This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Staging | |
| on: | |
| workflow_dispatch: | |
| push: | |
| paths: | |
| - "backend/**" | |
| - "extractor/**" | |
| branches: | |
| - dev | |
| jobs: | |
| deploy_extractor_staging: | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| permissions: | |
| contents: "read" | |
| id-token: "write" | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - id: "auth" | |
| uses: "google-github-actions/auth@v2" | |
| env: | |
| GCP_JSON_CREDENTIALS: ${{ secrets.GCP_JSON_CREDENTIALS }} | |
| with: | |
| credentials_json: ${{ secrets.GCP_JSON_CREDENTIALS }} | |
| - name: Set up GCP Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| with: | |
| project_id: ${{ vars.GCP_PROJECT_ID }} | |
| - name: "Use gcloud CLI" | |
| run: "gcloud info" | |
| - name: Build the container image | |
| env: | |
| GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }} | |
| run: | | |
| cp -r phospho-python extractor/phospho-python | |
| cd extractor | |
| gcloud builds submit --config cloudbuild-staging.yaml | |
| - name: Deploy to Cloud Run in Staging Env | |
| env: | |
| GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }} | |
| OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} | |
| MONGODB_URL: ${{ secrets.MONGODB_URL }} | |
| MONGODB_NAME: ${{ vars.MONGODB_NAME }} | |
| EXTRACTOR_SECRET_KEY: ${{ secrets.EXTRACTOR_SECRET_KEY }} | |
| EXTRACTOR_SENTRY_DSN: ${{ secrets.EXTRACTOR_SENTRY_DSN }} | |
| QDRANT_URL: ${{ secrets.QDRANT_URL }} | |
| QDRANT_API_KEY: ${{ secrets.QDRANT_API_KEY }} | |
| GCP_JSON_CREDENTIALS_NATURAL_LANGUAGE_PROCESSING: ${{ secrets.GCP_JSON_CREDENTIALS_NATURAL_LANGUAGE_PROCESSING }} | |
| TEMPORAL_HOST_URL: ${{ vars.TEMPORAL_HOST_URL }} | |
| TEMPORAL_NAMESPACE: ${{ vars.TEMPORAL_NAMESPACE }} | |
| TEMPORAL_MTLS_TLS_CERT_BASE64: ${{ secrets.TEMPORAL_MTLS_TLS_CERT_BASE64 }} | |
| TEMPORAL_MTLS_TLS_KEY_BASE64: ${{ secrets.TEMPORAL_MTLS_TLS_KEY_BASE64 }} | |
| STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }} | |
| STRIPE_WEBHOOK_SECRET: ${{ secrets.STRIPE_WEBHOOK_SECRET }} | |
| run: | | |
| gcloud run deploy phospho-extractor-staging \ | |
| --project $GCP_PROJECT_ID \ | |
| --port 8080 \ | |
| --region europe-west1 \ | |
| --allow-unauthenticated \ | |
| --set-env-vars OPENAI_API_KEY=$OPENAI_API_KEY,ENVIRONMENT=staging,MONGODB_URL=$MONGODB_URL,MONGODB_NAME=$MONGODB_NAME,EXTRACTOR_SECRET_KEY=$EXTRACTOR_SECRET_KEY,EXTRACTOR_SENTRY_DSN=$EXTRACTOR_SENTRY_DSN,QDRANT_URL=$QDRANT_URL,QDRANT_API_KEY=$QDRANT_API_KEY,GCP_JSON_CREDENTIALS_NATURAL_LANGUAGE_PROCESSING=$GCP_JSON_CREDENTIALS_NATURAL_LANGUAGE_PROCESSING \ | |
| --set-env-vars TEMPORAL_HOST_URL=$TEMPORAL_HOST_URL,TEMPORAL_NAMESPACE=$TEMPORAL_NAMESPACE,TEMPORAL_MTLS_TLS_CERT_BASE64=$TEMPORAL_MTLS_TLS_CERT_BASE64,TEMPORAL_MTLS_TLS_KEY_BASE64=$TEMPORAL_MTLS_TLS_KEY_BASE64,STRIPE_SECRET_KEY=$STRIPE_SECRET_KEY,STRIPE_WEBHOOK_SECRET=$STRIPE_WEBHOOK_SECRET \ | |
| --image europe-west1-docker.pkg.dev/portal-385519/phospho-extractor/app:staging | |
| deploy_backend_staging: | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| permissions: | |
| contents: "read" | |
| id-token: "write" | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - id: "auth" | |
| uses: "google-github-actions/auth@v2" | |
| env: | |
| GCP_JSON_CREDENTIALS: ${{ secrets.GCP_JSON_CREDENTIALS }} | |
| with: | |
| credentials_json: ${{ secrets.GCP_JSON_CREDENTIALS }} | |
| - name: Set up GCP Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| with: | |
| project_id: ${{ vars.GCP_PROJECT_ID }} | |
| - name: "Use gcloud CLI" | |
| run: "gcloud info" | |
| - name: Build the container image | |
| env: | |
| GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }} | |
| run: | | |
| cp -r phospho-python backend/phospho-python | |
| cd backend | |
| gcloud builds submit --config cloudbuild-staging.yaml | |
| - name: Deploy to Cloud Run in Staging Env | |
| env: | |
| OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} | |
| RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }} | |
| GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }} | |
| SLACK_URL: ${{ secrets.SLACK_URL }} | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| PROPELAUTH_API_KEY: ${{ secrets.PROPELAUTH_API_KEY }} | |
| PROPELAUTH_URL: ${{ vars.PROPELAUTH_URL }} | |
| MONGODB_URL: ${{ secrets.MONGODB_URL }} | |
| MONGODB_NAME: ${{ vars.MONGODB_NAME }} | |
| QDRANT_URL: ${{ secrets.QDRANT_URL }} | |
| QDRANT_API_KEY: ${{ secrets.QDRANT_API_KEY }} | |
| PHOSPHO_API_KEY_ONBOARDING: ${{ secrets.PHOSPHO_API_KEY_ONBOARDING }} | |
| STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }} | |
| STRIPE_WEBHOOK_SECRET: ${{ secrets.STRIPE_WEBHOOK_SECRET }} | |
| EXTRACTOR_SECRET_KEY: ${{ secrets.EXTRACTOR_SECRET_KEY }} | |
| EXTRACTOR_URL: ${{ vars.EXTRACTOR_URL }} | |
| ANYSCALE_API_KEY: ${{ secrets.ANYSCALE_API_KEY }} | |
| PHOSPHO_AI_HUB_URL: ${{ secrets.PHOSPHO_AI_HUB_URL }} | |
| PHOSPHO_AI_HUB_API_KEY: ${{ secrets.PHOSPHO_AI_HUB_API_KEY }} | |
| CRON_SECRET_KEY: ${{ secrets.CRON_SECRET_KEY }} | |
| IS_MAINTENANCE: ${{ vars.IS_MAINTENANCE }} | |
| ARGILLA_URL: ${{ vars.ARGILLA_URL }} | |
| ARGILLA_API_KEY: ${{ secrets.ARGILLA_API_KEY }} | |
| SQLDB_CONNECTION_STRING: ${{ secrets.SQLDB_CONNECTION_STRING }} | |
| CUSTOMERIO_WRITE_KEY: ${{ secrets.CUSTOMERIO_WRITE_KEY }} | |
| TEMPORAL_HOST_URL: ${{ vars.TEMPORAL_HOST_URL }} | |
| TEMPORAL_NAMESPACE: ${{ vars.TEMPORAL_NAMESPACE }} | |
| TEMPORAL_MTLS_TLS_CERT_BASE64: ${{ secrets.TEMPORAL_MTLS_TLS_CERT_BASE64 }} | |
| TEMPORAL_MTLS_TLS_KEY_BASE64: ${{ secrets.TEMPORAL_MTLS_TLS_KEY_BASE64 }} | |
| run: | | |
| gcloud run deploy phospho-backend-staging \ | |
| --project $GCP_PROJECT_ID \ | |
| --port 80 \ | |
| --memory 1Gi \ | |
| --region europe-west1 \ | |
| --allow-unauthenticated \ | |
| --set-env-vars OPENAI_API_KEY=$OPENAI_API_KEY,RESEND_API_KEY=$RESEND_API_KEY,ENVIRONMENT=staging,SLACK_URL=$SLACK_URL,SENTRY_DSN=$SENTRY_DSN,PROPELAUTH_API_KEY=$PROPELAUTH_API_KEY,PROPELAUTH_URL=$PROPELAUTH_URL,MONGODB_URL=$MONGODB_URL,MONGODB_NAME=$MONGODB_NAME,QDRANT_URL=$QDRANT_URL,QDRANT_API_KEY=$QDRANT_API_KEY,PHOSPHO_API_KEY_ONBOARDING=$PHOSPHO_API_KEY_ONBOARDING,STRIPE_SECRET_KEY=$STRIPE_SECRET_KEY,STRIPE_WEBHOOK_SECRET=$STRIPE_WEBHOOK_SECRET,EXTRACTOR_SECRET_KEY=$EXTRACTOR_SECRET_KEY,EXTRACTOR_URL=$EXTRACTOR_URL,ANYSCALE_API_KEY=$ANYSCALE_API_KEY,IS_MAINTENANCE=$IS_MAINTENANCE \ | |
| --set-env-vars PHOSPHO_AI_HUB_URL=$PHOSPHO_AI_HUB_URL,PHOSPHO_AI_HUB_API_KEY=$PHOSPHO_AI_HUB_API_KEY,CRON_SECRET_KEY=$CRON_SECRET_KEY \ | |
| --set-env-vars ARGILLA_URL=$ARGILLA_URL,ARGILLA_API_KEY=$ARGILLA_API_KEY \ | |
| --set-env-vars SQLDB_CONNECTION_STRING=$SQLDB_CONNECTION_STRING,CUSTOMERIO_WRITE_KEY=$CUSTOMERIO_WRITE_KEY \ | |
| --set-env-vars TEMPORAL_HOST_URL=$TEMPORAL_HOST_URL,TEMPORAL_NAMESPACE=$TEMPORAL_NAMESPACE,TEMPORAL_MTLS_TLS_CERT_BASE64=$TEMPORAL_MTLS_TLS_CERT_BASE64,TEMPORAL_MTLS_TLS_KEY_BASE64=$TEMPORAL_MTLS_TLS_KEY_BASE64 \ | |
| --image europe-west1-docker.pkg.dev/portal-385519/phospho-backend/app:staging | |
| run_python_integration_tests: | |
| needs: [deploy_extractor_staging, deploy_backend_staging] | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| permissions: | |
| contents: "read" | |
| defaults: | |
| run: | |
| working-directory: backend | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install Poetry | |
| uses: snok/install-poetry@v1 | |
| with: | |
| virtualenvs-create: true | |
| virtualenvs-in-project: true | |
| installer-parallel: true | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| cache: "poetry" | |
| # Install dependencies if cache does not exist | |
| - name: Install dependencies | |
| run: | | |
| poetry install --with dev --no-interaction --no-root | |
| - name: Test with pytest | |
| env: | |
| OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} | |
| FIREBASE_TEST_KEY: ${{ secrets.FIREBASE_TEST_KEY }} | |
| FIREBASE_PRODUCTION_KEY: ${{ secrets.FIREBASE_PRODUCTION_KEY }} | |
| RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }} | |
| ENVIRONMENT: "staging" | |
| SLACK_URL: ${{ secrets.SLACK_URL }} | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| PROPELAUTH_API_KEY: ${{ secrets.PROPELAUTH_API_KEY }} | |
| PROPELAUTH_URL: ${{ vars.PROPELAUTH_URL }} | |
| MONGODB_URL: ${{ secrets.MONGODB_URL }} | |
| MONGODB_NAME: ${{ vars.MONGODB_NAME }} | |
| QDRANT_URL: ${{ secrets.QDRANT_URL }} | |
| QDRANT_API_KEY: ${{ secrets.QDRANT_API_KEY }} | |
| # Test API key for the phospho API | |
| PHOSPHO_API_KEY: ${{ secrets.PHOSPHO_API_KEY }} | |
| PHOSPHO_BACKEND_URL: ${{ vars.PHOSPHO_BACKEND_URL }} | |
| TEST_PROPELAUTH_ORG_ID: ${{ vars.TEST_PROPELAUTH_ORG_ID }} | |
| TEST_PROPELAUTH_USER_ID: ${{ vars.TEST_PROPELAUTH_USER_ID }} | |
| PHOSPHO_API_KEY_ONBOARDING: ${{ secrets.PHOSPHO_API_KEY_ONBOARDING }} | |
| STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }} | |
| STRIPE_WEBHOOK_SECRET: ${{ secrets.STRIPE_WEBHOOK_SECRET }} | |
| EXTRACTOR_SECRET_KEY: ${{ secrets.EXTRACTOR_SECRET_KEY }} | |
| EXTRACTOR_URL: ${{ vars.EXTRACTOR_URL }} | |
| ANYSCALE_API_KEY: ${{ secrets.ANYSCALE_API_KEY }} | |
| ARGILLA_URL: ${{ vars.ARGILLA_URL }} | |
| ARGILLA_API_KEY: ${{ secrets.ARGILLA_API_KEY }} | |
| TEMPORAL_HOST_URL: ${{ vars.TEMPORAL_HOST_URL }} | |
| TEMPORAL_NAMESPACE: ${{ vars.TEMPORAL_NAMESPACE }} | |
| TEMPORAL_MTLS_TLS_CERT_BASE64: ${{ secrets.TEMPORAL_MTLS_TLS_CERT_BASE64 }} | |
| TEMPORAL_MTLS_TLS_KEY_BASE64: ${{ secrets.TEMPORAL_MTLS_TLS_KEY_BASE64 }} | |
| # Specify here the tests you want to run after the -k flag | |
| run: | | |
| source .venv/bin/activate | |
| poetry run pytest tests/integration/ -vvv |