jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/deployments/Makefile
Jeremie Fraeys c459285cab
chore(deploy): update deployment configs and TUI for scheduler 
Update deployment and CLI tooling:
- TUI models (jobs, state) with scheduler data
- TUI store with scheduler endpoints
- TUI config with scheduler settings
- Deployment Makefile with scheduler targets
- Deploy script with scheduler registration
- Docker Compose files with scheduler services
- Remove obsolete Dockerfiles (api-server, full-prod, test)
- Update remaining Dockerfiles with scheduler integration
2026-02-26 12:08:31 -05:00

202 lines
8.3 KiB
Makefile
Raw Blame History

# Docker Compose Deployment Management
.PHONY: help dev-up dev-down dev-logs dev-restart staging-up staging-down staging-logs staging-restart staging-status homelab-secure-up homelab-secure-down prod-up prod-down prod-logs prod-restart prod-status status clean rollback security-mode check-audit-sink health-check security-scan
# Default target
help: ## Show this help message
@echo "Available commands:"
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-25s\033[0m %s\n", $$1, $$2}'
# Development environment
dev-up: ## Start development environment
@echo "Starting development environment..."
docker-compose -f docker-compose.dev.yml up -d
@echo "Services: Caddy (8080/8443), Redis (6379), Prometheus (9090), Grafana (3000)"
dev-down: ## Stop development environment
@echo "Stopping development environment..."
docker-compose -f docker-compose.dev.yml down
dev-logs: ## Show development logs
docker-compose -f docker-compose.dev.yml logs -f
dev-restart: ## Restart development environment
@echo "Restarting development environment..."
docker-compose -f docker-compose.dev.yml restart
# Staging environment
staging-up: ## Start staging environment
@echo "Starting staging environment..."
@if [ ! -f .env.staging ]; then \
echo "Creating staging environment file..."; \
echo "DATA_DIR=./data/staging" > .env.staging; \
echo "LOG_LEVEL=info" >> .env.staging; \
echo "COMPLIANCE_MODE=standard" >> .env.staging; \
fi
docker-compose -f docker-compose.staging.yml up -d
@echo "Staging services: Caddy (9080/9443), Redis (6380), API (9102), MinIO (9002/9003)"
staging-down: ## Stop staging environment
@echo "Stopping staging environment..."
docker-compose -f docker-compose.staging.yml down
staging-logs: ## Show staging logs
docker-compose -f docker-compose.staging.yml logs -f
staging-restart: ## Restart staging environment
@echo "Restarting staging environment..."
docker-compose -f docker-compose.staging.yml restart
staging-status: ## Show staging status
docker-compose -f docker-compose.staging.yml ps
# Homelab environment
homelab-secure-up: ## Start secure homelab environment
@echo "Starting secure homelab environment..."
docker-compose -f docker-compose.homelab-secure.yml up -d
homelab-secure-down: ## Stop secure homelab environment
@echo "Stopping secure homelab environment..."
docker-compose -f docker-compose.homelab-secure.yml down
# Production environment
prod-up: ## Start production environment
@echo "Starting production environment..."
@echo "⚠ WARNING: This is production! Ensure you have proper backups."
@read -p "Continue? [y/N] " confirm && [ "$$confirm" = "y" ] || exit 1
docker-compose -f docker-compose.prod.yml up -d
prod-down: ## Stop production environment
@echo "Stopping production environment..."
docker-compose -f docker-compose.prod.yml down
prod-logs: ## Show production logs
docker-compose -f docker-compose.prod.yml logs -f
prod-restart: ## Restart production environment
@echo "Restarting production environment..."
@read -p "Restart production? [y/N] " confirm && [ "$$confirm" = "y" ] || exit 1
docker-compose -f docker-compose.prod.yml restart
prod-status: ## Show production status
docker-compose -f docker-compose.prod.yml ps
# Utility commands
status: ## Show status of all environments
@echo "=== Development Status ==="
@if [ -f docker-compose.dev.yml ]; then \
docker-compose -f docker-compose.dev.yml ps 2>/dev/null || echo "Not running"; \
fi
@echo ""
@echo "=== Staging Status ==="
@if [ -f docker-compose.staging.yml ]; then \
docker-compose -f docker-compose.staging.yml ps 2>/dev/null || echo "Not running"; \
fi
@echo ""
@echo "=== Homelab Secure Status ==="
@if [ -f docker-compose.homelab-secure.yml ]; then \
docker-compose -f docker-compose.homelab-secure.yml ps 2>/dev/null || echo "Not running"; \
fi
@echo ""
@echo "=== Production Status ==="
@if [ -f docker-compose.prod.yml ]; then \
docker-compose -f docker-compose.prod.yml ps 2>/dev/null || echo "Not running"; \
fi
clean: ## Clean up all containers and volumes
@echo "Cleaning up all Docker resources..."
@echo "This will remove all containers and volumes. Continue? [y/N]"
@read -r confirm && [ "$$confirm" = "y" ] || exit 1
docker-compose -f docker-compose.dev.yml down -v 2>/dev/null || true
docker-compose -f docker-compose.staging.yml down -v 2>/dev/null || true
docker-compose -f docker-compose.homelab-secure.yml down -v 2>/dev/null || true
docker-compose -f docker-compose.prod.yml down -v 2>/dev/null || true
docker system prune -f
@echo "Cleanup complete."
# Security mode targets
security-mode-dev: ## Run worker in dev security mode
@echo "Running with dev security mode (relaxed validation)..."
COMPLIANCE_MODE=dev docker-compose -f docker-compose.dev.yml up -d worker
security-mode-standard: ## Run worker in standard security mode
@echo "Running with standard security mode..."
COMPLIANCE_MODE=standard docker-compose -f docker-compose.dev.yml up -d worker
security-mode-hipaa: ## Run worker in HIPAA security mode
@echo "Running with HIPAA security mode (strict compliance)..."
@echo "✓ Network mode: none"
@echo "✓ Seccomp profile: default-hardened"
@echo "✓ No new privileges: enforced"
@echo "✓ Audit sink: required"
@read -p "Confirm HIPAA mode deployment? [y/N] " confirm && [ "$$confirm" = "y" ] || exit 1
COMPLIANCE_MODE=hipaa docker-compose -f docker-compose.dev.yml up -d worker
# Rollback targets
rollback-staging: ## Rollback staging deployment
@echo "Rolling back staging deployment..."
@echo "⚠ This rolls back the image only - queue state and audit log are NOT rolled back"
@read -p "Continue with rollback? [y/N] " confirm && [ "$$confirm" = "y" ] || exit 1
docker-compose -f docker-compose.staging.yml down
@if [ -f .staging-deployment.log ]; then \
PREVIOUS_TAG=$$(tail -2 .staging-deployment.log | head -1 | grep -o 'tag=[^ ]*' | cut -d'=' -f2 || echo "latest"); \
echo "Previous tag: $$PREVIOUS_TAG"; \
docker-compose -f docker-compose.staging.yml up -d; \
fi
@echo "$$(date -Iseconds) | rollback | staging | actor=$$(whoami)" >> .staging-audit.log
rollback-prod: ## Rollback production deployment
@echo "Rolling back production deployment..."
@echo "⚠ CRITICAL: This rolls back the image only"
@echo "⚠ Queue state is NOT rolled back"
@echo "⚠ Audit log chain is NOT rolled back (must never break chain)"
@echo "⚠ New artifacts remain in storage"
@read -p "CONFIRM PRODUCTION ROLLBACK? [yes/N] " confirm && [ "$$confirm" = "yes" ] || exit 1
docker-compose -f docker-compose.prod.yml down
@if [ -f .prod-audit.log ]; then \
PREVIOUS_SHA=$$(tail -2 .prod-audit.log | head -1 | grep -o 'sha-[a-f0-9]*' || echo "previous"); \
echo "Rolling back to: $$PREVIOUS_SHA"; \
docker-compose -f docker-compose.prod.yml up -d; \
fi
@echo "$$(date -Iseconds) | rollback | prod | actor=$$(whoami)" >> .prod-audit.log
@echo "Rollback complete. Verify health: make prod-status"
check-audit-sink: ## Check audit sink reachability
@echo "Checking audit sink..."
@if [ -f ../scripts/check-audit-sink.sh ]; then \
../scripts/check-audit-sink.sh --env staging; \
else \
echo "Audit sink check script not found"; \
fi
health-check: ## Run health checks on all environments
@echo "=== Health Checks ==="
@echo "Development (localhost:9101):"
@curl -fsS http://localhost:9101/health 2>/dev/null && echo "✓ Healthy" || echo "✗ Not responding"
@echo ""
@echo "Staging (localhost:9102):"
@curl -fsS http://localhost:9102/health 2>/dev/null && echo "✓ Healthy" || echo "✗ Not responding"
@echo ""
@echo "Production (localhost:9101):"
@curl -fsS http://localhost:9101/health 2>/dev/null && echo "✓ Healthy" || echo "✗ Not responding"
security-scan: ## Run security scanners locally
@echo "Running security scanners..."
@if command -v gosec >/dev/null 2>&1; then \
echo "Running gosec..."; \
cd .. && gosec ./... 2>/dev/null || echo "gosec found issues"; \
else \
echo "gosec not installed - skipping"; \
fi
@if command -v nancy >/dev/null 2>&1; then \
echo "Running nancy..."; \
cd .. && go list -json -deps ./... 2>/dev/null | nancy sleuth 2>/dev/null || echo "nancy found issues"; \
else \
echo "nancy not installed - skipping"; \
fi
# Quick aliases
up: dev-up ## Alias for dev-up
down: dev-down ## Alias for dev-down
logs: dev-logs ## Alias for dev-logs
restart: dev-restart ## Alias for dev-restart
Reference in a new issue View git blame Copy permalink