Merge commit '74cc8a4685' as 'ai-context/trustgraph-templates'

This commit is contained in:
elpresidank 2026-04-05 21:09:49 -05:00
commit c386f68743
1216 changed files with 116347 additions and 0 deletions

View file

@ -0,0 +1,25 @@
name: CLA Assistant
on:
issue_comment:
types: [created]
pull_request_target:
types: [opened, synchronize, reopened]
permissions:
actions: write
contents: write
pull-requests: write
statuses: write
jobs:
CLAssistant:
runs-on: ubuntu-latest
steps:
- name: CLA Assistant
uses: trustgraph-ai/contributor-license-agreement/action@main
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_ASSISTANT_PAT }}
with:
allowlist: 'dependabot,dependabot[bot],github-actions,github-actions[bot]'

View file

@ -0,0 +1,76 @@
name: Deploy to prod
on:
workflow_dispatch:
push:
# Deploys on master branch
branches:
- master
permissions:
contents: read
id-token: 'write'
packages: read
jobs:
deploy:
name: Deploy to prod
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Get version
id: version
run: echo VERSION=sha-$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT
# Python package version MUST be a semantic version, but also doesn't
# matter, so just setting to 0.0.0.
# The container version MUST change on every push to get Cloud Run
# to re-deploy, so is based on git hash.
- name: Build container
run: make PACKAGE_VERSION=0.0.0 VERSION=${{ steps.version.outputs.VERSION }}
- name: Log in to the container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- id: auth
name: Authenticate with Google Cloud
uses: google-github-actions/auth@v2
with:
token_format: access_token
workload_identity_provider: projects/351149249312/locations/global/workloadIdentityPools/deploy/providers/github
service_account: deploy@trustgraph-ai.iam.gserviceaccount.com
access_token_lifetime: 900s
create_credentials_file: true
- name: Login to Artifact Registry
uses: redhat-actions/podman-login@v1
with:
registry: europe-west1-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- name: Install Pulumi
run: cd pulumi && npm install
- name: Applying infrastructure 🚀🙏
uses: pulumi/actions@v3
with:
command: up
stack-name: prod
work-dir: pulumi
cloud-url: gs://trustgraph-ai-deploy/config-svc
env:
PULUMI_CONFIG_PASSPHRASE: ""
IMAGE_VERSION: ${{ steps.version.outputs.VERSION }}

View file

@ -0,0 +1,31 @@
name: Test pull request
on:
pull_request:
permissions:
contents: read
jobs:
container-push:
name: Run tests
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup environment
run: |
python3 -m venv env
. env/bin/activate
pip install -e .[dev]
- name: Run pytest tests
run: |
. env/bin/activate
pytest -v --tb=short

View file

@ -0,0 +1,45 @@
name: Undeploy to prod
on:
workflow_dispatch:
permissions:
contents: read
id-token: 'write'
jobs:
deploy:
name: Undeploy to prod
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- id: auth
name: Authenticate with Google Cloud
uses: google-github-actions/auth@v2
with:
token_format: access_token
workload_identity_provider: projects/514167726704/locations/global/workloadIdentityPools/deploy/providers/deploy
service_account: deploy@kalntera-demo.iam.gserviceaccount.com
access_token_lifetime: 900s
create_credentials_file: true
- name: Install Pulumi
run: cd pulumi && npm install
- name: Destroy infrastructure ☠🔥
uses: pulumi/actions@v3
with:
command: destroy
stack-name: prod
work-dir: pulumi
cloud-url: gs://trustgraph-deploy/config-ui
env:
PULUMI_CONFIG_PASSPHRASE: ""