Skip to content

ABI API

ABI API #905

Workflow file for this run

name: ABI API
env:
REGISTRY_NAME: ${{ github.event.repository.name }}-api
on:
workflow_run:
workflows:
- "Build ABI Container"
types:
- completed
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ACCESS_TOKEN }}
- name: Install naas-python
run: |
pip install naas-python --upgrade
pip install --upgrade pydantic==2.7.4
- name: Create Naas Container registry
run: |
naas-python registry create --name ${{ env.REGISTRY_NAME }} || echo "Registry already exists"
env:
NAAS_CREDENTIALS_JWT_TOKEN: ${{ secrets.NAAS_CREDENTIALS_JWT_TOKEN }}
- name: Test API with production secrets before deployment
env:
NAAS_CREDENTIALS_JWT_TOKEN: ${{ secrets.NAAS_CREDENTIALS_JWT_TOKEN }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
ABI_API_KEY: ${{ secrets.ABI_API_KEY }}
NAAS_API_KEY: ${{ secrets.NAAS_CREDENTIALS_JWT_TOKEN }}
run: |
# Test API initialization with production secrets before deployment
docker run --rm \
-e ABI_API_KEY="$ABI_API_KEY" \
-e NAAS_API_KEY="$NAAS_API_KEY" \
-e NAAS_CREDENTIALS_JWT_TOKEN="$NAAS_CREDENTIALS_JWT_TOKEN" \
-e OPENAI_API_KEY="$OPENAI_API_KEY" \
-e GITHUB_ACCESS_TOKEN="$ACCESS_TOKEN" \
-e TEST_INIT="true" \
ghcr.io/${{ github.repository }}/abi:latest uv run --no-dev python -m naas_abi_core.apps.api.api
- name: Push latest abi container
env:
NAAS_CREDENTIALS_JWT_TOKEN: ${{ secrets.NAAS_CREDENTIALS_JWT_TOKEN }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
ABI_API_KEY: ${{ secrets.ABI_API_KEY }}
SUPPORT_ACCESS_TOKEN: ${{ secrets.SUPPORT_ACCESS_TOKEN }}
run: |
docker pull ghcr.io/${{ github.repository }}/abi:latest
export URI=`naas-python registry get -n ${{ env.REGISTRY_NAME }} | grep -v 'URI' | awk '{print $3}'`
# Generate timestamp to tag image
TIMESTAMP=$(date +%s)
# Get SHA256 digest for deployment
IMAGE_SHA=$(docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/${{ github.repository }}/abi:latest | cut -d'@' -f2)
docker tag ghcr.io/${{ github.repository }}/abi:latest $URI:$TIMESTAMP
naas-python registry docker-login -n ${{ env.REGISTRY_NAME }}
docker push $URI:$TIMESTAMP
ENV_CONFIG="{\
\"OPENAI_API_KEY\":\"$OPENAI_API_KEY\",\
\"NAAS_API_KEY\":\"$NAAS_CREDENTIALS_JWT_TOKEN\",\
\"GITHUB_ACCESS_TOKEN\":\"$SUPPORT_ACCESS_TOKEN\",\
\"ABI_API_KEY\":\"$ABI_API_KEY\"\
}"
naas-python space create --name=${{ env.REGISTRY_NAME }} --image=$URI@$IMAGE_SHA --port=9879 --cpu=1 --memory=1Gi --env "$ENV_CONFIG" \
|| naas-python space update --name=${{ env.REGISTRY_NAME }} --image=$URI@$IMAGE_SHA --port=9879 --cpu=1 --memory=1Gi --env "$ENV_CONFIG"
- name: Verify API deployment and version
run: |
echo "🔍 Verifying API deployment with expected version..."
# Get current commit hash
CURRENT_COMMIT=$(git rev-parse HEAD)
CURRENT_COMMIT_SHORT=$(git rev-parse --short HEAD)
echo "Current commit (full): $CURRENT_COMMIT"
echo "Current commit (short): $CURRENT_COMMIT_SHORT"
# The API reports its version via get_git_tag() -> the VERSION file baked
# into the image at build time from `git describe --tags`
# (see .deploy/docker/images/Dockerfile.linux.x86_64). Use the exact same
# source of truth here so the strings can actually match.
EXPECTED_VERSION=$(git describe --tags 2>/dev/null || echo "unknown")
echo "✅ Expected version (git describe --tags): $EXPECTED_VERSION"
# API URL based on registry name
API_URL="https://${{ env.REGISTRY_NAME }}.default.space.naas.ai"
OPENAPI_URL="$API_URL/openapi.json"
echo "Checking API at: $OPENAPI_URL"
# Wait for API to be ready with correct version. A fresh space
# create/update is a cold start (image pull + app boot + DNS/TLS) that
# routinely takes longer than 5 minutes, so allow up to 15.
TIMEOUT=900 # 15 minutes
INTERVAL=10 # Check every 10 seconds
ELAPSED=0
while [ $ELAPSED -lt $TIMEOUT ]; do
echo "Attempt $((ELAPSED/INTERVAL + 1)): Checking API version..."
# Try to get the version from OpenAPI endpoint
RESPONSE=$(curl -s "$OPENAPI_URL" 2>/dev/null || echo "")
if [ -n "$RESPONSE" ]; then
# Extract version from JSON response
ACTUAL_VERSION=$(echo "$RESPONSE" | grep -o '"version":"[^"]*' | cut -d'"' -f4)
if [ -n "$ACTUAL_VERSION" ]; then
echo "API responded with version: $ACTUAL_VERSION"
if [ "$ACTUAL_VERSION" = "$EXPECTED_VERSION" ]; then
echo "✅ API deployment verified! Version matches: $ACTUAL_VERSION"
exit 0
else
echo "⚠️ Version mismatch. Expected: $EXPECTED_VERSION, Got: $ACTUAL_VERSION"
fi
else
echo "⚠️ Could not extract version from API response"
fi
else
echo "⚠️ API not responding yet..."
fi
sleep $INTERVAL
ELAPSED=$((ELAPSED + INTERVAL))
done
echo "❌ Timeout: API did not respond with expected version after 5 minutes"
echo "Expected: $EXPECTED_VERSION"
echo "Last response: $RESPONSE"
exit 1
streamlit-demo:
runs-on: ubuntu-latest
timeout-minutes: 10
env:
REGISTRY_NAME: ${{ github.event.repository.name }}-demo-streamlit
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ACCESS_TOKEN }}
- name: Install naas-python
run: |
pip install naas-python --upgrade
pip install --upgrade pydantic==2.7.4
- name: Create Naas Container registry
run: |
naas-python registry create --name ${{ env.REGISTRY_NAME }} || echo "Registry already exists"
env:
NAAS_CREDENTIALS_JWT_TOKEN: ${{ secrets.NAAS_CREDENTIALS_JWT_TOKEN }}
- name: Push latest abi container
env:
NAAS_CREDENTIALS_JWT_TOKEN: ${{ secrets.NAAS_CREDENTIALS_JWT_TOKEN }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
ABI_API_KEY: ${{ secrets.ABI_API_KEY }}
GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
run: |
docker pull ghcr.io/${{ github.repository }}/abi:latest
docker tag ghcr.io/${{ github.repository }}/abi:latest abi:latest
docker build -t streamlit-demo -f libs/naas-abi-marketplace/naas_abi_marketplace/__demo__/apps/streamlit/Dockerfile .
export URI=`naas-python registry get -n ${{ env.REGISTRY_NAME }} | grep -v 'URI' | awk '{print $3}'`
# Generate timestamp to tag image
TIMESTAMP=$(date +%s)
# Get SHA256 digest for deployment
IMAGE_SHA=$(docker inspect --format='{{.Id}}' streamlit-demo | cut -d':' -f2)
docker tag streamlit-demo $URI:$TIMESTAMP
naas-python registry docker-login -n ${{ env.REGISTRY_NAME }}
docker push $URI:$TIMESTAMP
ENV_CONFIG="{\
\"OPENAI_API_KEY\":\"$OPENAI_API_KEY\",\
\"NAAS_API_KEY\":\"$NAAS_CREDENTIALS_JWT_TOKEN\",\
\"GITHUB_ACCESS_TOKEN\":\"$ACCESS_TOKEN\",\
\"ABI_API_KEY\":\"$ABI_API_KEY\",\
\"GOOGLE_API_KEY\":\"$GOOGLE_API_KEY\"\
}"
naas-python space create --name=${{ env.REGISTRY_NAME }} --image=$URI@sha256:$IMAGE_SHA --port=8501 --cpu=1 --memory=1Gi --env "$ENV_CONFIG" \
|| naas-python space update --name=${{ env.REGISTRY_NAME }} --image=$URI@sha256:$IMAGE_SHA --port=8501 --cpu=1 --memory=1Gi --env "$ENV_CONFIG"
mcp-server:
runs-on: ubuntu-latest
timeout-minutes: 10
needs: build # Wait for API to be deployed first
env:
REGISTRY_NAME: ${{ github.event.repository.name }}-mcp-server
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ACCESS_TOKEN }}
- name: Install naas-python
run: |
pip install naas-python --upgrade
pip install --upgrade pydantic==2.7.4
- name: Create Naas Container registry
run: |
naas-python registry create --name ${{ env.REGISTRY_NAME }} || echo "Registry already exists"
env:
NAAS_CREDENTIALS_JWT_TOKEN: ${{ secrets.NAAS_CREDENTIALS_JWT_TOKEN }}
- name: Build and push MCP server container
env:
NAAS_CREDENTIALS_JWT_TOKEN: ${{ secrets.NAAS_CREDENTIALS_JWT_TOKEN }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
ABI_API_KEY: ${{ secrets.ABI_API_KEY }}
run: |
docker pull ghcr.io/${{ github.repository }}/abi:latest
docker tag ghcr.io/${{ github.repository }}/abi:latest abi:latest
docker build -t mcp-server -f libs/naas-abi-core/naas_abi_core/apps/mcp/Dockerfile.mcp .
export URI=`naas-python registry get -n ${{ env.REGISTRY_NAME }} | grep -v 'URI' | awk '{print $3}'`
# Generate timestamp to tag image
TIMESTAMP=$(date +%s)
# Get SHA256 digest for deployment
IMAGE_SHA=$(docker inspect --format='{{.Id}}' mcp-server | cut -d':' -f2)
docker tag mcp-server $URI:$TIMESTAMP
naas-python registry docker-login -n ${{ env.REGISTRY_NAME }}
docker push $URI:$TIMESTAMP
ENV_CONFIG="{\
\"OPENAI_API_KEY\":\"$OPENAI_API_KEY\",\
\"NAAS_API_KEY\":\"$NAAS_CREDENTIALS_JWT_TOKEN\",\
\"GITHUB_ACCESS_TOKEN\":\"$ACCESS_TOKEN\",\
\"ABI_API_KEY\":\"$ABI_API_KEY\",\
\"ABI_API_BASE\":\"https://${{ github.event.repository.name }}-api.default.space.naas.ai\",\
\"MCP_TRANSPORT\":\"http\"\
}"
naas-python space create --name=${{ env.REGISTRY_NAME }} --image=$URI@sha256:$IMAGE_SHA --port=3000 --cpu=1 --memory=1Gi --env "$ENV_CONFIG" \
|| naas-python space update --name=${{ env.REGISTRY_NAME }} --image=$URI@sha256:$IMAGE_SHA --port=3000 --cpu=1 --memory=1Gi --env "$ENV_CONFIG"