-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
251 changed files
with
98,029 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
services: | ||
app: | ||
image: ghcr.io/${IMAGE_REPO}:${RELEASE_VERSION} | ||
restart: always | ||
ports: | ||
- "8080" | ||
container_name: ${APP_NAME}_app | ||
env_file: ".env" | ||
environment: | ||
VIRTUAL_HOST: ${HOST_DOMAIN},ai-server-cdn.diffusion.works | ||
VIRTUAL_PORT: 8080 | ||
LETSENCRYPT_HOST: ${HOST_DOMAIN},ai-server-cdn.diffusion.works | ||
LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL} | ||
CIVIT_AI_API_KEY: ${CIVIT_AI_API_KEY} | ||
REPLICATE_API_KEY: ${REPLICATE_API_KEY} | ||
HTTPS_METHOD: noredirect # Disable HTTPS redirect since Cloudflare infinite loop redirects when default | ||
volumes: | ||
- ./App_Data:/app/App_Data | ||
|
||
app-migration: | ||
image: ghcr.io/${IMAGE_REPO}:${RELEASE_VERSION} | ||
restart: "no" | ||
container_name: ${APP_NAME}_app_migration | ||
env_file: ".env" | ||
# API Providers populated based on available Environment Variables | ||
environment: | ||
GOOGLE_API_KEY: ${GOOGLE_API_KEY} | ||
GROQ_API_KEY: ${GROQ_API_KEY} | ||
MISTRAL_API_KEY: ${MISTRAL_API_KEY} | ||
OPENAI_API_KEY: ${OPENAI_API_KEY} | ||
OPENROUTER_API_KEY: ${OPENROUTER_API_KEY} | ||
profiles: | ||
- migration | ||
command: --AppTasks=migrate | ||
volumes: | ||
- ./App_Data:/app/App_Data | ||
|
||
networks: | ||
default: | ||
external: true | ||
name: nginx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
version: "3.9" | ||
|
||
services: | ||
nginx-proxy: | ||
image: nginxproxy/nginx-proxy | ||
container_name: nginx-proxy | ||
restart: always | ||
ports: | ||
- "80:80" | ||
- "443:443" | ||
volumes: | ||
- conf:/etc/nginx/conf.d | ||
- vhost:/etc/nginx/vhost.d | ||
- html:/usr/share/nginx/html | ||
- dhparam:/etc/nginx/dhparam | ||
- certs:/etc/nginx/certs:ro | ||
- /var/run/docker.sock:/tmp/docker.sock:ro | ||
labels: | ||
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy" | ||
|
||
letsencrypt: | ||
image: nginxproxy/acme-companion:2.2 | ||
container_name: nginx-proxy-le | ||
restart: always | ||
depends_on: | ||
- "nginx-proxy" | ||
environment: | ||
- DEFAULT_EMAIL=you@example.com | ||
volumes: | ||
- certs:/etc/nginx/certs:rw | ||
- acme:/etc/acme.sh | ||
- vhost:/etc/nginx/vhost.d | ||
- html:/usr/share/nginx/html | ||
- /var/run/docker.sock:/var/run/docker.sock:ro | ||
|
||
networks: | ||
default: | ||
name: nginx | ||
|
||
volumes: | ||
conf: | ||
vhost: | ||
html: | ||
dhparam: | ||
certs: | ||
acme: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
## Overview | ||
|
||
This template uses the deployment configurations for a ServiceStack .NET 8 application. The application is containerized using Docker and is set up to be automatically built and deployed via GitHub Actions. The recommended deployment target is a stand-alone Linux server running Ubuntu, with an NGINX reverse proxy also containerized using Docker, which a Docker Compose file is included in the template under the `.deploy` directory. | ||
|
||
### Highlights | ||
- 🌐 **NGINX Reverse Proxy**: Utilizes an NGINX reverse proxy to handle web traffic and SSL termination. | ||
- 🚀 **GitHub Actions**: Leverages GitHub Actions for CI/CD, pushing Docker images to GitHub Container Registry and deploying them on a remote server. | ||
- 🐳 **Dockerized ServiceStack App**: The application is containerized, with the image built using `.NET 8`. | ||
- 🔄 **Automated Migrations**: Includes a separate service for running database migrations. | ||
|
||
### Technology Stack | ||
- **Web Framework**: ServiceStack | ||
- **Language**: C# (.NET 8) | ||
- **Containerization**: Docker | ||
- **Reverse Proxy**: NGINX | ||
- **CI/CD**: GitHub Actions | ||
- **OS**: Ubuntu 22.04 (Deployment Server) | ||
|
||
|
||
|
||
## Deployment Server Setup | ||
|
||
To successfully host your ServiceStack applications, there are several components you need to set up on your deployment server. This guide assumes you're working on a standalone Linux server (Ubuntu is recommended) with SSH access enabled. | ||
|
||
### Prerequisites | ||
|
||
1. **SSH Access**: Required for GitHub Actions to communicate with your server. | ||
2. **Docker**: To containerize your application. | ||
3. **Docker-Compose**: For orchestrating multiple containers. | ||
4. **Ports**: 80 and 443 should be open for web access. | ||
5. **nginx-reverse-proxy**: For routing traffic to multiple ServiceStack applications and managing TLS certificates. | ||
|
||
You can use any cloud-hosted or on-premises server like Digital Ocean, AWS, Azure, etc., for this setup. | ||
|
||
### Step-by-Step Guide | ||
|
||
#### 1. Install Docker and Docker-Compose | ||
|
||
It is best to follow the [latest installation instructions on the Docker website](https://docs.docker.com/engine/install/ubuntu/) to ensure to have the correct setup with the latest patches. | ||
|
||
#### 2. Configure SSH for GitHub Actions | ||
|
||
Generate a dedicated SSH key pair to be used by GitHub Actions: | ||
|
||
```bash | ||
ssh-keygen -t rsa -b 4096 -f ~/.ssh/github_actions | ||
``` | ||
|
||
Add the public key to the `authorized_keys` file on your server: | ||
|
||
```bash | ||
cat ~/.ssh/github_actions.pub >> ~/.ssh/authorized_keys | ||
``` | ||
|
||
Then, add the *private* key to your GitHub Secrets as `DEPLOY_KEY` to enable GitHub Actions to SSH into the server securely. | ||
|
||
#### 3. Set Up nginx-reverse-proxy | ||
|
||
You should have a `docker-compose` file similar to the `nginx-proxy-compose.yml` in your repository. Upload this file to your server: | ||
|
||
```bash | ||
scp nginx-proxy-compose.yml user@your_server:~/ | ||
``` | ||
|
||
To bring up the nginx reverse proxy and its companion container for handling TLS certificates, run: | ||
|
||
```bash | ||
docker compose -f ~/nginx-proxy-compose.yml up -d | ||
``` | ||
|
||
This will start an nginx reverse proxy along with a companion container. They will automatically watch for additional Docker containers on the same network and initialize them with valid TLS certificates. | ||
|
||
|
||
|
||
## GitHub Repository Setup | ||
|
||
Configuring your GitHub repository is an essential step for automating deployments via GitHub Actions. This guide assumes you have a `release.yml` workflow file in your repository's `.github/workflows/` directory, and your deployment server has been set up according to the [Deployment Server Setup](#Deployment-Server-Setup) guidelines. | ||
|
||
### Secrets Configuration | ||
|
||
Your GitHub Actions workflow requires the following secrets to be set in your GitHub repository: | ||
|
||
1. **`DEPLOY_HOST`**: The hostname for SSH access. This can be either an IP address or a domain with an A-record pointing to your server. | ||
2. **`DEPLOY_USERNAME`**: The username for SSH login. Common examples include `ubuntu`, `ec2-user`, or `root`. | ||
3. **`DEPLOY_KEY`**: The SSH private key to securely access the deployment server. This should be the same key you've set up on your server for GitHub Actions. | ||
4. **`LETSENCRYPT_EMAIL`**: Your email address, required for Let's Encrypt automated TLS certificates. | ||
|
||
#### Using GitHub CLI for Secret Management | ||
|
||
You can conveniently set these secrets using the [GitHub CLI](https://cli.github.com/manual/gh_secret_set) like this: | ||
|
||
```bash | ||
gh secret set DEPLOY_HOST --body="your-host-or-ip" | ||
gh secret set DEPLOY_USERNAME --body="your-username" | ||
gh secret set DEPLOY_KEY --bodyFile="path/to/your/ssh-private-key" | ||
gh secret set LETSENCRYPT_EMAIL --body="your-email@example.com" | ||
``` | ||
|
||
These secrets will populate environment variables within your GitHub Actions workflow and other configuration files, enabling secure and automated deployment of your ServiceStack applications. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
name: Build | ||
|
||
on: | ||
pull_request: {} | ||
push: | ||
branches: | ||
- '**' # matches every branch | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: checkout | ||
uses: actions/checkout@v3 | ||
|
||
- name: Setup dotnet | ||
uses: actions/setup-dotnet@v3 | ||
with: | ||
dotnet-version: '8.0' | ||
|
||
- name: Extract SS license | ||
run: | | ||
SS_LICENSE=`echo '${{ secrets.APPSETTINGS_PATCH }}' | jq -r .[0].value.license` | ||
echo "::add-mask::$SS_LICENSE" | ||
echo "SERVICESTACK_LICENSE=${SS_LICENSE}" >> $GITHUB_ENV | ||
# Add Comfy Agent API key | ||
echo "COMFY_API_KEY=${{ secrets.COMFY_API_KEY }}" >> $GITHUB_ENV | ||
# Add Open AI Provider Keys | ||
echo "GOOGLE_API_KEY=${{ secrets.GOOGLE_API_KEY }}" >> $GITHUB_ENV | ||
echo "GROQ_API_KEY=${{ secrets.GROQ_API_KEY }}" >> $GITHUB_ENV | ||
echo "MISTRAL_API_KEY=${{ secrets.MISTRAL_API_KEY }}" >> $GITHUB_ENV | ||
echo "OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }}" >> $GITHUB_ENV | ||
echo "OPENROUTER_API_KEY=${{ secrets.OPENROUTER_API_KEY }}" >> $GITHUB_ENV | ||
- name: build | ||
run: dotnet build | ||
working-directory: . | ||
|
||
- name: test | ||
run: | | ||
dotnet test | ||
if [ $? -eq 0 ]; then | ||
echo TESTS PASSED | ||
else | ||
echo TESTS FAILED | ||
exit 1 | ||
fi | ||
working-directory: ./AiServer.Tests | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
name: Build and Push .NET 8 Docker Image to DockerHub | ||
|
||
on: | ||
push: | ||
branches: [main, master] | ||
release: | ||
types: [published] | ||
workflow_dispatch: | ||
|
||
jobs: | ||
build_and_push: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Setup .NET | ||
uses: actions/setup-dotnet@v3 | ||
with: | ||
dotnet-version: '8.0.x' | ||
|
||
- name: Login to DockerHub | ||
uses: docker/login-action@v2 | ||
with: | ||
username: servicestack | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
||
- name: Build and push Docker image | ||
env: | ||
DOCKER_REPO: servicestack/${{ github.event.repository.name }} | ||
run: | | ||
# Determine version tag | ||
if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then | ||
VERSION=${GITHUB_REF#refs/tags/} | ||
else | ||
VERSION=${{ github.sha }} | ||
fi | ||
# Build and push using dotnet publish | ||
dotnet publish --os linux --arch x64 -c Release \ | ||
-p:PublishProfile=DefaultContainer \ | ||
-p:ContainerRepository=$DOCKER_REPO \ | ||
-p:ContainerImageTags="latest" | ||
# Push the image | ||
docker push $DOCKER_REPO:latest |
Oops, something went wrong.