add rejx

.github/workflows/build-and-push.yml

@@ -0,0 +1,46 @@
+name: Build & Push
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  PROJECT_NAME: copilot
+  PYTHON_VERSION: "3.11.2"
+
+jobs:
+  build_and_push:
+    name: Build & Push
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Pritunl Profile and Start VPN Connection
+        uses: nathanielvarona/pritunl-client-github-action@v1
+        with:
+          profile-file: ${{ secrets.PRITUNL_PROFILE_FILE_PRODUCTION }}
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ vars.AWS_IAM_ROLE }}
+          aws-region: ${{ vars.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Build, tag, and push docker image to Amazon ECR
+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REPOSITORY: ${{ env.PROJECT_NAME }}
+          COMMIT_SHA: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+        run: |
+          docker build --build-arg GIT_COMMIT=$COMMIT_SHA -t $REGISTRY/$REPOSITORY:$COMMIT_SHA --platform linux/amd64 --memory=3072m -f Dockerfile .
+          docker push $REGISTRY/$REPOSITORY:$COMMIT_SHA

.github/workflows/deploy-production.yml

@@ -0,0 +1,38 @@
+name: Deploy to AWS EKS (production)
+
+on:
+  workflow_dispatch:
+
+env:
+  PROJECT_NAME: copilot
+  PYTHON_VERSION: "3.11.2"
+
+jobs:
+  deploy_to_production:
+    name: Deploy to production
+    runs-on: ubuntu-latest
+    environment: production
+    concurrency:
+      group: production
+      cancel-in-progress: true
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Pritunl Profile and Start VPN Connection
+        uses: nathanielvarona/pritunl-client-github-action@v1
+        with:
+          profile-file: ${{ secrets.PRITUNL_PROFILE_FILE_PRODUCTION }}
+
+      - name: Deploy Helm chart to AWS EKS
+        uses: bitovi/[email protected]
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_PRODUCTION }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_PRODUCTION }}
+          aws-region: ${{ vars.AWS_REGION }}
+          cluster-name: dema-ai-production
+          chart-path: k8s-helm
+          name: ${{ env.PROJECT_NAME }}
+          namespace: prod
+          values: env=prod,image.repository=${{ vars.AWS_ECR_REGISTRY }}/${{ env.PROJECT_NAME }},image.tag=${{ github.sha }}
+          # values: env=prod,image.repository=${{ vars.AWS_ECR_REGISTRY }}/${{ env.PROJECT_NAME }},image.tag=${{ github.sha }},S3_ACC_KEY=${{ secrets.S3_ACC_KEY_PROD }},S3_SEC_ACC_KEY=${{ secrets.S3_SEC_ACC_KEY_PROD }},slack.bot.token=${{ secrets.SLACK_REPLAY_BOT_TOKEN }}
+          # config-files: k8s-helm/values.production.yaml

.github/workflows/deploy-staging.yml

@@ -0,0 +1,38 @@
+name: Deploy to AWS EKS (staging)
+
+on:
+  workflow_dispatch:
+
+env:
+  PROJECT_NAME: copilot
+  PYTHON_VERSION: "3.11.2"
+
+jobs:
+  deploy_to_staging:
+    name: Deploy to staging
+    runs-on: ubuntu-latest
+    environment: staging
+    concurrency:
+      group: staging
+      cancel-in-progress: true
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Pritunl Profile and Start VPN Connection
+        uses: nathanielvarona/pritunl-client-github-action@v1
+        with:
+          profile-file: ${{ secrets.PRITUNL_PROFILE_FILE_STAGING }}
+
+      - name: Deploy Helm chart to AWS EKS
+        uses: bitovi/[email protected]
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_STAGING }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGING }}
+          aws-region: ${{ vars.AWS_REGION }}
+          cluster-name: dema-ai-staging
+          chart-path: k8s-helm
+          name: ${{ env.PROJECT_NAME }}
+          namespace: prod
+          values: env=staging,image.repository=${{ vars.AWS_ECR_REGISTRY }}/${{ env.PROJECT_NAME }},image.tag=${{ github.sha }}
+          # values: env=staging,image.repository=${{ vars.AWS_ECR_REGISTRY }}/${{ env.PROJECT_NAME }},image.tag=${{ github.sha }},S3_ACC_KEY=${{ secrets.S3_ACC_KEY_STAG }},S3_SEC_ACC_KEY=${{ secrets.S3_SEC_ACC_KEY_STAG }},slack.bot.token=${{ secrets.SLACK_REPLAY_BOT_TOKEN }}
+          # config-files: k8s-helm/values.staging.yaml

.github/workflows/test-and-lint.yml

@@ -0,0 +1,75 @@
+name: Test and Lint
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+env:
+  PROJECT_NAME: copilot
+  PYTHON_VERSION: "3.11.2"
+
+jobs:
+  install_dependencies:
+    name: Install Dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: "pip"
+
+      - name: Install dependencies
+        run: |
+          pip install pytest-cov==4.1.0 pytest==7.4.3 \
+            poetry==1.7.1 poetry-plugin-export==1.6.0 \
+            pre-commit==3.5.0 ruff==0.1.6
+
+  linting:
+    name: Code Linting
+    needs: install_dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: "pip"
+
+      - name: Install dependencies
+        run: |
+          pip install pytest-cov==4.1.0 pytest==7.4.3 \
+            poetry==1.7.1 poetry-plugin-export==1.6.0 \
+            pre-commit==3.5.0 ruff==0.1.6
+
+      - name: Run Code Linting
+        run: |
+          ruff --output-format=github --fix --unsafe-fixes src
+          make lint
+
+  unit_tests:
+    name: Unit Tests
+    needs: install_dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: "pip"
+
+      - name: Install dependencies
+        run: |
+          pip install pytest-cov==4.1.0 pytest==7.4.3 \
+            poetry==1.7.1 poetry-plugin-export==1.6.0 \
+            pre-commit==3.5.0 ruff==0.1.6
+
+      - name: Run unit tests
+        run: |
+          pip install -e .
+          make test

.gitignore

@@ -1,21 +1,16 @@
 # Byte-compiled / optimized / DLL files
 __pycache__/
+**/__pycache__/
 *.py[cod]
 *$py.class
 
-# C extensions
-*.so
-
 # Distribution / packaging
 .Python
 build/
 develop-eggs/
 dist/
-downloads/
 eggs/
 .eggs/
-lib/
-lib64/
 parts/
 sdist/
 var/
@@ -24,7 +19,6 @@ share/python-wheels/
 *.egg-info/
 .installed.cfg
 *.egg
-MANIFEST
 
 # PyInstaller
 #  Usually these files are written by a python script from a template
@@ -43,82 +37,28 @@ htmlcov/
 .coverage
 .coverage.*
 .cache
-nosetests.xml
-coverage.xml
 *.cover
 *.py,cover
 .hypothesis/
 .pytest_cache/
-cover/
-
-# Translations
-*.mo
-*.pot
-
-# Django stuff:
-*.log
-local_settings.py
-db.sqlite3
-db.sqlite3-journal
 
 # Flask stuff:
 instance/
 .webassets-cache
 
-# Scrapy stuff:
-.scrapy
-
 # Sphinx documentation
 docs/_build/
 
-# PyBuilder
-.pybuilder/
-target/
-
 # Jupyter Notebook
 .ipynb_checkpoints
 
 # IPython
 profile_default/
 ipython_config.py
 
-# pyenv
-#   For a library or package, you might want to ignore these files since the code is
-#   intended to run in multiple environments; otherwise, check them in:
-# .python-version
-
-# pipenv
-#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
-#   However, in case of collaboration, if having platform-specific dependencies or dependencies
-#   having no cross-platform support, pipenv may install dependencies that don't work, or not
-#   install all needed dependencies.
-#Pipfile.lock
-
-# poetry
-#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
-#   This is especially recommended for binary packages to ensure reproducibility, and is more
-#   commonly ignored for libraries.
-#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
-#poetry.lock
-
-# pdm
-#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
-#pdm.lock
-#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
-#   in version control.
-#   https://pdm.fming.dev/#use-with-ide
-.pdm.toml
-
-# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+# PEP 582
 __pypackages__/
 
-# Celery stuff
-celerybeat-schedule
-celerybeat.pid
-
-# SageMath parsed files
-*.sage.py
-
 # Environments
 .env
 .venv
@@ -132,6 +72,11 @@ venv.bak/
 .spyderproject
 .spyproject
 
+# Emacs
+.projectile
+TODO.md
+TODO.org
+
 # Rope project settings
 .ropeproject
 
@@ -152,9 +97,44 @@ dmypy.json
 # Cython debug symbols
 cython_debug/
 
-# PyCharm
-#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
-#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
-#  and can be added to the global gitignore or merged into this file.  For a more nuclear
-#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
-#.idea/
+# IDEs
+.idea/
+.project/
+# .vscode/
+*.iml
+*.iws
+*.ipr
+
+# Ruff
+.ruff_cache/
+
+# Experiment Loggers
+.neptune/
+wandb/
+.mlflow/
+artifacts/*
+info.log
+
+# Mac OS
+.DS_Store
+
+# Kedro specific
+conf/local/**
+conf/local
+conf/**/*credentials*
+
+!conf/local/.gitkeep
+.telemetry
+
+data/**
+logs/**
+
+!data/**/
+!logs/**/
+!artifacts/
+
+# Terraform
+*.terraform.lock.hcl
+*.terraform/
+*.tfstate
+*.tfstate.*.backup