ci+deploy: target git.jpaul.io registry, PRODUCT_NAME=hvm
Phase 4/5 — adapt the template workflows to Justin's self-hosted Gitea
+ act_runner setup (see reference_gitea_server memory):
* PUSH via LAN endpoint 192.168.0.2:1234 (bypasses Cloudflare's 100 MB
request-body cap on the Free plan); PULL via git.jpaul.io.
* buildx with config-inline insecure-registry for the LAN endpoint —
docker/login-action can't be used there (host daemon rejects HTTP).
Auth is written into ~/.docker/config.json so buildx reads it
directly.
* docker/metadata-action labels org.opencontainers.image.source with
the PUBLIC URL so Gitea auto-links the package; explicit POST to
/api/v1/packages/.../-/link/{repo} as belt-and-suspenders (201 newly
linked, 400 already linked, both treated as success).
* deploy/docker-compose.yml: substitute <product> placeholders, point
image at git.jpaul.io/justin/hvm-docs:latest, set HYBRID_SEARCH=false
to match the eval winner (bm25+rerank), keep the llama.cpp + jina
GGUF reranker sidecar as the production target.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -14,21 +14,14 @@ on:
|
|||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
env:
|
env:
|
||||||
REGISTRY_PUSH: <lan-host>:<port>
|
# PUSH goes to the LAN endpoint (HTTP) to bypass Cloudflare's 100 MB
|
||||||
REGISTRY_PULL: <public-registry-hostname>
|
# body cap. PULL uses the public hostname (HTTPS). Same Gitea registry.
|
||||||
# Image name derives from the actual repo at runtime, so a clone
|
REGISTRY_PUSH: 192.168.0.2:1234
|
||||||
# doesn't need to find/replace anything. e.g. justin/my-product-docs.
|
REGISTRY_PULL: git.jpaul.io
|
||||||
# github.* context is Gitea Actions' inherited GitHub-Actions namespace
|
|
||||||
# — values come from the Gitea server, not github.com.
|
|
||||||
IMAGE: ${{ github.repository_owner }}/${{ github.event.repository.name }}
|
IMAGE: ${{ github.repository_owner }}/${{ github.event.repository.name }}
|
||||||
OLLAMA_URL: http://<gpu-host>:11434
|
OLLAMA_URL: http://192.168.0.126:11434
|
||||||
EMBED_MODEL: nomic-embed-text
|
EMBED_MODEL: nomic-embed-text
|
||||||
# PRODUCT_NAME defaults to the repo name so a clone works without
|
PRODUCT_NAME: hvm
|
||||||
# editing. Override here if you want a different identifier (e.g.
|
|
||||||
# repo "my-product-docs" → PRODUCT_NAME "myproduct"). Used as the
|
|
||||||
# Chroma collection name, BM25 db filename, and MCP server name —
|
|
||||||
# see docs_mcp/server.py.
|
|
||||||
PRODUCT_NAME: ${{ github.event.repository.name }}
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
@@ -39,8 +32,7 @@ jobs:
|
|||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
# Full history (not shallow) so the digest-history step can
|
# Full history so digest-history can walk git log.
|
||||||
# walk git log up to --history-days back.
|
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
- name: Set up Python
|
- name: Set up Python
|
||||||
@@ -54,9 +46,8 @@ jobs:
|
|||||||
python -m pip install -q -r requirements.txt
|
python -m pip install -q -r requirements.txt
|
||||||
|
|
||||||
- name: Refresh digest history
|
- name: Refresh digest history
|
||||||
# Cheap (a few seconds); doesn't touch corpus content.
|
# Cheap (few seconds). Without this step, a code-only deploy
|
||||||
# Without this step, a code-only deploy would ship an
|
# would ship an increasingly-stale digest history.
|
||||||
# increasingly-stale digest history relative to git.
|
|
||||||
run: |
|
run: |
|
||||||
mkdir -p corpus/.digest
|
mkdir -p corpus/.digest
|
||||||
python -m scrape.changelog \
|
python -m scrape.changelog \
|
||||||
@@ -71,42 +62,69 @@ jobs:
|
|||||||
- name: Rebuild indexes from existing corpus
|
- name: Rebuild indexes from existing corpus
|
||||||
run: python -m rag.index --rebuild
|
run: python -m rag.index --rebuild
|
||||||
|
|
||||||
- name: Log in to registry (LAN endpoint)
|
- name: Set up Docker Buildx
|
||||||
run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login "${REGISTRY_PUSH}" -u "${{ github.repository_owner }}" --password-stdin
|
uses: docker/setup-buildx-action@v3
|
||||||
|
with:
|
||||||
|
# LAN registry is HTTP only.
|
||||||
|
config-inline: |
|
||||||
|
[registry."192.168.0.2:1234"]
|
||||||
|
http = true
|
||||||
|
insecure = true
|
||||||
|
|
||||||
- name: Build & push image
|
- name: Configure registry credentials for buildx
|
||||||
|
env:
|
||||||
|
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
|
REGISTRY_USER: ${{ github.actor }}
|
||||||
run: |
|
run: |
|
||||||
SHA_TAG=$(echo "$GITHUB_SHA" | cut -c1-12)
|
mkdir -p ~/.docker
|
||||||
DATE_TAG=$(date -u +%Y.%m.%d)
|
AUTH=$(printf '%s:%s' "$REGISTRY_USER" "$REGISTRY_TOKEN" | base64 -w0)
|
||||||
docker build \
|
cat > ~/.docker/config.json <<EOF
|
||||||
-t "${REGISTRY_PUSH}/${IMAGE}:latest" \
|
{
|
||||||
-t "${REGISTRY_PUSH}/${IMAGE}:${SHA_TAG}" \
|
"auths": {
|
||||||
-t "${REGISTRY_PUSH}/${IMAGE}:${DATE_TAG}" \
|
"192.168.0.2:1234": {
|
||||||
.
|
"auth": "$AUTH"
|
||||||
docker push "${REGISTRY_PUSH}/${IMAGE}:latest"
|
}
|
||||||
docker push "${REGISTRY_PUSH}/${IMAGE}:${SHA_TAG}"
|
}
|
||||||
docker push "${REGISTRY_PUSH}/${IMAGE}:${DATE_TAG}"
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
- name: Compute tags
|
||||||
|
id: meta
|
||||||
|
uses: docker/metadata-action@v5
|
||||||
|
with:
|
||||||
|
images: 192.168.0.2:1234/${{ github.repository_owner }}/${{ github.event.repository.name }}
|
||||||
|
tags: |
|
||||||
|
type=raw,value=latest
|
||||||
|
type=sha,prefix=,format=short
|
||||||
|
type=raw,value={{date 'YYYY.MM.DD'}}
|
||||||
|
labels: |
|
||||||
|
org.opencontainers.image.source=https://git.jpaul.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
|
||||||
|
org.opencontainers.image.url=https://git.jpaul.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
|
||||||
|
|
||||||
|
- name: Build & push (amd64)
|
||||||
|
uses: docker/build-push-action@v6
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
platforms: linux/amd64
|
||||||
|
push: true
|
||||||
|
tags: ${{ steps.meta.outputs.tags }}
|
||||||
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
|
|
||||||
- name: Link container package to this repo
|
- name: Link container package to this repo
|
||||||
# Gitea container packages are owned by a USER, not a repo —
|
|
||||||
# they don't auto-appear under the repo's Packages tab.
|
|
||||||
# This API call creates the association. One-time-effective:
|
|
||||||
# re-running returns 400 once linked, which we swallow.
|
|
||||||
# Endpoint requires Gitea 1.21+.
|
|
||||||
env:
|
env:
|
||||||
GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
run: |
|
run: |
|
||||||
OWNER="${{ github.repository_owner }}"
|
OWNER="${{ github.repository_owner }}"
|
||||||
PKG="${{ github.event.repository.name }}"
|
PKG="${{ github.event.repository.name }}"
|
||||||
BODY=$(mktemp)
|
code=$(curl -s -o /tmp/link.out -w "%{http_code}" -X POST \
|
||||||
CODE=$(curl -sS -o "$BODY" -w "%{http_code}" -X POST \
|
|
||||||
-H "Authorization: token ${GITEA_TOKEN}" \
|
-H "Authorization: token ${GITEA_TOKEN}" \
|
||||||
"https://${REGISTRY_PULL}/api/v1/packages/${OWNER}/container/${PKG}/-/link/${PKG}")
|
"https://git.jpaul.io/api/v1/packages/${OWNER}/container/${PKG}/-/link/${PKG}")
|
||||||
echo "link http=$CODE body=$(cat "$BODY")"
|
echo "link ${OWNER}/container/${PKG} -> ${PKG}: HTTP ${code}"
|
||||||
case "$CODE" in
|
body=$(cat /tmp/link.out)
|
||||||
201) echo "linked package to ${OWNER}/${PKG}" ;;
|
case "$code" in
|
||||||
400) echo "already linked (re-link returns 400) — ok" ;;
|
201) echo "OK — newly linked" ;;
|
||||||
*) echo "unexpected status $CODE"; exit 1 ;;
|
400|409) echo "OK — already linked: ${body}" ;;
|
||||||
|
*) echo "unexpected: ${body}"; exit 1 ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
- name: Prune old container versions
|
- name: Prune old container versions
|
||||||
|
|||||||
@@ -19,27 +19,23 @@ on:
|
|||||||
default: false
|
default: false
|
||||||
|
|
||||||
env:
|
env:
|
||||||
# If your registry sits behind Cloudflare with its 100 MB body cap,
|
# PUSH goes to the LAN endpoint (HTTP) to bypass Cloudflare Tunnel's
|
||||||
# use a LAN endpoint for pushes (bypasses CF) and the public hostname
|
# 100 MB body cap. PULL uses the public hostname (HTTPS). Same Gitea
|
||||||
# for pulls (response bodies aren't capped).
|
# registry either way — package lands under the same owner/repo.
|
||||||
REGISTRY_PUSH: <lan-host>:<port>
|
REGISTRY_PUSH: 192.168.0.2:1234
|
||||||
REGISTRY_PULL: <public-registry-hostname>
|
REGISTRY_PULL: git.jpaul.io
|
||||||
# Image name derives from the actual repo at runtime, so a clone
|
|
||||||
# doesn't need to find/replace anything. e.g. justin/my-product-docs.
|
# Image name derives from the repo at runtime — clones don't need to
|
||||||
# github.* context is Gitea Actions' inherited GitHub-Actions namespace
|
# edit this. github.* is the Gitea-Actions inherited namespace.
|
||||||
# — values come from the Gitea server, not github.com.
|
|
||||||
IMAGE: ${{ github.repository_owner }}/${{ github.event.repository.name }}
|
IMAGE: ${{ github.repository_owner }}/${{ github.event.repository.name }}
|
||||||
|
|
||||||
# Embedder. One URL per GPU; the indexer round-robins.
|
# Embedder. One URL per GPU; the indexer round-robins if you pass a
|
||||||
OLLAMA_URL: http://<gpu-host>:11434
|
# comma-separated list. Adjust to wherever Ollama is reachable from
|
||||||
|
# the runner (gitea_default network can reach the host's bridge IP).
|
||||||
|
OLLAMA_URL: http://192.168.0.126:11434
|
||||||
EMBED_MODEL: nomic-embed-text
|
EMBED_MODEL: nomic-embed-text
|
||||||
|
|
||||||
# PRODUCT_NAME defaults to the repo name so a clone works without
|
PRODUCT_NAME: hvm
|
||||||
# editing. Override here if you want a different identifier (e.g.
|
|
||||||
# repo "my-product-docs" → PRODUCT_NAME "myproduct"). Used as the
|
|
||||||
# Chroma collection name, BM25 db filename, and MCP server name —
|
|
||||||
# see docs_mcp/server.py.
|
|
||||||
PRODUCT_NAME: ${{ github.event.repository.name }}
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
refresh:
|
refresh:
|
||||||
@@ -50,10 +46,12 @@ jobs:
|
|||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
# Full history — required for the digest-history step to
|
# Full history — required for digest-history. Default depth 1
|
||||||
# walk git log. Default fetch-depth: 1 silently produces a
|
# silently produces a 0-byte history file.
|
||||||
# 0-byte history file.
|
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
# Set the credentials Gitea injects so we can push corpus
|
||||||
|
# commits back. Persist them across the run.
|
||||||
|
token: ${{ secrets.GITEA_TOKEN }}
|
||||||
|
|
||||||
- name: Set up Python
|
- name: Set up Python
|
||||||
uses: actions/setup-python@v5
|
uses: actions/setup-python@v5
|
||||||
@@ -89,8 +87,8 @@ jobs:
|
|||||||
- name: Commit corpus changes (if any)
|
- name: Commit corpus changes (if any)
|
||||||
id: commit
|
id: commit
|
||||||
run: |
|
run: |
|
||||||
git config user.name "<product>-docs-refresh"
|
git config user.name "hvm-docs-refresh"
|
||||||
git config user.email "actions@<your-domain>"
|
git config user.email "actions@jpaul.io"
|
||||||
git add bundles.json corpus
|
git add bundles.json corpus
|
||||||
if git diff --cached --quiet; then
|
if git diff --cached --quiet; then
|
||||||
echo "no corpus changes — skipping reindex and image build"
|
echo "no corpus changes — skipping reindex and image build"
|
||||||
@@ -132,49 +130,89 @@ jobs:
|
|||||||
if: steps.commit.outputs.changed == 'true' || inputs.force_build == true
|
if: steps.commit.outputs.changed == 'true' || inputs.force_build == true
|
||||||
run: python -m rag.index --rebuild
|
run: python -m rag.index --rebuild
|
||||||
|
|
||||||
# ---- Build & push image ------------------------------------
|
# ---- Build & push image (LAN endpoint, buildx) -------------
|
||||||
- name: Log in to registry (LAN endpoint)
|
- name: Set up Docker Buildx
|
||||||
if: steps.commit.outputs.changed == 'true' || inputs.force_build == true
|
if: steps.commit.outputs.changed == 'true' || inputs.force_build == true
|
||||||
run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login "${REGISTRY_PUSH}" -u "${{ github.repository_owner }}" --password-stdin
|
uses: docker/setup-buildx-action@v3
|
||||||
|
with:
|
||||||
|
# LAN registry is HTTP only. Buildkit needs an explicit
|
||||||
|
# insecure-registry config or it tries to upgrade to HTTPS.
|
||||||
|
config-inline: |
|
||||||
|
[registry."192.168.0.2:1234"]
|
||||||
|
http = true
|
||||||
|
insecure = true
|
||||||
|
|
||||||
- name: Build & push image
|
- name: Configure registry credentials for buildx
|
||||||
|
# Can't use docker/login-action against the LAN endpoint —
|
||||||
|
# the host docker daemon errors on HTTP-vs-HTTPS. Buildx reads
|
||||||
|
# ~/.docker/config.json directly, so write the auth ourselves.
|
||||||
if: steps.commit.outputs.changed == 'true' || inputs.force_build == true
|
if: steps.commit.outputs.changed == 'true' || inputs.force_build == true
|
||||||
# Runner shell is /bin/sh — use cut instead of ${VAR::N}.
|
env:
|
||||||
# Three tags: :latest (Watchtower target), :<sha12>
|
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
# (rollback pin), :<YYYY.MM.DD> (human-readable).
|
REGISTRY_USER: ${{ github.actor }}
|
||||||
run: |
|
run: |
|
||||||
SHA_TAG=$(echo "$GITHUB_SHA" | cut -c1-12)
|
mkdir -p ~/.docker
|
||||||
DATE_TAG=$(date -u +%Y.%m.%d)
|
AUTH=$(printf '%s:%s' "$REGISTRY_USER" "$REGISTRY_TOKEN" | base64 -w0)
|
||||||
docker build \
|
cat > ~/.docker/config.json <<EOF
|
||||||
-t "${REGISTRY_PUSH}/${IMAGE}:latest" \
|
{
|
||||||
-t "${REGISTRY_PUSH}/${IMAGE}:${SHA_TAG}" \
|
"auths": {
|
||||||
-t "${REGISTRY_PUSH}/${IMAGE}:${DATE_TAG}" \
|
"192.168.0.2:1234": {
|
||||||
.
|
"auth": "$AUTH"
|
||||||
docker push "${REGISTRY_PUSH}/${IMAGE}:latest"
|
}
|
||||||
docker push "${REGISTRY_PUSH}/${IMAGE}:${SHA_TAG}"
|
}
|
||||||
docker push "${REGISTRY_PUSH}/${IMAGE}:${DATE_TAG}"
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
- name: Compute tags
|
||||||
|
id: meta
|
||||||
|
if: steps.commit.outputs.changed == 'true' || inputs.force_build == true
|
||||||
|
uses: docker/metadata-action@v5
|
||||||
|
with:
|
||||||
|
# Tag with the LAN hostname so the push goes over LAN.
|
||||||
|
# docker-compose on the deploy host pulls via git.jpaul.io.
|
||||||
|
images: 192.168.0.2:1234/${{ github.repository_owner }}/${{ github.event.repository.name }}
|
||||||
|
tags: |
|
||||||
|
type=raw,value=latest
|
||||||
|
type=sha,prefix=,format=short
|
||||||
|
type=schedule,pattern={{date 'YYYY.MM.DD'}}
|
||||||
|
type=raw,value={{date 'YYYY.MM.DD'}}
|
||||||
|
# Override auto-derived labels with the PUBLIC URL so Gitea
|
||||||
|
# can auto-link the package back to this repo.
|
||||||
|
labels: |
|
||||||
|
org.opencontainers.image.source=https://git.jpaul.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
|
||||||
|
org.opencontainers.image.url=https://git.jpaul.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
|
||||||
|
|
||||||
|
- name: Build & push (amd64)
|
||||||
|
if: steps.commit.outputs.changed == 'true' || inputs.force_build == true
|
||||||
|
uses: docker/build-push-action@v6
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
platforms: linux/amd64
|
||||||
|
push: true
|
||||||
|
tags: ${{ steps.meta.outputs.tags }}
|
||||||
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
|
|
||||||
- name: Link container package to this repo
|
- name: Link container package to this repo
|
||||||
# Gitea container packages are owned by a USER, not a repo —
|
# Idempotent linkage so the package shows under the repo's
|
||||||
# they don't auto-appear under the repo's Packages tab.
|
# Packages tab. Gitea's auto-link from the source label is
|
||||||
# This API call creates the association. One-time-effective:
|
# unreliable in this setup (the runner reports an internal
|
||||||
# re-running returns 400 once linked, which we swallow.
|
# server URL), so we link explicitly. 201 = newly linked,
|
||||||
# Endpoint requires Gitea 1.21+.
|
# 400 = already linked (treated as success).
|
||||||
if: steps.commit.outputs.changed == 'true' || inputs.force_build == true
|
if: steps.commit.outputs.changed == 'true' || inputs.force_build == true
|
||||||
env:
|
env:
|
||||||
GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
||||||
run: |
|
run: |
|
||||||
OWNER="${{ github.repository_owner }}"
|
OWNER="${{ github.repository_owner }}"
|
||||||
PKG="${{ github.event.repository.name }}"
|
PKG="${{ github.event.repository.name }}"
|
||||||
BODY=$(mktemp)
|
code=$(curl -s -o /tmp/link.out -w "%{http_code}" -X POST \
|
||||||
CODE=$(curl -sS -o "$BODY" -w "%{http_code}" -X POST \
|
|
||||||
-H "Authorization: token ${GITEA_TOKEN}" \
|
-H "Authorization: token ${GITEA_TOKEN}" \
|
||||||
"https://${REGISTRY_PULL}/api/v1/packages/${OWNER}/container/${PKG}/-/link/${PKG}")
|
"https://git.jpaul.io/api/v1/packages/${OWNER}/container/${PKG}/-/link/${PKG}")
|
||||||
echo "link http=$CODE body=$(cat "$BODY")"
|
echo "link ${OWNER}/container/${PKG} -> ${PKG}: HTTP ${code}"
|
||||||
case "$CODE" in
|
body=$(cat /tmp/link.out)
|
||||||
201) echo "linked package to ${OWNER}/${PKG}" ;;
|
case "$code" in
|
||||||
400) echo "already linked (re-link returns 400) — ok" ;;
|
201) echo "OK — newly linked" ;;
|
||||||
*) echo "unexpected status $CODE"; exit 1 ;;
|
400|409) echo "OK — already linked: ${body}" ;;
|
||||||
|
*) echo "unexpected: ${body}"; exit 1 ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# ---- Registry GC -------------------------------------------
|
# ---- Registry GC -------------------------------------------
|
||||||
|
|||||||
+23
-17
@@ -1,6 +1,6 @@
|
|||||||
# Hosting stack for a docs MCP server.
|
# Hosting stack for a docs MCP server.
|
||||||
#
|
#
|
||||||
# Replace <product> below with your product name on first deploy.
|
# Replace hvm below with your product name on first deploy.
|
||||||
# Volumes: usage logs are mounted to a host path so they survive
|
# Volumes: usage logs are mounted to a host path so they survive
|
||||||
# Watchtower-driven container recreates.
|
# Watchtower-driven container recreates.
|
||||||
#
|
#
|
||||||
@@ -10,15 +10,15 @@
|
|||||||
services:
|
services:
|
||||||
|
|
||||||
# The MCP server. Watchtower auto-pulls on :latest changes.
|
# The MCP server. Watchtower auto-pulls on :latest changes.
|
||||||
<product>-docs-mcp:
|
hvm-docs-mcp:
|
||||||
image: <registry>/<owner>/<product>-docs-mcp:latest
|
image: git.jpaul.io/justin/hvm-docs:latest
|
||||||
container_name: <product>-docs-mcp
|
container_name: hvm-docs-mcp
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
ports:
|
ports:
|
||||||
- "8000:8000"
|
- "8000:8000"
|
||||||
environment:
|
environment:
|
||||||
PRODUCT_NAME: "<product>"
|
PRODUCT_NAME: "hvm"
|
||||||
PRODUCT_DOCS_URL: "https://docs.example.com"
|
PRODUCT_DOCS_URL: "https://support.hpe.com/hpesc/public/docDisplay?docId=sd00007735en_us"
|
||||||
|
|
||||||
# Streamable-HTTP transport. Stateless mode is required for
|
# Streamable-HTTP transport. Stateless mode is required for
|
||||||
# production: clients don't lose sessions when Watchtower
|
# production: clients don't lose sessions when Watchtower
|
||||||
@@ -28,19 +28,21 @@ services:
|
|||||||
MCP_PORT: "8000"
|
MCP_PORT: "8000"
|
||||||
|
|
||||||
# If you run MetaMCP or another gateway in front and reach
|
# If you run MetaMCP or another gateway in front and reach
|
||||||
# this container via its compose DNS name (e.g. <product>-docs-mcp:8000),
|
# this container via its compose DNS name (e.g. hvm-docs-mcp:8000),
|
||||||
# add that hostname here. "*" disables the rebind check entirely.
|
# add that hostname here. "*" disables the rebind check entirely.
|
||||||
MCP_ALLOWED_HOSTS: "<product>-docs-mcp,localhost,127.0.0.1"
|
MCP_ALLOWED_HOSTS: "hvm-docs-mcp,localhost,127.0.0.1"
|
||||||
|
|
||||||
# Phase 6 — reranker sidecar (jina-reranker-v2-base via llama.cpp).
|
# Phase 6 — reranker sidecar (jina-reranker-v2-base via llama.cpp).
|
||||||
RERANK_URL: http://<product>-rerank:8080
|
RERANK_URL: http://hvm-rerank:8080
|
||||||
RERANK_POOL: "200"
|
RERANK_POOL: "200"
|
||||||
RERANK_TIMEOUT: "30"
|
RERANK_TIMEOUT: "30"
|
||||||
|
|
||||||
# Phase 8 — hybrid retrieval (BM25 + dense + RRF). Set true
|
# Phase 8 — hybrid retrieval (BM25 + dense + RRF).
|
||||||
# only after the eval harness shows the dense-only path
|
# Eval on the HVM corpus (eval/results/baseline.md, 2026-05-22) shows
|
||||||
# missing technical-term queries that BM25 catches.
|
# BM25-default + reranker beats hybrid on every metric (MRR 0.920 vs
|
||||||
HYBRID_SEARCH: "true"
|
# 0.875). Leaving HYBRID_SEARCH off so search_docs runs BM25-first +
|
||||||
|
# reranker; dense is the fallback when BM25 finds nothing.
|
||||||
|
HYBRID_SEARCH: "false"
|
||||||
|
|
||||||
# Phase 10 — usage telemetry.
|
# Phase 10 — usage telemetry.
|
||||||
USAGE_LOG_DIR: /app/var/logs
|
USAGE_LOG_DIR: /app/var/logs
|
||||||
@@ -52,9 +54,9 @@ services:
|
|||||||
# DOC_BUG_API_URL: "https://docs-be.example.com/api/feedback"
|
# DOC_BUG_API_URL: "https://docs-be.example.com/api/feedback"
|
||||||
volumes:
|
volumes:
|
||||||
# Usage logs persist across container recreates.
|
# Usage logs persist across container recreates.
|
||||||
- ./<product>-docs-mcp-logs:/app/var/logs
|
- ./hvm-docs-mcp-logs:/app/var/logs
|
||||||
depends_on:
|
depends_on:
|
||||||
- <product>-rerank
|
- hvm-rerank
|
||||||
labels:
|
labels:
|
||||||
# Watchtower polls *only* containers with this label set true.
|
# Watchtower polls *only* containers with this label set true.
|
||||||
com.centurylinklabs.watchtower.enable: "true"
|
com.centurylinklabs.watchtower.enable: "true"
|
||||||
@@ -63,9 +65,13 @@ services:
|
|||||||
|
|
||||||
# Reranker sidecar — llama.cpp serving jina-reranker-v2-base.
|
# Reranker sidecar — llama.cpp serving jina-reranker-v2-base.
|
||||||
# Requires GPU access; adjust runtime/devices for your hardware.
|
# Requires GPU access; adjust runtime/devices for your hardware.
|
||||||
<product>-rerank:
|
#
|
||||||
|
# For dev / CPU-only hosts, swap this service for scripts/rerank_server.py
|
||||||
|
# (sentence-transformers ms-marco-MiniLM-L-6-v2). Same /v1/rerank shape,
|
||||||
|
# ~500ms/batch on CPU vs ~50ms on GPU with the jina GGUF.
|
||||||
|
hvm-rerank:
|
||||||
image: ghcr.io/ggml-org/llama.cpp:server-cuda
|
image: ghcr.io/ggml-org/llama.cpp:server-cuda
|
||||||
container_name: <product>-rerank
|
container_name: hvm-rerank
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
# Mount the GGUF model from the host. Download from huggingface
|
# Mount the GGUF model from the host. Download from huggingface
|
||||||
# (gguf-org/jina-reranker-v2-base-multilingual-GGUF) first.
|
# (gguf-org/jina-reranker-v2-base-multilingual-GGUF) first.
|
||||||
|
|||||||
Reference in New Issue
Block a user