deployment config

Author: Sagar

.github/workflows/deploy-frontend.yml

@@ -0,0 +1,62 @@
+# ─────────────────────────────────────────────
+# GitHub Actions — Deploy Frontend to Azure Static Web Apps
+#
+# Setup (one-time):
+#   1. Create your Azure Static Web App in the portal
+#   2. Go to your Static Web App → Manage deployment token
+#   3. Add it as a GitHub repo secret:
+#      Settings → Secrets → Actions → New secret
+#      Name: AZURE_STATIC_WEB_APPS_API_TOKEN
+#   4. Add your VM's public IP or domain as another secret:
+#      Name: VITE_API_BASE_URL   value: http://YOUR_VM_IP
+#
+# Triggers: every push to main
+# ─────────────────────────────────────────────
+
+name: Deploy Frontend to Azure Static Web Apps
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "frontend/**"
+      - ".github/workflows/deploy-frontend.yml"
+  workflow_dispatch:  # allow manual trigger from GitHub UI
+
+jobs:
+  build_and_deploy:
+    runs-on: ubuntu-latest
+    name: Build and Deploy
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "npm"
+          cache-dependency-path: frontend/package-lock.json
+
+      - name: Install dependencies
+        working-directory: frontend
+        run: npm ci
+
+      - name: Build React app
+        working-directory: frontend
+        env:
+          # Injected from GitHub secret — your VM's public IP or domain
+          VITE_API_BASE_URL: ${{ secrets.VITE_API_BASE_URL }}
+        run: npm run build
+
+      - name: Deploy to Azure Static Web Apps
+        uses: Azure/static-web-apps-deploy@v1
+        with:
+          azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }}
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          action: "upload"
+          app_location: "frontend"
+          output_location: "dist"
+          skip_app_build: true  # we built above with env vars injected

api/.env.example

@@ -1,11 +1,26 @@
-# Legal Bolt Environment Configuration
+# ─────────────────────────────────────────────
+# JurisFind API – Environment Variables Template
+# Copy this to .env and fill in real values
+# NEVER commit the real .env to git
+# ─────────────────────────────────────────────
 
-# Groq API Configuration
-# Get your API key from: https://console.groq.com/keys
-GROQ_API_KEY="your API Key here"
-# Optional: Model Configuration
+# ── Groq API ─────────────────────────────────
+# Get from: https://console.groq.com/keys
+GROQ_API_KEY=your_groq_api_key_here
 GROQ_MODEL=llama-3.3-70b-versatile
 
-# Optional: API Configuration
+# ── Azure Blob Storage ────────────────────────
+# Get from: Azure Portal → Storage Account → Access Keys → Connection string
+# Uncomment when deploying to production with Azure Blob
+# AZURE_STORAGE_CONNECTION_STRING=DefaultEndpointsProtocol=https;AccountName=YOUR_ACCOUNT_NAME;AccountKey=YOUR_ACCOUNT_KEY;EndpointSuffix=core.windows.net
+# AZURE_DATA_CONTAINER=data
+
+# ── Storage Mode ─────────────────────────────
+# true  = use local api/data/ folder (local dev)
+# false = use Azure Blob Storage (production)
+USE_LOCAL_FILES=true
+
+# ── Server ───────────────────────────────────
+# Use 0.0.0.0 on VM (Docker), localhost for local dev
 API_HOST=localhost
 API_PORT=8000

api/Dockerfile

@@ -0,0 +1,50 @@
+# ─────────────────────────────────────────────
+# JurisFind API – Dockerfile
+# Base: Python 3.11 slim (compatible with all requirements)
+# ─────────────────────────────────────────────
+
+FROM python:3.11-slim
+
+# Prevent Python from writing .pyc files and enable unbuffered stdout
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PIP_NO_CACHE_DIR=1 \
+    PIP_DISABLE_PIP_VERSION_CHECK=1
+
+# System dependencies needed by PyMuPDF, torch, faiss
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
+    libgl1 \
+    libglib2.0-0 \
+    libgomp1 \
+    curl \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+# Install Python dependencies first (layer cache)
+COPY requirements.txt .
+RUN pip install --upgrade pip && \
+    pip install -r requirements.txt
+
+# Copy application source
+COPY . .
+
+# Create directory for temporary confidential uploads
+RUN mkdir -p /tmp/confidential_uploads
+
+# Expose the uvicorn port
+EXPOSE 8000
+
+# Health check – hits the /api/health endpoint
+HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
+    CMD curl -f http://localhost:8000/api/health || exit 1
+
+# Run with uvicorn factory mode — matches how main.py calls uvicorn.run()
+# 2 workers is fine for Standard_B2s (2 vCPU). Increase to 4 on larger VMs.
+CMD ["uvicorn", "main:create_app", \
+     "--factory", \
+     "--host", "0.0.0.0", \
+     "--port", "8000", \
+     "--workers", "2", \
+     "--timeout-keep-alive", "5"]

api/main.py

@@ -38,7 +38,8 @@ def create_app():
         allow_origins=[
             "http://localhost:5173",  # Vite dev server
             "http://localhost:3000",  # React dev server
-            # Add your Azure Static Web App URL here when deploying:
+            "http://20.186.113.106",  # Azure VM public IP
+            # Add your Azure Static Web App URL here after deploying:
             # "https://your-app.azurestaticapps.net",
         ],
         allow_credentials=True,

deploy.sh

@@ -0,0 +1,103 @@
+#!/bin/bash
+# ─────────────────────────────────────────────
+# JurisFind – Azure VM Bootstrap Script
+#
+# Run this once after SSH-ing into a fresh Ubuntu 22.04 VM:
+#   chmod +x deploy.sh
+#   sudo ./deploy.sh
+#
+# What it does:
+#   1. Installs Docker + Docker Compose
+#   2. Installs Nginx
+#   3. Clones/updates the repo
+#   4. Copies Nginx config and reloads
+#   5. Starts the API container via Docker Compose
+# ─────────────────────────────────────────────
+
+set -euo pipefail
+
+REPO_URL="https://github.com/YOUR_GITHUB_USERNAME/YOUR_REPO_NAME.git"
+APP_DIR="/opt/jurisfind"
+NGINX_CONF="/etc/nginx/sites-available/jurisfind"
+
+echo "════════════════════════════════════════"
+echo "  JurisFind VM Setup"
+echo "════════════════════════════════════════"
+
+# ── 1. System update ─────────────────────────
+echo "[1/6] Updating system packages..."
+apt-get update -q && apt-get upgrade -y -q
+
+# ── 2. Install Docker ────────────────────────
+echo "[2/6] Installing Docker..."
+if ! command -v docker &> /dev/null; then
+    curl -fsSL https://get.docker.com | sh
+    systemctl enable docker
+    systemctl start docker
+    # Allow current user to run docker without sudo
+    usermod -aG docker "$SUDO_USER" || true
+    echo "Docker installed. You may need to log out and back in for group changes."
+else
+    echo "Docker already installed: $(docker --version)"
+fi
+
+# Docker Compose (v2 plugin)
+if ! docker compose version &> /dev/null; then
+    apt-get install -y docker-compose-plugin
+fi
+echo "Docker Compose: $(docker compose version)"
+
+# ── 3. Install Nginx ─────────────────────────
+echo "[3/6] Installing Nginx..."
+apt-get install -y nginx
+systemctl enable nginx
+systemctl start nginx
+
+# ── 4. Clone / update repo ───────────────────
+echo "[4/6] Setting up application directory..."
+if [ -d "$APP_DIR/.git" ]; then
+    echo "Repo exists — pulling latest..."
+    git -C "$APP_DIR" pull
+else
+    echo "Cloning repo to $APP_DIR..."
+    git clone "$REPO_URL" "$APP_DIR"
+fi
+
+# ── 5. Configure Nginx ───────────────────────
+echo "[5/6] Configuring Nginx..."
+cp "$APP_DIR/nginx.conf" "$NGINX_CONF"
+ln -sf "$NGINX_CONF" /etc/nginx/sites-enabled/jurisfind
+rm -f /etc/nginx/sites-enabled/default
+nginx -t && systemctl reload nginx
+echo "Nginx configured and reloaded."
+
+# ── 6. Start API container ───────────────────
+echo "[6/6] Starting JurisFind API container..."
+
+# Make sure .env exists
+if [ ! -f "$APP_DIR/api/.env" ]; then
+    echo ""
+    echo "⚠️  WARNING: $APP_DIR/api/.env not found!"
+    echo "    Copy api/.env.example → api/.env and fill in:"
+    echo "      GROQ_API_KEY"
+    echo "      AZURE_STORAGE_CONNECTION_STRING  (if using Azure Blob)"
+    echo "    Then run:  cd $APP_DIR && docker compose up -d --build"
+    echo ""
+else
+    cd "$APP_DIR"
+    docker compose pull 2>/dev/null || true
+    docker compose up -d --build
+    echo "Container started. Check logs with:  docker compose logs -f api"
+fi
+
+echo ""
+echo "════════════════════════════════════════"
+echo "  Setup complete!"
+echo "  API available at: http://$(curl -s ifconfig.me)/api/health"
+echo "  API docs at:      http://$(curl -s ifconfig.me)/docs"
+echo ""
+echo "  Next steps:"
+echo "  1. Fill in $APP_DIR/api/.env with real keys"
+echo "  2. Open ports 80 and 443 in Azure Network Security Group"
+echo "  3. (Optional) Add SSL: sudo certbot --nginx -d yourdomain.com"
+echo "════════════════════════════════════════"

docker-compose.yml

@@ -0,0 +1,38 @@
+# ─────────────────────────────────────────────
+# JurisFind – Docker Compose (Production on Azure VM)
+# Usage:
+#   docker compose up -d           → start
+#   docker compose down             → stop
+#   docker compose logs -f api      → live logs
+#   docker compose pull && docker compose up -d --build  → redeploy
+# ─────────────────────────────────────────────
+
+version: "3.9"
+
+services:
+  api:
+    build:
+      context: ./api
+      dockerfile: Dockerfile
+    container_name: jurisfind_api
+    restart: always
+    ports:
+      # Only expose to localhost — Nginx proxies from port 80 to here
+      - "127.0.0.1:8000:8000"
+    env_file:
+      # Copy api/.env.example → api/.env on the VM and fill in real values
+      - ./api/.env
+    volumes:
+      # Persist local FAISS index & PDFs if not using Azure Blob
+      - ./api/data:/app/data
+      # Temp dir for confidential uploads (cleared between restarts is fine)
+      - confidential_tmp:/tmp/confidential_uploads
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/api/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 90s   # give sentence-transformers time to load on first boot
+
+volumes:
+  confidential_tmp:

frontend/staticwebapp.config.json

@@ -0,0 +1,25 @@
+{
+  "routes": [
+    {
+      "route": "/api/*",
+      "allowedRoles": ["anonymous"]
+    },
+    {
+      "route": "/*",
+      "serve": "/index.html",
+      "statusCode": 200
+    }
+  ],
+  "navigationFallback": {
+    "rewrite": "/index.html",
+    "exclude": ["/assets/*", "/*.{js,css,png,ico,svg,woff,woff2,ttf}"]
+  },
+  "mimeTypes": {
+    ".json": "application/json"
+  },
+  "globalHeaders": {
+    "X-Content-Type-Options": "nosniff",
+    "X-Frame-Options": "DENY",
+    "X-XSS-Protection": "1; mode=block"
+  }
+}

frontend/vercel.json

@@ -15,6 +15,6 @@
     }
   ],
   "env": {
-    "VITE_API_BASE_URL": "http://13.71.23.132"
+    "VITE_API_BASE_URL": "http://20.186.113.106"
   }
 }