Compare commits
3 Commits
main
...
feat/ci-au
| Author | SHA1 | Date | |
|---|---|---|---|
| 9fe44ae560 | |||
| da9dbd7827 | |||
| a1a37c77f6 |
@@ -340,8 +340,6 @@ steps:
|
||||
|
||||
# ─── Deploy to Docker Swarm (main only) ─────────────────────
|
||||
|
||||
# ─── Deploy to Docker Swarm via Portainer (main only) ─────────────────────
|
||||
|
||||
deploy-swarm:
|
||||
image: alpine:3
|
||||
environment:
|
||||
@@ -349,30 +347,23 @@ steps:
|
||||
from_secret: ssh_private_key
|
||||
SSH_KNOWN_HOSTS:
|
||||
from_secret: ssh_known_hosts
|
||||
PORTAINER_URL:
|
||||
from_secret: portainer_url
|
||||
PORTAINER_API_KEY:
|
||||
from_secret: portainer_api_key
|
||||
commands:
|
||||
- apk add --no-cache curl openssh-client
|
||||
- apk add --no-cache openssh-client
|
||||
- |
|
||||
set -e
|
||||
echo "🚀 Deploying to Docker Swarm..."
|
||||
|
||||
# Setup SSH for fallback
|
||||
# Setup SSH
|
||||
mkdir -p ~/.ssh
|
||||
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
|
||||
chmod 600 ~/.ssh/known_hosts
|
||||
echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
|
||||
chmod 600 ~/.ssh/id_ed25519
|
||||
|
||||
# Force service updates (images are pulled from public registry)
|
||||
ssh -o StrictHostKeyChecking=no localadmin@10.1.1.45 \
|
||||
"docker service update --with-registry-auth --force mosaic-stack-api && \
|
||||
docker service update --with-registry-auth --force mosaic-stack-web && \
|
||||
docker service update --with-registry-auth --force mosaic-stack-orchestrator && \
|
||||
docker service update --with-registry-auth --force mosaic-stack-coordinator && \
|
||||
echo '✅ All services updated'"
|
||||
# Deploy to swarm
|
||||
echo "🚀 Deploying to Docker Swarm..."
|
||||
ssh -o StrictHostKeyChecking=no mosaic@10.1.1.45 \
|
||||
"cd /opt/mosaic-stack && \
|
||||
docker login git.mosaicstack.dev -u \$(echo \$GITEA_USER) -p \$GITEA_TOKEN || true && \
|
||||
docker stack deploy -c docker-compose.yml mosaic"
|
||||
when:
|
||||
- branch: [main]
|
||||
event: [push, manual, tag]
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
-- MS21: Add admin, local auth, and invitation fields to users table
|
||||
-- These columns were added to schema.prisma but never captured in a migration.
|
||||
|
||||
ALTER TABLE "users"
|
||||
ADD COLUMN IF NOT EXISTS "deactivated_at" TIMESTAMPTZ,
|
||||
ADD COLUMN IF NOT EXISTS "is_local_auth" BOOLEAN NOT NULL DEFAULT false,
|
||||
ADD COLUMN IF NOT EXISTS "password_hash" TEXT,
|
||||
ADD COLUMN IF NOT EXISTS "invited_by" UUID,
|
||||
ADD COLUMN IF NOT EXISTS "invitation_token" TEXT,
|
||||
ADD COLUMN IF NOT EXISTS "invited_at" TIMESTAMPTZ;
|
||||
|
||||
-- CreateIndex
|
||||
CREATE UNIQUE INDEX IF NOT EXISTS "users_invitation_token_key" ON "users"("invitation_token");
|
||||
@@ -601,21 +601,9 @@ class TestCoordinatorIntegration:
|
||||
coordinator = Coordinator(queue_manager=queue_manager, poll_interval=0.02)
|
||||
|
||||
task = asyncio.create_task(coordinator.start())
|
||||
|
||||
# Poll for completion with timeout instead of fixed sleep
|
||||
deadline = asyncio.get_event_loop().time() + 5.0 # 5 second timeout
|
||||
while asyncio.get_event_loop().time() < deadline:
|
||||
all_completed = True
|
||||
for i in range(157, 162):
|
||||
item = queue_manager.get_item(i)
|
||||
if item is None or item.status != QueueItemStatus.COMPLETED:
|
||||
all_completed = False
|
||||
break
|
||||
if all_completed:
|
||||
break
|
||||
await asyncio.sleep(0.05)
|
||||
|
||||
await asyncio.sleep(0.5) # Allow time for processing
|
||||
await coordinator.stop()
|
||||
|
||||
task.cancel()
|
||||
try:
|
||||
await task
|
||||
|
||||
@@ -9,8 +9,6 @@
|
||||
# - OpenBao: Standalone container (see docker-compose.openbao.yml)
|
||||
# - Authentik: External OIDC provider
|
||||
# - Ollama: External AI inference
|
||||
# - PostgreSQL: Provided by the openbrain stack (openbrain_brain-db)
|
||||
# Deploy openbrain stack before this stack.
|
||||
#
|
||||
# Usage (Portainer):
|
||||
# 1. Stacks -> Add Stack -> Upload or paste
|
||||
@@ -38,75 +36,37 @@
|
||||
# Required vars use plain ${VAR} — the app validates at startup.
|
||||
#
|
||||
# ==============================================
|
||||
# DATABASE (openbrain_brain-db — external)
|
||||
# ==============================================
|
||||
#
|
||||
# This stack uses the PostgreSQL instance from the openbrain stack.
|
||||
# The openbrain stack must be deployed first and its brain-internal
|
||||
# overlay network must exist.
|
||||
#
|
||||
# Required env vars for DB access:
|
||||
# BRAIN_DB_ADMIN_USER — openbrain superuser (default: openbrain)
|
||||
# BRAIN_DB_ADMIN_PASSWORD — openbrain superuser password
|
||||
# (must match openbrain stack POSTGRES_PASSWORD)
|
||||
# POSTGRES_USER — mosaic application DB user (created by mosaic-db-init)
|
||||
# POSTGRES_PASSWORD — mosaic application DB password
|
||||
# POSTGRES_DB — mosaic application database name (default: mosaic)
|
||||
#
|
||||
# ==============================================
|
||||
|
||||
services:
|
||||
# ============================================
|
||||
# DATABASE INIT
|
||||
# CORE INFRASTRUCTURE
|
||||
# ============================================
|
||||
|
||||
# ======================
|
||||
# Mosaic Database Init
|
||||
# PostgreSQL Database
|
||||
# ======================
|
||||
# Creates the mosaic application user and database in the shared
|
||||
# openbrain PostgreSQL instance (openbrain_brain-db).
|
||||
# Runs once and exits. Idempotent — safe to run on every deploy.
|
||||
mosaic-db-init:
|
||||
image: postgres:17-alpine
|
||||
postgres:
|
||||
image: git.mosaicstack.dev/mosaic/stack-postgres:${IMAGE_TAG:-latest}
|
||||
environment:
|
||||
PGHOST: openbrain_brain-db
|
||||
PGPORT: 5432
|
||||
PGUSER: ${BRAIN_DB_ADMIN_USER:-openbrain}
|
||||
PGPASSWORD: ${BRAIN_DB_ADMIN_PASSWORD}
|
||||
MOSAIC_USER: ${POSTGRES_USER}
|
||||
MOSAIC_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
MOSAIC_DB: ${POSTGRES_DB:-mosaic}
|
||||
entrypoint: ["sh", "-c"]
|
||||
command:
|
||||
- |
|
||||
until pg_isready -h openbrain_brain-db -p 5432 -U $${PGUSER}; do
|
||||
echo "Waiting for openbrain_brain-db..."
|
||||
sleep 2
|
||||
done
|
||||
echo "Database ready. Creating mosaic user and database..."
|
||||
|
||||
psql -h openbrain_brain-db -U $${PGUSER} -tc "SELECT 1 FROM pg_roles WHERE rolname='$${MOSAIC_USER}'" | grep -q 1 || \
|
||||
psql -h openbrain_brain-db -U $${PGUSER} -c "CREATE USER $${MOSAIC_USER} WITH PASSWORD '$${MOSAIC_PASSWORD}';"
|
||||
|
||||
psql -h openbrain_brain-db -U $${PGUSER} -tc "SELECT 1 FROM pg_database WHERE datname='$${MOSAIC_DB}'" | grep -q 1 || \
|
||||
psql -h openbrain_brain-db -U $${PGUSER} -c "CREATE DATABASE $${MOSAIC_DB} OWNER $${MOSAIC_USER} ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0;"
|
||||
|
||||
echo "Enabling required extensions in $${MOSAIC_DB}..."
|
||||
psql -h openbrain_brain-db -U $${PGUSER} -d $${MOSAIC_DB} -c "CREATE EXTENSION IF NOT EXISTS vector;"
|
||||
psql -h openbrain_brain-db -U $${PGUSER} -d $${MOSAIC_DB} -c "CREATE EXTENSION IF NOT EXISTS \"uuid-ossp\";"
|
||||
|
||||
echo "Mosaic database ready: $${MOSAIC_DB}"
|
||||
POSTGRES_USER: ${POSTGRES_USER}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
POSTGRES_DB: ${POSTGRES_DB}
|
||||
POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-256MB}
|
||||
POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-1GB}
|
||||
POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100}
|
||||
volumes:
|
||||
- postgres_data:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
start_period: 30s
|
||||
networks:
|
||||
- openbrain-brain-internal
|
||||
- internal
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
delay: 5s
|
||||
max_attempts: 5
|
||||
|
||||
# ============================================
|
||||
# CORE INFRASTRUCTURE
|
||||
# ============================================
|
||||
|
||||
# ======================
|
||||
# Valkey Cache
|
||||
@@ -145,7 +105,7 @@ services:
|
||||
NODE_ENV: production
|
||||
PORT: ${API_PORT:-3001}
|
||||
API_HOST: ${API_HOST:-0.0.0.0}
|
||||
DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@openbrain_brain-db:5432/${POSTGRES_DB:-mosaic}
|
||||
DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}
|
||||
VALKEY_URL: redis://valkey:6379
|
||||
# Auth (external Authentik)
|
||||
OIDC_ENABLED: ${OIDC_ENABLED:-false}
|
||||
@@ -203,7 +163,6 @@ services:
|
||||
networks:
|
||||
- internal
|
||||
- traefik-public
|
||||
- openbrain-brain-internal
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
@@ -348,36 +307,36 @@ services:
|
||||
# ======================
|
||||
# Synapse Database Init
|
||||
# ======================
|
||||
# Creates the 'synapse' database in the shared openbrain PostgreSQL instance.
|
||||
# Creates the 'synapse' database in the shared PostgreSQL instance.
|
||||
# Runs once and exits. Idempotent — safe to run on every deploy.
|
||||
synapse-db-init:
|
||||
image: postgres:17-alpine
|
||||
environment:
|
||||
PGHOST: openbrain_brain-db
|
||||
PGHOST: postgres
|
||||
PGPORT: 5432
|
||||
PGUSER: ${BRAIN_DB_ADMIN_USER:-openbrain}
|
||||
PGPASSWORD: ${BRAIN_DB_ADMIN_PASSWORD}
|
||||
PGUSER: ${POSTGRES_USER}
|
||||
PGPASSWORD: ${POSTGRES_PASSWORD}
|
||||
SYNAPSE_DB: ${SYNAPSE_POSTGRES_DB}
|
||||
SYNAPSE_USER: ${SYNAPSE_POSTGRES_USER}
|
||||
SYNAPSE_PASSWORD: ${SYNAPSE_POSTGRES_PASSWORD}
|
||||
entrypoint: ["sh", "-c"]
|
||||
command:
|
||||
- |
|
||||
until pg_isready -h openbrain_brain-db -p 5432 -U $${PGUSER}; do
|
||||
echo "Waiting for openbrain_brain-db..."
|
||||
until pg_isready -h postgres -p 5432 -U $${PGUSER}; do
|
||||
echo "Waiting for PostgreSQL..."
|
||||
sleep 2
|
||||
done
|
||||
echo "Database ready. Creating Synapse user and database..."
|
||||
echo "PostgreSQL is ready. Creating Synapse database and user..."
|
||||
|
||||
psql -h openbrain_brain-db -U $${PGUSER} -tc "SELECT 1 FROM pg_roles WHERE rolname='$${SYNAPSE_USER}'" | grep -q 1 || \
|
||||
psql -h openbrain_brain-db -U $${PGUSER} -c "CREATE USER $${SYNAPSE_USER} WITH PASSWORD '$${SYNAPSE_PASSWORD}';"
|
||||
psql -h postgres -U $${PGUSER} -tc "SELECT 1 FROM pg_roles WHERE rolname='$${SYNAPSE_USER}'" | grep -q 1 || \
|
||||
psql -h postgres -U $${PGUSER} -c "CREATE USER $${SYNAPSE_USER} WITH PASSWORD '$${SYNAPSE_PASSWORD}';"
|
||||
|
||||
psql -h openbrain_brain-db -U $${PGUSER} -tc "SELECT 1 FROM pg_database WHERE datname='$${SYNAPSE_DB}'" | grep -q 1 || \
|
||||
psql -h openbrain_brain-db -U $${PGUSER} -c "CREATE DATABASE $${SYNAPSE_DB} OWNER $${SYNAPSE_USER} ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0;"
|
||||
psql -h postgres -U $${PGUSER} -tc "SELECT 1 FROM pg_database WHERE datname='$${SYNAPSE_DB}'" | grep -q 1 || \
|
||||
psql -h postgres -U $${PGUSER} -c "CREATE DATABASE $${SYNAPSE_DB} OWNER $${SYNAPSE_USER} ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0;"
|
||||
|
||||
echo "Synapse database ready: $${SYNAPSE_DB}"
|
||||
networks:
|
||||
- openbrain-brain-internal
|
||||
- internal
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
@@ -492,6 +451,7 @@ services:
|
||||
# Volumes
|
||||
# ======================
|
||||
volumes:
|
||||
postgres_data:
|
||||
valkey_data:
|
||||
orchestrator_workspace:
|
||||
speaches_models:
|
||||
@@ -504,6 +464,3 @@ networks:
|
||||
driver: overlay
|
||||
traefik-public:
|
||||
external: true
|
||||
openbrain-brain-internal:
|
||||
external: true
|
||||
name: openbrain_brain-internal
|
||||
|
||||
Reference in New Issue
Block a user