Add workflows for video2commons deployment

.github/workflows/ci.yml

@@ -40,29 +40,6 @@ jobs:
       - name: Build
         run: npx gulp build
 
-      - name: Check for unstaged changes
-        run: |
-          if ! git diff --exit-code -- video2commons/frontend/static/*.min.js video2commons/frontend/templates/*.min.html; then
-            echo "Built files differ from committed files."
-            git diff --stat -- video2commons/frontend/static/*.min.js video2commons/frontend/templates/*.min.html
-            echo "NEEDS_COMMIT=true" >> $GITHUB_ENV
-          else
-            echo "Built files match committed files."
-            echo "NEEDS_COMMIT=false" >> $GITHUB_ENV
-          fi
-
-      - name: Commit and push changes
-        if: env.NEEDS_COMMIT == 'true'
-        run: |
-          git checkout HEAD -- video2commons/frontend/static/ssu video2commons/frontend/static/uploads
-          git fetch origin $GITHUB_HEAD_REF
-          git checkout $GITHUB_HEAD_REF
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
-          git add video2commons/frontend/static/*.min.js video2commons/frontend/templates/*.min.html
-          git commit -m "Update built files from CI"
-          git push origin $GITHUB_HEAD_REF
-
   biome:
     runs-on: ubuntu-latest
 

.github/workflows/deploy-cloudvps-encoders.yml

@@ -0,0 +1,53 @@
+name: Deploy Encoders (CloudVPS)
+
+on:
+  workflow_dispatch:
+
+  # Uncomment to allow the workflow to run automatically when changes are
+  # merged into master (only for files that affect this deployment).
+  #
+  # push:
+  #   branches: [master]
+  #   paths:
+  #     - 'puppet/**'
+  #     - 'pyproject.toml'
+  #     - 'utils/deploy-cloudvps-encoders.sh'
+  #     - 'uv.lock'
+  #     - 'video2commons/backend/**'
+  #     - 'video2commons/config.py'
+  #     - 'video2commons/exceptions.py'
+  #     - 'video2commons/shared/**'
+
+jobs:
+  deploy-cloudvps-encoders:
+    name: Deploy Encoders (CloudVPS)
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          cat >> ~/.ssh/config << 'EOF'
+          Host *
+              IdentityFile ~/.ssh/id_ed25519
+              IdentitiesOnly yes
+              StrictHostKeyChecking no
+
+          Host *.wikimedia.cloud
+              ProxyJump login.toolforge.org:22
+          EOF
+          chmod 600 ~/.ssh/config
+          mkdir -p ~/.ssh/sockets
+
+      - name: Deploy
+        run: ./utils/deploy-cloudvps-encoders.sh
+        env:
+          V2C_USERNAME: ${{ secrets.V2C_USERNAME }}
+          V2C_REDIS_PW: ${{ secrets.V2C_REDIS_PW }}
+          V2C_CONSUMER_SECRET: ${{ secrets.V2C_CONSUMER_SECRET }}
+          V2C_CONSUMER_KEY: ${{ secrets.V2C_CONSUMER_KEY }}

.github/workflows/deploy-toolforge-video2commons-socketio.yml

@@ -0,0 +1,47 @@
+name: Deploy Socket.IO (Toolforge)
+
+on:
+  workflow_dispatch:
+
+  # Uncomment to allow the workflow to run automatically when changes are
+  # merged into master (only for files that affect this deployment).
+  #
+  # push:
+  #   branches: [master]
+  #   paths:
+  #     - 'package-lock.json'
+  #     - 'package.json'
+  #     - 'utils/deploy-toolforge-socketio.sh'
+  #     - 'video2commons-socketio/**'
+
+jobs:
+  deploy-toolforge-video2commons-socketio:
+    name: Deploy Socket.IO (Toolforge)
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo '${{ secrets.SSH_PRIVATE_KEY }}' > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          cat >> ~/.ssh/config << 'EOF'
+          Host *
+              IdentityFile ~/.ssh/id_ed25519
+              IdentitiesOnly yes
+              StrictHostKeyChecking no
+              ControlMaster auto
+              ControlPath ~/.ssh/sockets/%r@%h-%p
+              ControlPersist 60
+          EOF
+          chmod 600 ~/.ssh/config
+          mkdir -p ~/.ssh/sockets
+
+      - name: Deploy
+        run: ./utils/deploy-toolforge-socketio.sh
+        env:
+          V2C_SERVICE_NAME: video2commons-socketio
+          V2C_USERNAME: ${{ secrets.V2C_USERNAME }}

.github/workflows/deploy-toolforge-video2commons-test.yml

@@ -0,0 +1,66 @@
+name: Deploy Test Frontend (Toolforge)
+
+on:
+  workflow_dispatch:
+
+  push:
+    branches: [master]
+    paths:
+      - 'Gulpfile.mjs'
+      - 'package-lock.json'
+      - 'package.json'
+      - 'pyproject.toml'
+      - 'utils/deploy-toolforge-frontend.sh'
+      - 'uv.lock'
+      - 'video2commons/config.py'
+      - 'video2commons/exceptions.py'
+      - 'video2commons/frontend/**'
+      - 'video2commons/shared/**'
+
+jobs:
+  deploy-toolforge-video2commons-test:
+    name: Deploy Test Frontend (Toolforge)
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version-file: '.nvmrc'
+          cache: 'npm'
+
+      - name: Remove broken symlinks
+        run: |
+          rm -f video2commons/frontend/static/ssu
+          rm -f video2commons/frontend/static/uploads
+
+      - name: Build
+        run: |
+          npm ci
+          npx gulp build
+
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo '${{ secrets.SSH_PRIVATE_KEY }}' > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          cat >> ~/.ssh/config << 'EOF'
+          Host *
+              IdentityFile ~/.ssh/id_ed25519
+              IdentitiesOnly yes
+              StrictHostKeyChecking no
+              ControlMaster auto
+              ControlPath ~/.ssh/sockets/%r@%h-%p
+              ControlPersist 60
+          EOF
+          chmod 600 ~/.ssh/config
+          mkdir -p ~/.ssh/sockets
+
+      - name: Deploy
+        run: ./utils/deploy-toolforge-frontend.sh
+        env:
+          V2C_SERVICE_NAME: video2commons-test
+          V2C_USERNAME: ${{ secrets.V2C_USERNAME }}

.github/workflows/deploy-toolforge-video2commons.yml

@@ -0,0 +1,69 @@
+name: Deploy Frontend (Toolforge)
+
+on:
+  workflow_dispatch:
+
+  # Uncomment to allow the workflow to run automatically when changes are
+  # merged into master (only for files that affect this deployment).
+  #
+  # push:
+  #   branches: [master]
+  #   paths:
+  #     - 'Gulpfile.mjs'
+  #     - 'package-lock.json'
+  #     - 'package.json'
+  #     - 'pyproject.toml'
+  #     - 'utils/deploy-toolforge-frontend.sh'
+  #     - 'uv.lock'
+  #     - 'video2commons/config.py'
+  #     - 'video2commons/exceptions.py'
+  #     - 'video2commons/frontend/**'
+  #     - 'video2commons/shared/**'
+
+jobs:
+  deploy-toolforge-video2commons:
+    name: Deploy Frontend (Toolforge)
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version-file: '.nvmrc'
+          cache: 'npm'
+
+      - name: Remove broken symlinks
+        run: |
+          rm -f video2commons/frontend/static/ssu
+          rm -f video2commons/frontend/static/uploads
+
+      - name: Build
+        run: |
+          npm ci
+          npx gulp build
+
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo '${{ secrets.SSH_PRIVATE_KEY }}' > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          cat >> ~/.ssh/config << 'EOF'
+          Host *
+              IdentityFile ~/.ssh/id_ed25519
+              IdentitiesOnly yes
+              StrictHostKeyChecking no
+              ControlMaster auto
+              ControlPath ~/.ssh/sockets/%r@%h-%p
+              ControlPersist 60
+          EOF
+          chmod 600 ~/.ssh/config
+          mkdir -p ~/.ssh/sockets
+
+      - name: Deploy
+        run: ./utils/deploy-toolforge-frontend.sh
+        env:
+          V2C_SERVICE_NAME: video2commons
+          V2C_USERNAME: ${{ secrets.V2C_USERNAME }}

.gitignore

@@ -52,3 +52,5 @@ service.manifest
 uwsgi.log
 uwsgi.log.*
 www/js/
+video2commons/frontend/static/*.min.js
+video2commons/frontend/templates/*.min.html

puppet/backend.pp

@@ -176,6 +176,7 @@
 EnvironmentFile=-/etc/default/v2ccelery
 WorkingDirectory=/srv/v2c
 Restart=on-failure
+TimeoutStopSec=infinity
 ExecStart=/bin/sh -c \'${CELERY_BIN} multi start $CELERYD_NODES \
     -A $CELERY_APP --logfile=${CELERYD_LOG_FILE} \
     --pidfile=${CELERYD_PID_FILE} $CELERYD_OPTS\'

utils/deploy.sh → utils/deploy-cloudvps-encoders.sh

@@ -58,6 +58,9 @@ fi
 EOF
 )
 
+worker_count=$(echo "$encoder_hosts" | wc -l)
+success_count=0
+
 while read -r encoder_host; do
     echo "Applying puppet manifest to '$encoder_host' and restarting v2c service..."
 
@@ -67,7 +70,12 @@ while read -r encoder_host; do
         echo "Failed to apply puppet manifest to '$encoder_host'" >&2
     else
         echo "Puppet manifest applied to '$encoder_host'"
+        success_count=$((success_count + 1))
     fi
 done <<< "$encoder_hosts"
 
-echo "Done"
+echo "Done. Updated ($success_count/$worker_count) workers"
+
+if [ "$success_count" -ne "$worker_count" ]; then
+    exit 1
+fi

utils/deploy-toolforge-frontend.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+
+# Note: All ssh commands share the same connection for the lifetime of this
+# script if run via the workflows.
+#
+# The follow ssh options are used by the workflow:
+#     ControlMaster auto
+#     ControlPath ~/.ssh/sockets/%r@%h-%p
+#     ControlPersist 60
+
+bastion_host=login.toolforge.org
+
+if [ -z "$V2C_USERNAME" ]; then
+    echo "Error: V2C_USERNAME environment variable is not set" >&2
+    exit 1
+elif [ -z "$V2C_SERVICE_NAME" ]; then
+    echo "Error: V2C_SERVICE_NAME environment variable is not set" >&2
+    exit 1
+fi
+
+remote_repo_path="/data/project/$V2C_SERVICE_NAME"
+script_dir="$(cd "$(dirname "$0")" && pwd)"
+host_repo_root="$script_dir/.."
+tmp_dir="/tmp/v2c-deploy-$V2C_SERVICE_NAME"
+
+echo "Updating video2commons frontend..."
+
+# Pull in the latest changes from the repository currently in master.
+ssh "$V2C_USERNAME@$bastion_host" "become $V2C_SERVICE_NAME bash -c 'cd $remote_repo_path && git pull'"
+
+if [ $? -ne 0 ]; then
+    echo "Failed to pull most recent changes for v2c" >&2
+    exit 1
+fi
+
+# Create a temp directory for temporarily storing the minified files.
+ssh "$V2C_USERNAME@$bastion_host" "mkdir -p $tmp_dir"
+
+if [ $? -ne 0 ]; then
+    echo "Failed to create temporary directory at $tmp_dir" >&2
+    exit 1
+fi
+
+# Upload the minified files to the new temp directory.
+scp "$host_repo_root/video2commons/frontend/static/"*.min.js \
+    "$host_repo_root/video2commons/frontend/templates/"*.min.html \
+    "$V2C_USERNAME@$bastion_host:$tmp_dir/"
+
+if [ $? -ne 0 ]; then
+    echo "Failed to copy minified files to remote" >&2
+    ssh "$V2C_USERNAME@$bastion_host" "rm -rf $tmp_dir"
+    exit 1
+fi
+
+# Copy the minified files to destination with correct ownership, then cleanup.
+ssh "$V2C_USERNAME@$bastion_host" "become $V2C_SERVICE_NAME bash -c '
+    cp $tmp_dir/*.min.js $remote_repo_path/video2commons/frontend/static/
+    cp $tmp_dir/*.min.html $remote_repo_path/video2commons/frontend/templates/
+' && rm -rf $tmp_dir"
+
+if [ $? -ne 0 ]; then
+    echo "Failed to move minified files to destination" >&2
+    exit 1
+fi
+
+# Restart the webservice so any Python changes are applied.
+ssh "$V2C_USERNAME@$bastion_host" "become $V2C_SERVICE_NAME toolforge webservice python3.11 restart"
+
+# Cleanup the SSH control socket that we use to keep the connection alive
+# across multiple ssh command executions.
+ssh -O exit "$V2C_USERNAME@$bastion_host" 2>/dev/null || true
+
+echo "Done"