will.anderson
a73f608629
Download both neuron-soul and engram binaries from Artifact Registry. entrypoint.sh starts engram on :8742, waits for /health, then launches the soul with ENGRAM_URL set. Removes SOUL_ENGRAM_PATH / file mode.
131 lines
4.9 KiB
Docker
131 lines
4.9 KiB
Docker
# Neuron Soul — GKE container image
|
|
#
|
|
# Build strategy:
|
|
# 1. Download the pre-built linux/amd64 soul binary (package: neuron-soul)
|
|
# and engram HTTP server binary (package: engram) from Artifact Registry.
|
|
# Both are built by CI and published as generic artifacts.
|
|
# 2. Package both in a minimal Ubuntu 22.04 runtime.
|
|
# 3. entrypoint.sh starts engram on :8742, waits for it to be healthy,
|
|
# then starts the soul with ENGRAM_URL pointing at it (HTTP mode).
|
|
#
|
|
# Required env vars (injected via ExternalSecret at runtime):
|
|
# NEURON_PORT, NEURON_LLM_0_URL, NEURON_LLM_0_KEY, NEURON_LLM_0_FORMAT,
|
|
# SOUL_CGI_ID, SOUL_IDENTITY, NEURON_TOKEN, NEURON_API_URL, ENGRAM_URL,
|
|
# ENGRAM_DATA_DIR
|
|
|
|
ARG SOUL_VERSION=latest
|
|
ARG ENGRAM_VERSION=latest
|
|
|
|
FROM ubuntu:22.04 AS downloader
|
|
|
|
ARG SOUL_VERSION
|
|
ARG ENGRAM_VERSION
|
|
ARG GCP_SA_KEY
|
|
|
|
RUN apt-get update -qq && \
|
|
apt-get install -y --no-install-recommends \
|
|
ca-certificates \
|
|
curl \
|
|
gnupg \
|
|
apt-transport-https && \
|
|
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" \
|
|
> /etc/apt/sources.list.d/google-cloud-sdk.list && \
|
|
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg \
|
|
| gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg && \
|
|
apt-get update -qq && \
|
|
apt-get install -y --no-install-recommends google-cloud-cli && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# Authenticate and download both binaries from Artifact Registry.
|
|
RUN --mount=type=secret,id=gcp_sa_key \
|
|
GCP_SA_KEY_FILE=$(cat /run/secrets/gcp_sa_key 2>/dev/null || echo "") && \
|
|
if [ -n "$GCP_SA_KEY_FILE" ]; then \
|
|
echo "$GCP_SA_KEY_FILE" > /tmp/gcp-key.json && \
|
|
gcloud auth activate-service-account --key-file=/tmp/gcp-key.json; \
|
|
fi && \
|
|
gcloud config set project neuron-785695 && \
|
|
mkdir -p /tmp/soul /tmp/engram && \
|
|
\
|
|
# ── soul ──────────────────────────────────────────────────────────────── \
|
|
if [ "${SOUL_VERSION}" = "latest" ]; then \
|
|
SOUL_VER=$(gcloud artifacts versions list \
|
|
--repository=foundation-dev \
|
|
--location=us-central1 \
|
|
--project=neuron-785695 \
|
|
--package=neuron-soul \
|
|
--sort-by="~createTime" \
|
|
--limit=1 \
|
|
--format="value(name)" 2>/dev/null | awk -F/ '{print $NF}'); \
|
|
else \
|
|
SOUL_VER="${SOUL_VERSION}"; \
|
|
fi && \
|
|
echo "Downloading neuron-soul@${SOUL_VER}" && \
|
|
gcloud artifacts generic download \
|
|
--repository=foundation-dev \
|
|
--location=us-central1 \
|
|
--project=neuron-785695 \
|
|
--package=neuron-soul \
|
|
--version="${SOUL_VER}" \
|
|
--destination=/tmp/soul/ && \
|
|
mv /tmp/soul/neuron* /tmp/soul/neuron 2>/dev/null || true && \
|
|
chmod +x /tmp/soul/neuron && \
|
|
\
|
|
# ── engram ────────────────────────────────────────────────────────────── \
|
|
if [ "${ENGRAM_VERSION}" = "latest" ]; then \
|
|
ENGRAM_VER=$(gcloud artifacts versions list \
|
|
--repository=foundation-dev \
|
|
--location=us-central1 \
|
|
--project=neuron-785695 \
|
|
--package=engram \
|
|
--sort-by="~createTime" \
|
|
--limit=1 \
|
|
--format="value(name)" 2>/dev/null | awk -F/ '{print $NF}'); \
|
|
else \
|
|
ENGRAM_VER="${ENGRAM_VERSION}"; \
|
|
fi && \
|
|
echo "Downloading engram@${ENGRAM_VER}" && \
|
|
gcloud artifacts generic download \
|
|
--repository=foundation-dev \
|
|
--location=us-central1 \
|
|
--project=neuron-785695 \
|
|
--package=engram \
|
|
--version="${ENGRAM_VER}" \
|
|
--destination=/tmp/engram/ && \
|
|
mv /tmp/engram/engram* /tmp/engram/engram 2>/dev/null || true && \
|
|
chmod +x /tmp/engram/engram && \
|
|
\
|
|
rm -f /tmp/gcp-key.json
|
|
|
|
# Runtime image — minimal Ubuntu 22.04 with only what both binaries need.
|
|
FROM ubuntu:22.04
|
|
|
|
RUN apt-get update -qq && \
|
|
apt-get install -y --no-install-recommends \
|
|
ca-certificates \
|
|
libcurl4 \
|
|
curl && \
|
|
rm -rf /var/lib/apt/lists/* && \
|
|
useradd -r -u 1000 -m -s /bin/bash soul
|
|
|
|
COPY --from=downloader /tmp/soul/neuron /usr/local/bin/neuron
|
|
COPY --from=downloader /tmp/engram/engram /usr/local/bin/engram
|
|
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
|
|
|
|
RUN chmod +x /usr/local/bin/neuron /usr/local/bin/engram /usr/local/bin/entrypoint.sh
|
|
|
|
# /data is the engram mount point (PVC at runtime).
|
|
RUN mkdir -p /data && chown soul:soul /data
|
|
|
|
USER soul
|
|
WORKDIR /home/soul
|
|
|
|
EXPOSE 7770
|
|
|
|
# ENGRAM_URL and ENGRAM_DATA_DIR trigger HTTP mode in the soul.
|
|
# SOUL_ENGRAM_PATH must NOT be set — its presence would enable legacy file mode.
|
|
ENV NEURON_PORT=7770 \
|
|
ENGRAM_URL=http://localhost:8742 \
|
|
ENGRAM_DATA_DIR=/data
|
|
|
|
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
|