Files
seed-mcp/.gitea/workflows/image-only.yml
T
justin cd4a0f3148 CI fix + Drawbar-stack deploy pattern
CI was failing on the "Rebuild indexes from committed corpus" step
with httpx.ConnectError [Errno 111] — `localhost:11434` in the
OLLAMA_URL pool resolves to the Gitea Actions runner CONTAINER's
own localhost (no Ollama there), not the host. Fix: drop localhost
from CI's pool; it stays useful for dev runs from the workstation
where the TITAN X serves Ollama on the host loopback.

Final CI pool — 3 LAN endpoints, weighted to .0.125 (4090):
  .0.125:11434  ×4 (RTX 40-series, 242 embeds/sec)
  .0.2:11436    ×2 (GPU-pinned,    108 embeds/sec)
  .0.2:11435    ×1 (GPU-pinned,     72 embeds/sec)

deploy/docker-compose.yml — rewrite to match Drawbar's actual
parent-stack pattern, learned by inspecting how chem-mcp is
deployed on trashpanda:

  - Service name `seed-mcp` (matches chem-mcp's pattern). Reached
    via docker DNS as `seed-mcp:8080` from drawbar-backend-api.
  - Internal-only (no host port), expose 8080 only.
  - MCP_PORT=8080 inside container (chem-mcp uses 8080 too).
  - OLLAMA_URL via host.docker.internal:11434 (trashpanda's Ollama
    runs on the host). extra_hosts maps host-gateway.
  - RERANK_URL: http://llama-rerank:8080 — but llama-rerank is on
    the default `bridge` network, not drawbar-backend_default,
    so chem-mcp's reranker silently fails! Documented patch:
       docker network connect drawbar-backend_default llama-rerank
    Fixes rerank for BOTH chem-mcp (today: dense-only fallback)
    and the new seed-mcp.
  - Watchtower label set so CI pushes to :latest auto-deploy.

Documented llama-rerank service block as an alternative for
bringing the sidecar fully into the parent compose stack, with the
ubatch-size flag the seed corpus needs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 17:23:03 -04:00

122 lines
4.5 KiB
YAML

name: Image rebuild (skip scrape)
# Fast path for code-only changes. Skips the scrape and goes straight
# to: rebuild indexes (from corpus already committed on main) + image
# build + push. Runtime ~10 min vs ~2-3 h for the full monthly refresh.
#
# Use when a PR only changes code/config — anything where the upstream
# seed catalogs haven't moved but we want the new Python in the
# running image.
on:
workflow_dispatch:
push:
branches:
- main
paths:
- "docs_mcp/**"
- "rag/**"
- "scrape/**"
- "requirements.txt"
- "Dockerfile"
- "sources.json"
# If multiple pushes land in quick succession, cancel the older one
# rather than queueing both — each run is non-trivial and the older
# commit's image just gets overwritten by the newer one anyway.
concurrency:
group: image-only
cancel-in-progress: true
env:
REGISTRY_PUSH: 192.168.0.2:1234
REGISTRY_PULL: git.jpaul.io
IMAGE: ${{ github.repository_owner }}/${{ github.event.repository.name }}
# 3-GPU LAN pool, weighted toward .0.125 (4090). See refresh.yml for
# the bench numbers. .0.2:11434 excluded (not GPU-pinned). localhost
# excluded from CI (runner container has no Ollama on its loopback;
# works in dev but fails in CI with connection refused).
OLLAMA_URL: http://192.168.0.125:11434,http://192.168.0.125:11434,http://192.168.0.125:11434,http://192.168.0.125:11434,http://192.168.0.2:11436,http://192.168.0.2:11436,http://192.168.0.2:11435
EMBED_MODEL: nomic-embed-text
PRODUCT_NAME: crop_seed
jobs:
build:
runs-on: docker
container:
image: catthehacker/ubuntu:act-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install -q --upgrade pip
python -m pip install -q -r requirements.txt
- name: Verify committed corpus is present
run: |
test -d corpus || { echo "ERROR: corpus/ missing on this ref"; exit 1; }
n_md=$(find corpus -name '*.md' | wc -l)
n_json=$(find corpus -name '*.json' | wc -l)
echo "corpus: $(du -sh corpus | cut -f1) on disk, ${n_md} .md / ${n_json} .json"
- name: Rebuild indexes from committed corpus
run: python -m rag.index --rebuild
- name: Log in to Gitea container registry
run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login "${REGISTRY_PUSH}" -u "${{ github.repository_owner }}" --password-stdin
- name: Build & push image
run: |
SHA_TAG=$(echo "$GITHUB_SHA" | cut -c1-12)
CORPUS_TAG="corpus-$(date -u +%Y.%m.%d)"
docker build \
-t "${REGISTRY_PUSH}/${IMAGE}:latest" \
-t "${REGISTRY_PUSH}/${IMAGE}:${SHA_TAG}" \
-t "${REGISTRY_PUSH}/${IMAGE}:${CORPUS_TAG}" \
.
docker push "${REGISTRY_PUSH}/${IMAGE}:latest"
docker push "${REGISTRY_PUSH}/${IMAGE}:${SHA_TAG}"
docker push "${REGISTRY_PUSH}/${IMAGE}:${CORPUS_TAG}"
- name: Link container package to this repo
env:
GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
run: |
OWNER="${{ github.repository_owner }}"
PKG="${{ github.event.repository.name }}"
BODY=$(mktemp)
CODE=$(curl -sS -o "$BODY" -w "%{http_code}" -X POST \
-H "Authorization: token ${GITEA_TOKEN}" \
"https://${REGISTRY_PULL}/api/v1/packages/${OWNER}/container/${PKG}/-/link/${PKG}")
echo "link http=$CODE body=$(cat "$BODY")"
case "$CODE" in
201) echo "linked package to ${OWNER}/${PKG}" ;;
400) echo "already linked — ok" ;;
*) echo "unexpected status $CODE"; exit 1 ;;
esac
- name: Prune old container versions
# GC requires broader scope than REGISTRY_TOKEN's push perms
# (HTTP 403 on /packages/.../versions). Non-critical —
# housekeeping only. Don't fail the whole run.
# TODO: issue separate PAT with admin:package scope and set
# as PACKAGES_ADMIN_TOKEN.
continue-on-error: true
env:
GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
run: |
python scripts/registry_gc.py \
--owner "${{ github.repository_owner }}" \
--package "${{ github.event.repository.name }}" \
--keep-days 180 \
--keep-latest 6