Azure compose deployment (#840)

* TLK-1508 Azure deployment

* TLK-1508 Azure deployment

* TLK-1508 Azure deployment

azure_compose_deploy/api_entrypoint.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+poetry run alembic -c src/backend/alembic.ini upgrade head
+exec uvicorn backend.main:app --workers=4 --host 0.0.0.0 --port ${PORT} --timeout-keep-alive 300

azure_compose_deploy/azure-api.Dockerfile

@@ -0,0 +1,52 @@
+FROM python:3.11
+
+# Keeps Python from generating .pyc files in the container
+# Turns off buffering for easier container logging
+# Force UTF8 encoding for funky character handling
+# Needed so imports function properly
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+ENV PYTHONIOENCODING=utf-8
+ENV PYTHONPATH=/workspace/src/
+# Keep the venv name and location predictable
+ENV POETRY_VIRTUALENVS_IN_PROJECT=true
+
+# "Activate" the venv manually for the context of the container
+ENV VIRTUAL_ENV=/workspace/.venv
+ENV PATH="$VIRTUAL_ENV/bin:$PATH"
+
+WORKDIR /workspace
+
+# Need to expose port in ENV to use in CMD
+ARG PORT=8000
+ENV PORT=${PORT}
+
+# Build with community packages
+ARG INSTALL_COMMUNITY_DEPS
+
+# Copy dependency files to avoid cache invalidations
+COPY ./pyproject.toml poetry.lock ./
+COPY ./azure_compose_deploy/api_entrypoint.sh ./
+
+# Install poetry
+RUN pip install --no-cache-dir poetry==1.6.1
+
+# Conditional installation of dependencies
+RUN if [ "$INSTALL_COMMUNITY_DEPS" = "true" ]; then \
+      poetry install --with dev,community; \
+    else \
+      poetry install --with dev; \
+    fi
+
+COPY src/backend src/backend/
+COPY src/community src/community/
+COPY azure_compose_deploy/configuration.yaml src/backend/config/configuration.yaml
+COPY azure_compose_deploy/secrets.yaml src/backend/config/secrets.yaml
+# Copy environment variables optionally
+# IMPORTANT: Can't be put in the docker-compose, will break tests
+#COPY .en[v] .env
+
+
+EXPOSE ${PORT}
+ENTRYPOINT ["/workspace/api_entrypoint.sh"]
+

azure_compose_deploy/azure-db.Dockerfile

@@ -0,0 +1,2 @@
+FROM postgres:14.11-alpine
+EXPOSE 5432

azure_compose_deploy/azure-fe.Dockerfile

@@ -0,0 +1,31 @@
+FROM node:20-alpine AS base
+
+WORKDIR /app
+
+# Install dependencies based on the preferred package manager
+COPY package.json package-lock.json ./
+RUN npm ci
+
+COPY src ./src
+COPY public ./public
+COPY next.config.mjs .
+COPY tsconfig.json .
+COPY tailwind.config.js .
+COPY postcss.config.js .
+
+# Next.js collects completely anonymous telemetry data about general usage. Learn more here: https://nextjs.org/telemetry
+# Uncomment the following line to disable telemetry at run time
+# ENV NEXT_TELEMETRY_DISABLED 1
+
+EXPOSE 4000
+
+
+# Start Next.js in development mode based on the preferred package manager
+FROM base as dev
+CMD npm run dev
+
+
+# Production specifc tareget
+FROM base AS prod
+RUN npm run build
+CMD npm run start

azure_compose_deploy/azure-nginx.Dockerfile

@@ -0,0 +1,8 @@
+FROM nginx:alpine
+
+RUN rm -f /etc/nginx/conf.d/*
+ADD azure_compose_deploy/nginx.conf /etc/nginx/nginx.conf
+
+EXPOSE 80
+
+CMD [ "nginx" , "-g" , "daemon off;" ]

azure_compose_deploy/azure-terrarium.Dockerfile

@@ -0,0 +1,5 @@
+FROM ghcr.io/cohere-ai/terrarium:latest
+
+EXPOSE 8080
+
+

azure_compose_deploy/azure_cleanup.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -e
+RESOURCE_GROUP=toolkitResourceGroup
+
+az group delete --name $RESOURCE_GROUP

azure_compose_deploy/azure_deploy.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+set -e
+LOCATION=canadaeast
+RESOURCE_GROUP=toolkitResourceGroup
+APP_NAME=toolkit-app
+APP_INSTANCE_SKU=P1V3
+APP_PLAN_NAME=toolkit-app-plan
+REGISTRY_NAME=toolkitregistry
+REGISTRY_SKU=Basic
+DB_SERVER_NAME=toolkitpostgre
+DB_ADMIN_USER=postgres
+DB_ADMIN_PASSWORD=postgres
+DB_SKU_NAME=Standard_B1ms
+DB_TIER=Burstable
+DB_STORAGE_SIZE=32
+
+# Login to Azure
+az login
+# Create Resource Group
+az group create --name $RESOURCE_GROUP --location $LOCATION
+# Create Registry for Docker images
+az acr create --resource-group $RESOURCE_GROUP --name $REGISTRY_NAME --sku $REGISTRY_SKU
+az acr update -n $REGISTRY_NAME --admin-enabled true
+#Login to Registry
+az acr login --name $REGISTRY_NAME
+# Set PostgreSQL Server
+az postgres flexible-server create --location $LOCATION --resource-group $RESOURCE_GROUP \
+    --name $DB_SERVER_NAME --admin-user $DB_ADMIN_USER --admin-password $DB_ADMIN_PASSWORD \
+    --sku-name $DB_SKU_NAME --tier $DB_TIER --storage-size $DB_STORAGE_SIZE \
+    --public-access 0.0.0.0
+
+# Build and push Docker images
+docker buildx build --platform linux/amd64 -t $REGISTRY_NAME.azurecr.io/toolkit-app-api -f azure_compose_deploy/azure-api.Dockerfile .
+docker push $REGISTRY_NAME.azurecr.io/toolkit-app-api
+docker buildx build --platform linux/amd64 -t $REGISTRY_NAME.azurecr.io/toolkit-app-fe -f azure_compose_deploy/azure-fe.Dockerfile ./src/interfaces/assistants_web
+docker push $REGISTRY_NAME.azurecr.io/toolkit-app-fe
+docker buildx build --platform linux/amd64 -t $REGISTRY_NAME.azurecr.io/toolkit-app-nginx -f azure_compose_deploy/azure-nginx.Dockerfile .
+docker push $REGISTRY_NAME.azurecr.io/toolkit-app-nginx
+docker buildx build --platform linux/amd64 -t $REGISTRY_NAME.azurecr.io/toolkit-app-terrarium -f azure_compose_deploy/azure-terrarium.Dockerfile .
+docker push $REGISTRY_NAME.azurecr.io/toolkit-app-terrarium
+
+# Deploy Toolkit App
+az appservice plan create --name $APP_PLAN_NAME --resource-group $RESOURCE_GROUP --sku $APP_INSTANCE_SKU --is-linux
+az webapp create --resource-group $RESOURCE_GROUP --plan $APP_PLAN_NAME --name $APP_NAME \
+  --multicontainer-config-type compose \
+  --multicontainer-config-file azure_compose_deploy/docker-compose-azure.yml
+
+az webapp config appsettings set  --name $APP_NAME --resource-group $RESOURCE_GROUP \
+  --settings DBHOST="$DB_SERVER_NAME.postgres.database.azure.com" DBNAME="postgres" DBUSER="$DB_ADMIN_USER" \
+   DBPASS="$DB_ADMIN_PASSWORD" DOCKER_REGISTRY_SERVER_URL="https://$REGISTRY_NAME.azurecr.io" DOCKER_REGISTRY_SERVER_USERNAME="$REGISTRY_NAME" \
+    DOCKER_REGISTRY_SERVER_PASSWORD=$(az acr credential show -n $REGISTRY_NAME --query "passwords[0].value" -o tsv)

azure_compose_deploy/configuration.yaml

@@ -0,0 +1,44 @@
+deployments:
+  default_deployment: cohere_platform
+  enabled_deployments:
+    - cohere_platform
+    - sagemaker
+    - azure
+    - bedrock
+  sagemaker:
+    region_name:
+    endpoint_name:
+  azure:
+    endpoint_url:
+  bedrock:
+    region_name:
+  single_container:
+    model:
+    url:
+database:
+  url: postgresql+psycopg2://postgres:[email protected]:5432
+redis:
+  url:
+tools:
+  hybrid_web_search:
+    # List of web search tool names, eg: google_web_search, tavily_web_search
+    enabled_web_searches:
+      - tavily_web_search
+  python_interpreter:
+    url: http://terrarium:8080
+  slack:
+    user_scopes:
+      - search:read
+feature_flags:
+  # Experimental features
+  use_agents_view: true
+  # Community features
+  use_community_features: true
+auth:
+  enabled_auth:
+  backend_hostname: https://toolkit-app.azurewebsites.net/api
+  frontend_hostname: https://toolkit-app.azurewebsites.net
+logger:
+  strategy: structlog
+  renderer: console
+  level: info

azure_compose_deploy/docker-compose-azure.yml

@@ -0,0 +1,48 @@
+services:
+  backend:
+    image: "toolkitregistry.azurecr.io/toolkit-app-api"
+    stdin_open: true
+    tty: true
+    expose:
+      - "8000"
+    environment:
+      DATABASE_URL: "postgresql+psycopg2://postgres:[email protected]:5432"
+    networks:
+      - proxynet
+
+  frontend:
+    image: "toolkitregistry.azurecr.io/toolkit-app-fe"
+    environment:
+      API_HOSTNAME: http://backend:8000
+      NEXT_PUBLIC_API_HOSTNAME: '/api'
+      NEXT_PUBLIC_FRONTEND_HOSTNAME: 'https://toolkit-app.azurewebsites.net'
+      NEXT_PUBLIC_GOOGLE_DRIVE_CLIENT_ID: ${NEXT_PUBLIC_GOOGLE_DRIVE_CLIENT_ID}
+      NEXT_PUBLIC_GOOGLE_DRIVE_DEVELOPER_KEY: ${NEXT_PUBLIC_GOOGLE_DRIVE_DEVELOPER_KEY}
+    restart: always
+    expose:
+      - "4000"
+    networks:
+      - proxynet
+
+
+  terrarium:
+    image: "toolkitregistry.azurecr.io/toolkit-app-terrarium"
+    expose:
+      - "8080"
+    networks:
+      - proxynet
+
+  nginx:
+      restart: always
+      image: "toolkitregistry.azurecr.io/toolkit-app-nginx"
+      ports:
+        - "80:80"
+      depends_on:
+        - backend
+        - frontend
+      networks:
+        - proxynet
+
+networks:
+  proxynet:
+    name: toolkit-net

azure_compose_deploy/nginx.conf

@@ -0,0 +1,83 @@
+user  nginx;
+worker_processes auto;
+pid        /var/run/nginx.pid;
+
+events {
+worker_connections 768;
+# multi_accept on;
+}
+
+http {
+
+##
+# Basic Settings
+##
+
+sendfile on;
+tcp_nopush on;
+tcp_nodelay on;
+keepalive_timeout 65;
+types_hash_max_size 2048;
+client_max_body_size 50M;
+# server_tokens off;
+
+# server_names_hash_bucket_size 64;
+# server_name_in_redirect off;
+
+include /etc/nginx/mime.types;
+default_type application/octet-stream;
+
+    upstream backend {
+        server backend:8000;
+    }
+
+    upstream frontend {
+        server frontend:4000;
+    }
+
+    server {
+        listen 80 default_server;
+        listen [::]:80 default_server;
+
+        location /api {
+            rewrite /api/(.*) /$1  break;
+            proxy_pass         http://backend;
+            proxy_redirect     off;
+            proxy_set_header   Host $host;
+            proxy_set_header   X-Real-IP $remote_addr;
+            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Host $server_name;
+        }
+
+        location / {
+            proxy_pass         http://frontend;
+            proxy_redirect     off;
+            proxy_set_header   Host $host;
+            proxy_set_header   X-Real-IP $remote_addr;
+            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Host $server_name;
+        }
+    }
+
+##
+# SSL Settings
+##
+
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+ssl_prefer_server_ciphers on;
+
+##
+# Logging Settings
+##
+
+access_log /var/log/nginx/access.log;
+error_log /var/log/nginx/error.log;
+
+##
+# Gzip Settings
+##
+
+gzip on;
+
+include /etc/nginx/conf.d/*.conf;
+}

azure_compose_deploy/secrets.yaml

@@ -0,0 +1,48 @@
+deployments:
+  cohere_platform:
+    api_key:
+  sagemaker:
+    access_key:
+    secret_key:
+    session_token:
+  azure:
+    api_key:
+  bedrock:
+    access_key:
+    secret_key:
+    session_token:
+database:
+  # Migrate access token, used to authenticate requests to the migrate endpoint.
+  # You can generate it using some random string generator.
+  migrate_token:
+tools:
+  wolfram_alpha:
+    app_id:
+  google_drive:
+    client_id:
+    client_secret:
+    developer_key:
+  tavily_web_search:
+    api_key:
+  brave_web_search:
+    api_key:
+  google_web_search:
+    api_key:
+    cse_id:
+  slack:
+    client_id:
+    client_secret:
+auth:
+  secret_key:
+  google_oauth:
+    client_id:
+    client_secret:
+  scim:
+    username:
+    password:
+  oidc:
+    client_id:
+    client_secret:
+    well_known_endpoint:
+google_cloud:
+  api_key: