Build and deploy speech-to-text #46
Comments
|
iirc, sinopia_editor has an example of this approach? |
|
might need to break out second part into a separate ticket if this gets picked up before the ECS terraform code is in place |
|
AWS Batch will automatically start using the new container once it is pushed to ECR, which will be nice once it's working. |
|
We can set up the Github Action build and push a Docker image. We currently have three ECR repositories, one each for qa, stage and prod. Should we:
The images are quite big (~10GB) because of all the pytorch code and large-v3 model. So I find myself almost wishing there was one repo. But I guess it makes sense for them to be separate? |
|
Actually I don't think the above will really work because the publish to prod in step I wonder if instead we can get I do kind of wish that we could follow the Access Team pattern of creating Releases for code we want to go to production. |
This script will build and push the Docker image to a given ECR repository. There needs to be logic in the Github Action about when it is run and to which target (dev, stage, prod). Closes #46
My only idea for combining the ECR repos: is it possible to have an environment use a particular tag to pick an image? E.g. QA and stage use whatever is
I wonder if it's possible to have a Github Action do stuff selectively using branch filters, similar to what we do with CircleCI for Sinopia? e.g. https://github.com/LD4P/sinopia_editor/blob/43b38fb5ea3833e6dc9952b68605748dbf73718b/.circleci/config.yml#L30-L36 (iirc, more towards the end of that config in terms of how the filters are used to selectively build and dat images) One rough idea that comes to mind:
I'm a little hesitant to have
What mechanism does Access use for this? It seems to me like we have the parts to do something like this if we can control Docker image tagging and image pushing with Github tag creation, and if we can control which instance runs which image by having the instance always use a particular Docker image tag. Which might result in even more waste if an image can only have one tag? But that feels to me like it should get us there. Though I can't quite imagine the whole thing in detail off the top of my head. |
With this configuration a Github Action will run when a release tag `release-YYYY-MM-DD` has been created during weekly dependency updates, The action will build the Docker container and deploy it to the development (qa in SDR) and staging AWS environments. This will allow the First Responder for the week to test it using the speech-to-text integration tests. When the tag has been tested and is ready for production a developer will need to create a release in Github using the release tag. This will cause a build and deploy to the production AWS environment. We may want to think about automated ways for this to happen, but the "serverless" nature of AWS Batch means there really isn't a server for capistrano (what we use to do other infra deploys) to talk to. The keys for the different environments need to be set as [Github Action Secrets](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions). - AWS_ACCESS_KEY_ID_DEVELOPMENT - AWS_SECRET_ACCESS_KEY_DEVELOPMENT - AWS_ECR_DOCKER_REPO_DEVELOPMENT - AWS_ACCESS_KEY_ID_STAGING - AWS_SECRET_ACCESS_KEY_STAGING - AWS_ECR_DOCKER_REPO_STAGING - AWS_ACCESS_KEY_ID_PRODUCTION - AWS_SECRET_ACCESS_KEY_PRODUCTION - AWS_ECR_DOCKER_REPO_PRODUCTION Note: only dlss-ops has permission to see the keys for the speech-to-text user in production. So for now this is commented out, until we actually do need to run in production. Maybe this could be ticketed as follow on work? Closes #46
With this configuration a Github Action will run when a release tag `release-YYYY-MM-DD` has been created during weekly dependency updates, The action will build the Docker container and deploy it to the development (qa in SDR) and staging AWS environments. This will allow the First Responder for the week to test it using the speech-to-text integration tests. When the tag has been tested and is ready for production a developer will need to create a release in Github using the release tag. This will cause a build and deploy to the production AWS environment. We may want to think about automated ways for this to happen, but the "serverless" nature of AWS Batch means there really isn't a server for capistrano (what we use to do other infra deploys) to talk to. The keys for the different environments need to be set as [Github Action Secrets](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions). - AWS_ACCESS_KEY_ID_DEVELOPMENT - AWS_SECRET_ACCESS_KEY_DEVELOPMENT - AWS_ECR_DOCKER_REPO_DEVELOPMENT - AWS_ACCESS_KEY_ID_STAGING - AWS_SECRET_ACCESS_KEY_STAGING - AWS_ECR_DOCKER_REPO_STAGING - AWS_ACCESS_KEY_ID_PRODUCTION - AWS_SECRET_ACCESS_KEY_PRODUCTION - AWS_ECR_DOCKER_REPO_PRODUCTION Note: only dlss-ops has permission to see the keys for the speech-to-text user in production. So for now this is commented out, until we actually do need to run in production. Maybe this could be ticketed as follow on work? Closes #46
Depends on https://github.com/sul-dlss/terraform-aws/issues/1177
The Github CI action should be updated so that when a new release is created:
The text was updated successfully, but these errors were encountered: