From 93f9ea2be2105459927e2a0d734078c90079a866 Mon Sep 17 00:00:00 2001 From: Will Anderson Date: Sun, 10 May 2026 21:08:46 -0500 Subject: [PATCH] feat: extract soul-demo into standalone Cloud Run service --- .gitea/workflows/stage.yaml | 61 ++++++++++++++++++++++++++++++++++++- Dockerfile.soul-demo | 32 +++++++++++++++++++ Dockerfile.stage | 26 +++++----------- dist/entrypoint.sh | 22 ------------- 4 files changed, 99 insertions(+), 42 deletions(-) create mode 100644 Dockerfile.soul-demo diff --git a/.gitea/workflows/stage.yaml b/.gitea/workflows/stage.yaml index 2c0e010..4ff1699 100644 --- a/.gitea/workflows/stage.yaml +++ b/.gitea/workflows/stage.yaml @@ -12,6 +12,7 @@ on: - 'dist/**' - 'runtime/**' - 'Dockerfile.stage' + - 'Dockerfile.soul-demo' - 'build-stage.sh' - '.gitea/workflows/stage.yaml' @@ -230,6 +231,49 @@ jobs: -lcurl -lpthread -ldl -lm -lssl -lcrypto echo "soul-demo compiled: $(ls -lh dist/soul-demo)" + - name: Build and push soul-demo image + if: steps.changetype.outputs.asset_only != 'true' + id: soul-image + run: | + set -euo pipefail + SOUL_IMAGE="us-central1-docker.pkg.dev/neuron-785695/neuron-marketing/soul-demo:${{ steps.tag.outputs.tag }}" + docker build --no-cache \ + -f Dockerfile.soul-demo \ + -t "soul-demo:${{ steps.tag.outputs.tag }}" \ + . + docker tag "soul-demo:${{ steps.tag.outputs.tag }}" "$SOUL_IMAGE" + docker tag "soul-demo:${{ steps.tag.outputs.tag }}" \ + "us-central1-docker.pkg.dev/neuron-785695/neuron-marketing/soul-demo:stage-latest" + docker push "$SOUL_IMAGE" + docker push "us-central1-docker.pkg.dev/neuron-785695/neuron-marketing/soul-demo:stage-latest" + echo "soul_image=${SOUL_IMAGE}" >> "$GITHUB_OUTPUT" + echo "Soul-demo image: ${SOUL_IMAGE}" + + - name: Deploy soul-demo-stage + if: steps.changetype.outputs.asset_only != 'true' + id: deploy-soul + run: | + set -euo pipefail + gcloud run deploy soul-demo-stage \ + --image "${{ steps.soul-image.outputs.soul_image }}" \ + --region us-central1 \ + --project neuron-785695 \ + --service-account neuron-marketing-sa@neuron-785695.iam.gserviceaccount.com \ + --update-env-vars "NEURON_LLM_0_FORMAT=anthropic,NEURON_LLM_0_MODEL=claude-sonnet-4-5,NEURON_LLM_0_URL=https://api.anthropic.com/v1/messages" \ + --update-secrets "NEURON_LLM_0_KEY=anthropic-api-key:latest,ANTHROPIC_API_KEY=anthropic-api-key:latest" \ + --min-instances 1 \ + --max-instances 10 \ + --concurrency 20 \ + --port 8080 \ + --allow-unauthenticated \ + --quiet + + SOUL_URL=$(gcloud run services describe soul-demo-stage \ + --region us-central1 --project neuron-785695 \ + --format 'value(status.url)') + echo "soul_url=${SOUL_URL}" >> "$GITHUB_OUTPUT" + echo "Soul-demo URL: ${SOUL_URL}" + - name: Build and tag image if: steps.changetype.outputs.asset_only != 'true' run: | @@ -275,6 +319,21 @@ jobs: docker push "${LATEST%:*}:stage-latest" echo "Fast asset build complete" + - name: Resolve soul-demo URL + id: soul-url + run: | + set -euo pipefail + # For full builds: soul_url comes from deploy-soul step output. + # For asset-only builds (soul-demo not redeployed): describe existing service. + SOUL_URL="${{ steps.deploy-soul.outputs.soul_url }}" + if [ -z "$SOUL_URL" ]; then + SOUL_URL=$(gcloud run services describe soul-demo-stage \ + --region us-central1 --project neuron-785695 \ + --format 'value(status.url)' 2>/dev/null || echo "") + fi + echo "soul_url=${SOUL_URL}" >> "$GITHUB_OUTPUT" + echo "Resolved SOUL_URL: ${SOUL_URL}" + - name: Deploy to marketing-stage id: deploy-stage env: @@ -287,7 +346,7 @@ jobs: --region us-central1 \ --project neuron-785695 \ --service-account neuron-marketing-sa@neuron-785695.iam.gserviceaccount.com \ - --update-env-vars "NODE_ENV=production,STRIPE_PUBLISHABLE_KEY=pk_test_51TPoHnJg9Fv1D3AUp1FEMcy4MGlKRZqs4scW66kjQFQjWofmNc2rottzXzDaXekHvuw1OQpyp2WCIsc7O5fXIG0G00HQQrkdGX,GCS_SHARE_BUCKET=neuron-shares-prod,SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Im9jb2pzZ2hhb25sdHVuaWRrenB3Iiwicm9sZSI6ImFub24iLCJpYXQiOjE3Nzc2NDIxNjgsImV4cCI6MjA5MzIxODE2OH0.e0FVFw1aahnrBVvnkR5R8a-RxCx095U8o_gsk7Quq3E,NEURON_LLM_0_FORMAT=anthropic,NEURON_LLM_0_MODEL=claude-sonnet-4-5,NEURON_LLM_0_URL=https://api.anthropic.com/v1/messages" \ + --update-env-vars "NODE_ENV=production,STRIPE_PUBLISHABLE_KEY=pk_test_51TPoHnJg9Fv1D3AUp1FEMcy4MGlKRZqs4scW66kjQFQjWofmNc2rottzXzDaXekHvuw1OQpyp2WCIsc7O5fXIG0G00HQQrkdGX,GCS_SHARE_BUCKET=neuron-shares-prod,SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Im9jb2pzZ2hhb25sdHVuaWRrenB3Iiwicm9sZSI6ImFub24iLCJpYXQiOjE3Nzc2NDIxNjgsImV4cCI6MjA5MzIxODE2OH0.e0FVFw1aahnrBVvnkR5R8a-RxCx095U8o_gsk7Quq3E,NEURON_LLM_0_FORMAT=anthropic,NEURON_LLM_0_MODEL=claude-sonnet-4-5,NEURON_LLM_0_URL=https://api.anthropic.com/v1/messages,SOUL_URL=${{ steps.soul-url.outputs.soul_url }}" \ --update-secrets "SUPABASE_SERVICE_KEY=supabase-service-key:latest,NEURON_LLM_0_KEY=anthropic-api-key:latest,ANTHROPIC_API_KEY=anthropic-api-key:latest,STRIPE_SECRET_KEY=stripe-secret-key-stage:latest,STRIPE_WEBHOOK_SECRET=stripe-webhook-secret-stage:latest,STRIPE_PRICE_PROFESSIONAL=stripe-price-professional-stage:latest,STRIPE_PRICE_FOUNDING=stripe-price-founding-stage:latest,STRIPE_PRICE_FAMILY_CHILD=stripe-price-family-child:latest,RESEND_API_KEY=resend-api-key:latest,DOCUSEAL_WEBHOOK_TOKEN=docuseal-webhook-token:latest" \ --allow-unauthenticated \ --quiet diff --git a/Dockerfile.soul-demo b/Dockerfile.soul-demo new file mode 100644 index 0000000..d6ee353 --- /dev/null +++ b/Dockerfile.soul-demo @@ -0,0 +1,32 @@ +# Dockerfile.soul-demo — Soul-demo as a standalone Cloud Run service. +# Decoupled from neuron-web so it can scale independently. +# Built from repo root. soul-demo binary compiled by CI before this runs. + +FROM ubuntu:24.04 + +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + libcurl4t64 \ + libssl3t64 \ + ca-certificates \ + && rm -rf /var/lib/apt/lists/* \ + && groupadd -r soul && useradd -r -g soul soul \ + && mkdir -p /srv/soul/engram-demo \ + && chown -R soul:soul /srv/soul + +COPY dist/soul-demo /usr/local/bin/soul-demo +RUN chmod +x /usr/local/bin/soul-demo + +COPY dist/engram-snapshot.json /srv/soul/engram-demo/snapshot.json +RUN chown soul:soul /srv/soul/engram-demo/snapshot.json + +USER soul + +ENV NEURON_HOME=/srv/soul/engram-demo +ENV NEURON_PORT=8080 + +EXPOSE 8080 + +CMD ["/usr/local/bin/soul-demo"] diff --git a/Dockerfile.stage b/Dockerfile.stage index 5723d33..8a97125 100644 --- a/Dockerfile.stage +++ b/Dockerfile.stage @@ -1,16 +1,14 @@ -# Dockerfile.stage — Stage build: landing server + soul-demo in one image. +# Dockerfile.stage — Stage build: landing server only. # -# Both processes run in the same container: -# - neuron-web on port 8080 (landing page server) -# - soul-demo on port 7772 (demo chat, localhost only) +# neuron-web runs on port 8080 (landing page server). +# soul-demo is now a separate Cloud Run service (soul-demo-stage). # -# All binaries (neuron-web, soul-demo) are pre-built by CI on the host runner -# before this Dockerfile runs. This keeps the Docker build single-stage with -# no compilation and no network downloads. +# neuron-web binary is pre-built by CI on the host runner before this +# Dockerfile runs. This keeps the Docker build single-stage with no +# compilation and no network downloads. # # CI pre-build steps (in stage.yaml): # - neuron-web: built by `elb build` → dist/neuron-landing -# - soul-demo: compiled by cc on host → dist/soul-demo FROM ubuntu:24.04 @@ -24,20 +22,12 @@ RUN apt-get update \ && rm -rf /var/lib/apt/lists/* \ && groupadd -r landing && useradd -r -g landing landing \ && mkdir -p /srv/landing/assets /srv/landing/js /srv/landing/shares \ - && mkdir -p /srv/soul/engram-demo \ - && chown -R landing:landing /srv/landing /srv/soul + && chown -R landing:landing /srv/landing # neuron-web binary — produced by `elb build` in CI (linux/amd64) COPY dist/neuron-landing /usr/local/bin/neuron-web RUN chmod +x /usr/local/bin/neuron-web -# soul-demo binary — compiled by cc on host runner in CI -COPY dist/soul-demo /usr/local/bin/soul-demo -RUN chmod +x /usr/local/bin/soul-demo - -# Engram snapshot — baked in so soul has memory from cold start -COPY dist/engram-snapshot.json /srv/soul/engram-demo/snapshot.json - COPY src/assets /srv/landing/assets COPY dist/js /srv/landing/js COPY src/llms.txt /srv/landing/llms.txt @@ -55,8 +45,6 @@ RUN chmod +x /usr/local/bin/entrypoint.sh ENV LANDING_ROOT=/srv/landing ENV PORT=8080 -ENV NEURON_HOME=/srv/soul/engram-demo -ENV NEURON_PORT=7772 EXPOSE 8080 diff --git a/dist/entrypoint.sh b/dist/entrypoint.sh index ee8a70e..e8fb91a 100644 --- a/dist/entrypoint.sh +++ b/dist/entrypoint.sh @@ -1,26 +1,4 @@ #!/bin/sh set -e - -if [ "${SKIP_K3S:-0}" = "1" ]; then - echo "[entrypoint] SKIP_K3S=1: starting neuron-web directly (no soul-demo)." - exec /usr/local/bin/neuron-web -fi - -# Soul-demo watchdog: start soul-demo and restart it automatically on crash. -# Cloud Run gen2 doesn't reliably provide eth0 with a unicast IP, so k3s flannel -# fails at startup. Running soul-demo directly is simpler, lighter, and fully -# self-healing. Cloud Run handles horizontal scaling — no HPA needed. -echo "[entrypoint] Starting soul-demo watchdog on :${NEURON_PORT:-7772}..." -( - while true; do - echo "[soul-watchdog] starting soul-demo (NEURON_HOME=${NEURON_HOME})" - /usr/local/bin/soul-demo 2>&1 || true - echo "[soul-watchdog] soul-demo exited, restarting in 3s..." - sleep 3 - done -) & - -# Start neuron-web immediately — do NOT block. -# Cloud Run startup probe requires port 8080 to answer within the timeout. echo "[entrypoint] Starting neuron-web on port ${PORT:-8080}..." exec /usr/local/bin/neuron-web -- 2.52.0