From 474ffacb358e526aef1090d9fc72f127fcb998a8 Mon Sep 17 00:00:00 2001 From: bleuxsy <100823803+bleuxsy@users.noreply.github.com> Date: Wed, 20 Aug 2025 13:31:58 +0900 Subject: [PATCH 01/11] feat: Add the ai-workflow for CI/CD #5 --- .github/workflows/ai-workflow.yml | 85 +++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 .github/workflows/ai-workflow.yml diff --git a/.github/workflows/ai-workflow.yml b/.github/workflows/ai-workflow.yml new file mode 100644 index 0000000..61b33b5 --- /dev/null +++ b/.github/workflows/ai-workflow.yml @@ -0,0 +1,85 @@ + +name: CI/CD for AI Service + + +on: + push: + branches: [ "release/1.0.0" ] + paths: + - 'msa-ai-service/**' + +# 워크플로우 전체에서 사용할 환경 변수 +env: + AWS_REGION: ap-northeast-2 + SERVICE_DIR: msa-ai-service # 서비스의 디렉토리 이름 + ECR_REPOSITORY: ai-service # ECR 리포지토리 및 ECS 서비스 이름 + ECS_CLUSTER_NAME: DevCluster # ECS 클러스터 이름 + ECS_TASK_DEFINITION_FAMILY: ai-service-td # ECS 태스크 정의 패밀리 이름 + CONTAINER_NAME: msa-ai-service # Task Definition 안의 컨테이너 이름 + +# GitHub Actions Runner에 부여할 권한 (AWS OIDC 인증용) +permissions: + id-token: write + contents: read + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + # 1. 소스 코드 체크아웃 + - name: Checkout code + uses: actions/checkout@v4 + + # 2. AWS 자격 증명 설정 (OIDC 역할 사용) + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::490913547024:role/gitactionToECR # 기존에 사용하던 역할 ARN + aws-region: ${{ env.AWS_REGION }} + + # 3. Amazon ECR 로그인 + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + # 4. 이미지 태그로 사용할 짧은 Git 커밋 해시 생성 + - name: Set short git commit SHA + id: vars + run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + # 5. Docker 이미지 빌드 및 ECR에 푸시 + - name: Build, tag, and push image to Amazon ECR + id: build-image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + IMAGE_TAG: ${{ steps.vars.outputs.sha_short }} + run: | + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f ./${{ env.SERVICE_DIR }}/Dockerfile ./${{ env.SERVICE_DIR }} + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT + + # 6. 최신 ECS 태스크 정의 파일 다운로드 + + - name: Download task definition + id: download-task-def + run: | + aws ecs describe-task-definition --task-definition ${{ env.ECS_TASK_DEFINITION_FAMILY }} --query taskDefinition > task-definition.json + echo "file=task-definition.json" >> $GITHUB_OUTPUT + + + - name: Render Amazon ECS task definition + id: render-task-def + uses: aws-actions/amazon-ecs-render-task-definition@v1 + with: + task-definition: ${{ steps.download-task-def.outputs.file }} + container-name: ${{ env.CONTAINER_NAME }} + image: ${{ steps.build-image.outputs.image }} + + # 8. 새로운 태스크 정의를 ECS 서비스에 배포 + - name: Deploy Amazon ECS task definition + uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + with: + task-definition: ${{ steps.render-task-def.outputs.task-definition }} + service: ${{ env.ECR_REPOSITORY }} + cluster: ${{ env.ECS_CLUSTER_NAME }} + wait-for-service-stability: true \ No newline at end of file From 92e51a82d0920e703806778ff43d6c4860ffd389 Mon Sep 17 00:00:00 2001 From: bleuxsy <100823803+bleuxsy@users.noreply.github.com> Date: Wed, 20 Aug 2025 13:33:48 +0900 Subject: [PATCH 02/11] feat: Add the ai-workflow for CI/CD #5 --- .github/workflows/ai-workflow.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ai-workflow.yml b/.github/workflows/ai-workflow.yml index 61b33b5..0bd265a 100644 --- a/.github/workflows/ai-workflow.yml +++ b/.github/workflows/ai-workflow.yml @@ -11,11 +11,11 @@ on: # 워크플로우 전체에서 사용할 환경 변수 env: AWS_REGION: ap-northeast-2 - SERVICE_DIR: msa-ai-service # 서비스의 디렉토리 이름 - ECR_REPOSITORY: ai-service # ECR 리포지토리 및 ECS 서비스 이름 - ECS_CLUSTER_NAME: DevCluster # ECS 클러스터 이름 - ECS_TASK_DEFINITION_FAMILY: ai-service-td # ECS 태스크 정의 패밀리 이름 - CONTAINER_NAME: msa-ai-service # Task Definition 안의 컨테이너 이름 + SERVICE_DIR: msa-ai-service + ECR_REPOSITORY: ai-service + ECS_CLUSTER_NAME: DevCluster + ECS_TASK_DEFINITION_FAMILY: ai-service-td + CONTAINER_NAME: msa-ai-service # GitHub Actions Runner에 부여할 권한 (AWS OIDC 인증용) permissions: From 15ef033696e76f62d62fd28f06baedaa0d4fee41 Mon Sep 17 00:00:00 2001 From: bleuxsy <100823803+bleuxsy@users.noreply.github.com> Date: Wed, 20 Aug 2025 13:35:55 +0900 Subject: [PATCH 03/11] feat: Add the ai-workflow for CI/CD #5 --- .github/workflows/ai-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ai-workflow.yml b/.github/workflows/ai-workflow.yml index 0bd265a..1cace99 100644 --- a/.github/workflows/ai-workflow.yml +++ b/.github/workflows/ai-workflow.yml @@ -8,7 +8,7 @@ on: paths: - 'msa-ai-service/**' -# 워크플로우 전체에서 사용할 환경 변수 + env: AWS_REGION: ap-northeast-2 SERVICE_DIR: msa-ai-service From 79071f9db74b5678da20fd1415f0f1389b1bc77a Mon Sep 17 00:00:00 2001 From: bleuxsy <100823803+bleuxsy@users.noreply.github.com> Date: Wed, 20 Aug 2025 13:37:43 +0900 Subject: [PATCH 04/11] feat: Add the ai-workflow for CI/CD #5 --- .github/workflows/ai-workflow.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ai-workflow.yml b/.github/workflows/ai-workflow.yml index 1cace99..4173edd 100644 --- a/.github/workflows/ai-workflow.yml +++ b/.github/workflows/ai-workflow.yml @@ -5,8 +5,7 @@ name: CI/CD for AI Service on: push: branches: [ "release/1.0.0" ] - paths: - - 'msa-ai-service/**' + env: From ad1b3a90cb139e69ed4cf60f911cf099c86cadf7 Mon Sep 17 00:00:00 2001 From: bleuxsy <100823803+bleuxsy@users.noreply.github.com> Date: Wed, 20 Aug 2025 13:54:29 +0900 Subject: [PATCH 05/11] feat: Add the ai-workflow for CI/CD #5 --- .github/workflows/ai-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ai-workflow.yml b/.github/workflows/ai-workflow.yml index 4173edd..a1d7b6c 100644 --- a/.github/workflows/ai-workflow.yml +++ b/.github/workflows/ai-workflow.yml @@ -16,7 +16,7 @@ env: ECS_TASK_DEFINITION_FAMILY: ai-service-td CONTAINER_NAME: msa-ai-service -# GitHub Actions Runner에 부여할 권한 (AWS OIDC 인증용) +# GitHub Actions Runner에 부여할 권한 permissions: id-token: write contents: read From ffdefb2f21fce0d396ff609ff8a1da62f931ec6e Mon Sep 17 00:00:00 2001 From: bleuxsy <100823803+bleuxsy@users.noreply.github.com> Date: Wed, 20 Aug 2025 15:34:34 +0900 Subject: [PATCH 06/11] feat: Add the ai-workflow for CI/CD #5 --- msa-ai-service/task-definition.json | 95 +++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 msa-ai-service/task-definition.json diff --git a/msa-ai-service/task-definition.json b/msa-ai-service/task-definition.json new file mode 100644 index 0000000..f9491a5 --- /dev/null +++ b/msa-ai-service/task-definition.json @@ -0,0 +1,95 @@ +{ + "taskDefinitionArn": "arn:aws:ecs:ap-northeast-2:490913547024:task-definition/ai-service-td:1", + "containerDefinitions": [ + { + "name": "msa-ai-service", + "image": "", + "cpu": 0, + "portMappings": [ + { + "name": "msa-ai-service-8080-tcp", + "containerPort": 8080, + "hostPort": 8080, + "protocol": "tcp", + "appProtocol": "http" + } + ], + "essential": true, + "environment": [ + { + "name": "SPRING_PROFILES_ACTIVE", + "value": "dev" + } + ], + "environmentFiles": [], + "mountPoints": [], + "volumesFrom": [], + "ulimits": [], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": "/ecs/ai-service-td", + "awslogs-create-group": "true", + "awslogs-region": "ap-northeast-2", + "awslogs-stream-prefix": "ecs" + }, + "secretOptions": [] + }, + "systemControls": [] + } + ], + "family": "ai-service-td", + "taskRoleArn": "arn:aws:iam::490913547024:role/ecs-task-role-store-service", + "executionRoleArn": "arn:aws:iam::490913547024:role/ecsTaskExecutionRole", + "networkMode": "awsvpc", + "revision": 1, + "volumes": [], + "status": "ACTIVE", + "requiresAttributes": [ + { + "name": "com.amazonaws.ecs.capability.logging-driver.awslogs" + }, + { + "name": "ecs.capability.execution-role-awslogs" + }, + { + "name": "com.amazonaws.ecs.capability.ecr-auth" + }, + { + "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19" + }, + { + "name": "com.amazonaws.ecs.capability.task-iam-role" + }, + { + "name": "ecs.capability.execution-role-ecr-pull" + }, + { + "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18" + }, + { + "name": "ecs.capability.task-eni" + }, + { + "name": "com.amazonaws.ecs.capability.docker-remote-api.1.29" + } + ], + "placementConstraints": [], + "compatibilities": [ + "EC2", + "FARGATE" + ], + "requiresCompatibilities": [ + "FARGATE" + ], + "cpu": "1024", + "memory": "2048", + "runtimePlatform": { + "cpuArchitecture": "X86_64", + "operatingSystemFamily": "LINUX" + }, + "registeredAt": "2025-08-20T06:33:30.113Z", + "registeredBy": "arn:aws:iam::490913547024:user/user1", + + "tags": [] +} \ No newline at end of file From 113a4f6a44a58ec27dcf5da57afa2a3640bfb5d3 Mon Sep 17 00:00:00 2001 From: bleuxsy <100823803+bleuxsy@users.noreply.github.com> Date: Wed, 20 Aug 2025 15:51:59 +0900 Subject: [PATCH 07/11] feat: Add the ai-workflow for CI/CD #5 --- msa-ai-service/task-definition.json | 1 + 1 file changed, 1 insertion(+) diff --git a/msa-ai-service/task-definition.json b/msa-ai-service/task-definition.json index f9491a5..4ad9960 100644 --- a/msa-ai-service/task-definition.json +++ b/msa-ai-service/task-definition.json @@ -13,6 +13,7 @@ "protocol": "tcp", "appProtocol": "http" } + ], "essential": true, "environment": [ From d72a5c682cd1de06d97adddf2f1a1fd2848bf8e5 Mon Sep 17 00:00:00 2001 From: bleuxsy <100823803+bleuxsy@users.noreply.github.com> Date: Wed, 20 Aug 2025 15:57:19 +0900 Subject: [PATCH 08/11] feat: Add the ai-workflow for CI/CD #5 --- .github/workflows/ai-workflow.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ai-workflow.yml b/.github/workflows/ai-workflow.yml index a1d7b6c..cf7550b 100644 --- a/.github/workflows/ai-workflow.yml +++ b/.github/workflows/ai-workflow.yml @@ -65,12 +65,18 @@ jobs: aws ecs describe-task-definition --task-definition ${{ env.ECS_TASK_DEFINITION_FAMILY }} --query taskDefinition > task-definition.json echo "file=task-definition.json" >> $GITHUB_OUTPUT + - name: Clean task definition for old SDK + id: clean-task-def + run: | + # jq를 사용해 다운로드한 파일에서 enableFaultInjection 키를 삭제합니다. + jq 'del(.enableFaultInjection)' ${{ steps.download-task-def.outputs.file }} > cleaned-task-def.json + echo "file=cleaned-task-def.json" >> $GITHUB_OUTPUT - name: Render Amazon ECS task definition id: render-task-def uses: aws-actions/amazon-ecs-render-task-definition@v1 with: - task-definition: ${{ steps.download-task-def.outputs.file }} + task-definition: ${{ steps.clean-task-def.outputs.file }} container-name: ${{ env.CONTAINER_NAME }} image: ${{ steps.build-image.outputs.image }} From e082265e287f7067412d3e0e8729747e6b8e4397 Mon Sep 17 00:00:00 2001 From: miiiniii Date: Wed, 20 Aug 2025 13:27:30 +0900 Subject: [PATCH 09/11] chore: Modify .gitignore #4 --- .gitignore | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index abb4e80..be256ee 100644 --- a/.gitignore +++ b/.gitignore @@ -44,4 +44,7 @@ __pycache__/ *.pyc ### Python Virtual Environment ### -.venv/ \ No newline at end of file +.venv/ + +### Environment ### +.env \ No newline at end of file From 675917b643edd2a9934f4cf1a575b5943c4e08aa Mon Sep 17 00:00:00 2001 From: miiiniii Date: Thu, 21 Aug 2025 15:27:03 +0900 Subject: [PATCH 10/11] chore: Modify .env #7 --- msa-ai-service/.env | 5 ++--- msa-ai-service/app/core/config.py | 2 +- msa-ai-service/app/routes/qa_router.py | 2 +- msa-ai-service/app/routes/seed_router.py | 2 +- msa-ai-service/app/services/rag_service.py | 4 +++- 5 files changed, 8 insertions(+), 7 deletions(-) diff --git a/msa-ai-service/.env b/msa-ai-service/.env index 96a2109..d0908e1 100644 --- a/msa-ai-service/.env +++ b/msa-ai-service/.env @@ -1,4 +1,3 @@ -OPENAI_API_KEY=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 +OPENAI_API_KEY=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 MONGODB_URI=mongodb+srv://ksm3255:!4786buch@team1mongodb.oh0o0np.mongodb.net/?retryWrites=true&w=majority&appName=Team1Mongodb -MONGODB_NAME=ai_service_db - +MONGODB_NAME=ai_service_db \ No newline at end of file diff --git a/msa-ai-service/app/core/config.py b/msa-ai-service/app/core/config.py index ac51442..923f4e7 100644 --- a/msa-ai-service/app/core/config.py +++ b/msa-ai-service/app/core/config.py @@ -4,5 +4,5 @@ load_dotenv() -MONGODB_URI = os.getenv("MONGODB_URI", "mongodb://localhost:27017") # localhost는 fallback용 +MONGODB_URI = os.getenv("MONGODB_URI", "mongodb://localhost:27017") # fallback용 MONGODB_NAME = os.getenv("MONGODB_NAME", "ai_service_db") diff --git a/msa-ai-service/app/routes/qa_router.py b/msa-ai-service/app/routes/qa_router.py index 1e36c72..334a6a0 100644 --- a/msa-ai-service/app/routes/qa_router.py +++ b/msa-ai-service/app/routes/qa_router.py @@ -1,5 +1,5 @@ # 질문 → 답변 API (API endpoint) - +# 질문을 DB에 채움 from fastapi import APIRouter from app.services.rag_service import run_rag diff --git a/msa-ai-service/app/routes/seed_router.py b/msa-ai-service/app/routes/seed_router.py index 357fb8c..66445af 100644 --- a/msa-ai-service/app/routes/seed_router.py +++ b/msa-ai-service/app/routes/seed_router.py @@ -1,4 +1,4 @@ -# 테스트용 파이프라인 재현 라우터 +# 로컬 테스트용 파이프라인 재현 라우터 # app/routes/seed_router.py from fastapi import APIRouter diff --git a/msa-ai-service/app/services/rag_service.py b/msa-ai-service/app/services/rag_service.py index 00b7ad7..1ba8c89 100644 --- a/msa-ai-service/app/services/rag_service.py +++ b/msa-ai-service/app/services/rag_service.py @@ -1,4 +1,6 @@ -# RAG 로직 (질문→검색→답변) +# RAG 로직 (질문 -> 검색 ->답변) +# 질문 콜렉션 조회 -> 메뉴 리뷰 가져옴 -> 리뷰 임베딩 저장 -> 질문 답변 생성 및 콜렉션에 저장 +# 실제 운영에서 쓰임 # app/services/rag_service.py from datetime import datetime From f6f0e4a56cc1a8cc971b5855f535e5354eeb587d Mon Sep 17 00:00:00 2001 From: miiiniii <102170253+miiiniii@users.noreply.github.com> Date: Thu, 21 Aug 2025 16:35:55 +0900 Subject: [PATCH 11/11] Update ai-workflow.yml --- .github/workflows/ai-workflow.yml | 27 ++++++--------------------- 1 file changed, 6 insertions(+), 21 deletions(-) diff --git a/.github/workflows/ai-workflow.yml b/.github/workflows/ai-workflow.yml index b5e8eea..bf52718 100644 --- a/.github/workflows/ai-workflow.yml +++ b/.github/workflows/ai-workflow.yml @@ -5,16 +5,11 @@ name: CI/CD for AI Service on: push: branches: [ "release/1.0.0" ] -<<<<<<< HEAD -======= - paths: - - 'msa-ai-service/**' -# 워크플로우 전체에서 사용할 환경 변수 ->>>>>>> develop + env: AWS_REGION: ap-northeast-2 SERVICE_DIR: msa-ai-service @@ -23,11 +18,8 @@ env: ECS_TASK_DEFINITION_FAMILY: ai-service-td CONTAINER_NAME: msa-ai-service -<<<<<<< HEAD + # GitHub Actions Runner에 부여할 권한 -======= -# GitHub Actions Runner에 부여할 권한 (AWS OIDC 인증용) ->>>>>>> develop permissions: id-token: write contents: read @@ -76,25 +68,21 @@ jobs: aws ecs describe-task-definition --task-definition ${{ env.ECS_TASK_DEFINITION_FAMILY }} --query taskDefinition > task-definition.json echo "file=task-definition.json" >> $GITHUB_OUTPUT -<<<<<<< HEAD + - name: Clean task definition for old SDK id: clean-task-def run: | # jq를 사용해 다운로드한 파일에서 enableFaultInjection 키를 삭제합니다. jq 'del(.enableFaultInjection)' ${{ steps.download-task-def.outputs.file }} > cleaned-task-def.json echo "file=cleaned-task-def.json" >> $GITHUB_OUTPUT -======= ->>>>>>> develop + - name: Render Amazon ECS task definition id: render-task-def uses: aws-actions/amazon-ecs-render-task-definition@v1 with: -<<<<<<< HEAD task-definition: ${{ steps.clean-task-def.outputs.file }} -======= - task-definition: ${{ steps.download-task-def.outputs.file }} ->>>>>>> develop + container-name: ${{ env.CONTAINER_NAME }} image: ${{ steps.build-image.outputs.image }} @@ -105,8 +93,5 @@ jobs: task-definition: ${{ steps.render-task-def.outputs.task-definition }} service: ${{ env.ECR_REPOSITORY }} cluster: ${{ env.ECS_CLUSTER_NAME }} -<<<<<<< HEAD - wait-for-service-stability: true -======= wait-for-service-stability: true ->>>>>>> develop +