CI/CD
Deployment is automated via GitHub Actions. Pushing to main triggers a build and deploy to the bastion EC2 instance.
Workflow: Deploy to Bastion
File: .github/workflows/deploy.yml
Triggers
Runs on push to main when these paths change:
byoc_agent/**pyproject.tomlDockerfileentrypoint.sh.streamlit/**
Required Secrets
| Secret | Description |
|---|---|
BASTION_SSH_KEY | Private SSH key for the bastion |
WAKEUP_URL | Lambda wake-up endpoint URL |
BASTION_HOST | Elastic IP of the bastion |
Pipeline Steps
- Checkout code --
actions/checkout@v4 - Wake up bastion -- Hits the wake-up Lambda URL, then waits 75 seconds for boot
- Wait for SSH -- Polls port 22 up to 12 times (10s apart) until SSH is ready
- Set up SSH key -- Writes the deploy key and scans host keys
- Deploy to bastion:
- SCP
byoc_agent/,Dockerfile,pyproject.toml,entrypoint.sh,.streamlit/to~/build/on the bastion - SSH in and run
docker build -t byoc-agent:latest . - Restart the systemd service:
systemctl restart byoc-agent - Health check:
curl http://localhost:8501/_stcore/health
- SCP
Timeout
The entire job has a 10-minute timeout.
Manual Deploy
If the pipeline fails or you need to deploy manually:
ssh -i <key>.pem ec2-user@<bastion-ip>
cd /opt/app
git pull
sudo docker build -t byoc-agent:latest .
sudo systemctl restart byoc-agent