use browserless/chrome v1 and only build amd64 image

kantega · Sep 11, 2024 · 308b48b · 308b48b
1 parent 2c068ed
commit 308b48b
Show file tree

Hide file tree

Showing 3 changed files with 92 additions and 20 deletions.
diff --git a/.github/workflows/build-push-docker.yml b/.github/workflows/build-push-docker.yml
@@ -26,16 +26,10 @@ jobs:
           username: ${{ secrets.DOCKER_REGISTRY_SERVER_USERNAME }}
           password: ${{ secrets.DOCKER_REGISTRY_SERVER_PASSWORD }}
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
       - name: Build and push Docker image to ACR
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ secrets.DOCKER_REGISTRY_SERVER_URL }}/kantega-big-agi:latest
+        run: |
+          docker build -t ${{ secrets.DOCKER_REGISTRY_SERVER_URL }}/kantega-big-agi:latest .
+          docker push ${{ secrets.DOCKER_REGISTRY_SERVER_URL }}/kantega-big-agi:latest
 
       - name: Deploy to Azure Web App
         uses: azure/webapps-deploy@v3

diff --git a/infra/main.tf b/infra/main.tf
@@ -18,6 +18,30 @@ resource "azurerm_resource_group" "rg" {
   location = var.location
 }
 
+resource "azurerm_virtual_network" "vnet" {
+  name                = "${var.project_name}-vnet"
+  location            = azurerm_resource_group.rg.location
+  resource_group_name = azurerm_resource_group.rg.name
+  address_space       = ["10.0.0.0/16"]
+}
+
+resource "azurerm_subnet" "subnet" {
+  name                 = "${var.project_name}-subnet"
+  resource_group_name  = azurerm_resource_group.rg.name
+  virtual_network_name = azurerm_virtual_network.vnet.name
+  address_prefixes     = ["10.0.1.0/24"]
+
+  delegation {
+    name = "webapp-delegation"
+    service_delegation {
+      name = "Microsoft.Web/serverFarms"
+      actions = [
+        "Microsoft.Network/virtualNetworks/subnets/action"
+      ]
+    }
+  }
+}
+
 resource "azurerm_container_registry" "acr" {
   name                = replace("${var.project_name}registry", "-", "")
   resource_group_name = azurerm_resource_group.rg.name
@@ -50,24 +74,35 @@ resource "azurerm_linux_web_app" "browserless" {
     always_on = true
 
     application_stack {
-      docker_registry_url = "https://hub.docker.com"
+      docker_registry_url = "https://registry.hub.docker.com"
       docker_image_name   = "browserless/chrome:latest"
     }
 
     ip_restriction {
       ip_address = var.allowed_ip
       action     = "Allow"
       priority   = 100
-      name       = "AllowSpecificIP"
+      name       = "AllowKantegaIP"
+    }
+
+    dynamic "ip_restriction" {
+      for_each = toset(split(",", azurerm_linux_web_app.app.outbound_ip_addresses))
+      content {
+        ip_address = "${ip_restriction.value}/32"
+        action     = "Allow"
+        priority   = 200
+        name       = "A-${ip_restriction.value}"
+      }
     }
 
     ip_restriction {
       ip_address = "0.0.0.0/0"
       action     = "Deny"
-      priority   = 200
+      priority   = 300
       name       = "DenyAll"
     }
   }
+
   logs {
     detailed_error_messages = false
     failed_request_tracing  = false
@@ -82,14 +117,15 @@ resource "azurerm_linux_web_app" "browserless" {
   identity {
     type = "SystemAssigned"
   }
+
   depends_on = [
     azurerm_service_plan.asp,
+    azurerm_subnet.subnet
   ]
-
 }
 
 resource "azurerm_linux_web_app" "app" {
-  name                = "${var.project_name}"
+  name                = var.project_name
   location            = azurerm_resource_group.rg.location
   resource_group_name = azurerm_resource_group.rg.name
   service_plan_id     = azurerm_service_plan.asp.id
@@ -100,7 +136,7 @@ resource "azurerm_linux_web_app" "app" {
     OPENAI_API_KEY                      = var.openai_api_key
     ANTHROPIC_API_KEY                   = var.anthropic_api_key
     GEMINI_API_KEY                      = var.gemini_api_key
-    PUPPETEER_WSS_ENDPOINT              = "wss://${azurerm_linux_web_app.browserless.default_hostname}"
+    // PUPPETEER_WSS_ENDPOINT              = "wss://${azurerm_linux_web_app.browserless.default_hostname}"
   }
 
   site_config {
@@ -117,16 +153,17 @@ resource "azurerm_linux_web_app" "app" {
       ip_address = var.allowed_ip
       action     = "Allow"
       priority   = 100
-      name       = "AllowSpecificIP"
+      name       = "KantegaIP"
     }
 
     ip_restriction {
       ip_address = "0.0.0.0/0"
       action     = "Deny"
-      priority   = 200
+      priority   = 300
       name       = "DenyAll"
     }
   }
+
   logs {
     detailed_error_messages = false
     failed_request_tracing  = false
@@ -143,8 +180,31 @@ resource "azurerm_linux_web_app" "app" {
   }
 
   depends_on = [
-    azurerm_service_plan.asp,
-    azurerm_linux_web_app.browserless,
-    azurerm_container_registry.acr
+    azurerm_container_registry.acr,
+    azurerm_subnet.subnet
   ]
 }
+
+resource "azurerm_app_service_virtual_network_swift_connection" "app_vnet_integration" {
+  app_service_id = azurerm_linux_web_app.app.id
+  subnet_id      = azurerm_subnet.subnet.id
+}
+
+resource "azurerm_app_service_virtual_network_swift_connection" "browserless_vnet_integration" {
+  app_service_id = azurerm_linux_web_app.browserless.id
+  subnet_id      = azurerm_subnet.subnet.id
+}
+
+resource "null_resource" "update_settings" {
+  triggers = {
+    always_run = "${timestamp()}"
+  }
+
+  provisioner "local-exec" {
+    command = <<EOT
+az webapp config appsettings set --resource-group ${azurerm_resource_group.rg.name} --name ${azurerm_linux_web_app.app.name} --settings PUPPETEER_WSS_ENDPOINT=wss://${azurerm_linux_web_app.browserless.default_hostname}
+EOT
+  }
+
+  depends_on = [azurerm_linux_web_app.app, azurerm_linux_web_app.browserless]
+}
diff --git a/infra/output.tf b/infra/output.tf
@@ -0,0 +1,18 @@
+output "docker_registry_server_url" {
+  value = azurerm_container_registry.acr.login_server
+}
+
+output "docker_registry_server_username" {
+  value = azurerm_container_registry.acr.admin_username
+}
+
+output "docker_registry_server_password" {
+  value     = azurerm_container_registry.acr.admin_password
+  sensitive = true
+}
+
+# Output Function App publish profile
+output "GET_PUBLISHING_PROFILE_SCRIPT" {
+  value       = "az webapp deployment list-publishing-profiles --name ${azurerm_linux_web_app.app.name} --resource-group ${azurerm_resource_group.rg.name} --xml"
+  description = "Run this command in your shell to retrieve the Azure Web App's publishing profile."
+}