name: Build and push Docker image | ||
uses: docker/build-push-action@v6 | ||
with: | ||
context: ${{ matrix.context }} | ||
file: ${{ matrix.dockerfile }} | ||
push: true | ||
tags: ${{ steps.metadata.outputs.tags }} | ||
platforms: ${{ matrix.architectures }} | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max | ||
|
||
# 8. 安全扫描(可选) | ||
- name: Scan Docker image for vulnerabilities | ||
uses: aquasecurity/trivy-action@0.24.0 | ||
with: | ||
image-ref: yourdockerhubusername/ai_feedback_production_${{ matrix.project }}:${{ steps.metadata.outputs.version }} | ||
format: 'table' | ||
exit-code: '0' | ||
|
||
# 9. 清理未使用的 Docker 镜像 | ||
- name: Clean up Docker | ||
run: docker system prune -f |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
name: CI | ||
|
||
# Enable Buildkit and let compose use it to speed up image building | ||
env: | ||
DOCKER_BUILDKIT: 1 | ||
COMPOSE_DOCKER_CLI_BUILD: 1 | ||
|
||
on: | ||
pull_request: | ||
branches: ['main'] | ||
paths-ignore: ['docs/**'] | ||
|
||
concurrency: | ||
group: ${{ github.head_ref || github.run_id }} | ||
cancel-in-progress: true | ||
|
||
jobs: | ||
linter: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout Code Repository | ||
uses: actions/checkout@v4 | ||
|
||
- name: Set up Python | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: '3.12' | ||
- name: Run pre-commit | ||
uses: pre-commit/action@v3.0.1 | ||
|
||
# With no caching at all the entire ci process takes 3m to complete! | ||
pytest: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout Code Repository | ||
uses: actions/checkout@v4 | ||
|
||
- name: Build the Stack | ||
run: docker compose -f docker-compose.local.yml build django | ||
|
||
- name: Build the docs | ||
run: docker compose -f docker-compose.docs.yml build docs | ||
|
||
- name: Run DB Migrations | ||
run: docker compose -f docker-compose.local.yml run --rm django python manage.py migrate | ||
|
||
- name: Run Django Tests | ||
run: docker compose -f docker-compose.local.yml run django pytest | ||
|
||
- name: Tear down the Stack | ||
run: docker compose -f docker-compose.local.yml down |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
name: e2e | ||
|
||
on: | ||
workflow_dispatch: | ||
pull_request: | ||
branches: | ||
- main | ||
|
||
jobs: | ||
build: | ||
name: Test | ||
runs-on: ubuntu-latest | ||
env: | ||
GO111MODULE: on | ||
steps: | ||
|
||
- name: Set up Go 1.21 | ||
uses: actions/setup-go@v5 | ||
with: | ||
go-version: 1.21 | ||
id: go | ||
|
||
- name: Upload coverage reports to Codecov | ||
uses: codecov/codecov-action@v4 | ||
env: | ||
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | ||
|
||
- name: Check out code into the Go module directory | ||
uses: actions/checkout@v4 | ||
|
||
- name: Create e2e test | ||
run: | | ||
echo "...test e2e" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
FROM docker.io/amazon/aws-cli:2.17.0 | ||
|
||
COPY ./compose/production/aws/maintenance /usr/local/bin/maintenance | ||
COPY ./compose/production/postgres/maintenance/_sourced /usr/local/bin/maintenance/_sourced | ||
|
||
RUN chmod +x /usr/local/bin/maintenance/* | ||
|
||
RUN mv /usr/local/bin/maintenance/* /usr/local/bin \ | ||
&& rmdir /usr/local/bin/maintenance |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
#!/bin/sh | ||
|
||
### Download a file from your Amazon S3 bucket to the postgres /backups folder | ||
### | ||
### Usage: | ||
### $ docker compose -f docker-compose.production.yml run --rm awscli <1> | ||
|
||
set -o errexit | ||
set -o pipefail | ||
set -o nounset | ||
|
||
working_dir="$(dirname ${0})" | ||
source "${working_dir}/_sourced/constants.sh" | ||
source "${working_dir}/_sourced/messages.sh" | ||
|
||
export AWS_ACCESS_KEY_ID="${DJANGO_AWS_ACCESS_KEY_ID}" | ||
export AWS_SECRET_ACCESS_KEY="${DJANGO_AWS_SECRET_ACCESS_KEY}" | ||
export AWS_STORAGE_BUCKET_NAME="${DJANGO_AWS_STORAGE_BUCKET_NAME}" | ||
|
||
|
||
aws s3 cp s3://${AWS_STORAGE_BUCKET_NAME}${BACKUP_DIR_PATH}/${1} ${BACKUP_DIR_PATH}/${1} | ||
|
||
message_success "Finished downloading ${1}." |
Oops, something went wrong.