Skip to content

China cloud changes #1315

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 36 commits into from
Nov 3, 2025
Merged

China cloud changes #1315

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
9eb2fea
chore: push docker images to acr
yagarwal1307 Oct 6, 2025
fdf15b1
chore: comment paths in action for now
yagarwal1307 Oct 6, 2025
744ea30
chore: fix the actions file
yagarwal1307 Oct 6, 2025
cf6d4e2
chore: fix actions agian
yagarwal1307 Oct 6, 2025
41d0506
chore: replace the docker image
yagarwal1307 Oct 6, 2025
2990876
chore: make changes to make the china cloud work
yagarwal1307 Oct 7, 2025
c1e1022
chore: cleaup the auth providers
yagarwal1307 Oct 15, 2025
850361d
chore: remove direct references tosupabase
yagarwal1307 Oct 16, 2025
0c8a190
fix: fix small issues
yagarwal1307 Oct 16, 2025
5625b04
chore: fix the auth listener
yagarwal1307 Oct 16, 2025
cbd2559
chore: minor fixes
yagarwal1307 Oct 17, 2025
fb52770
chore: fix supabase google login
yagarwal1307 Oct 17, 2025
e65e989
chore: merge android-3 in china cloud branch
yagarwal1307 Oct 17, 2025
a185b8d
fix: fix the mongodb connection issues
yagarwal1307 Oct 17, 2025
269d2f3
chore: update env example files
yagarwal1307 Oct 18, 2025
62b5ba3
feat: add chinese translation provider
yagarwal1307 Oct 20, 2025
9778d5d
feat: add alibaba transcription provider
yagarwal1307 Oct 21, 2025
5e70c17
Merge branch 'dev' into ya/china-cloud-cd
yagarwal1307 Oct 21, 2025
e2402f7
fix: fix alibaba providers init issue
yagarwal1307 Oct 22, 2025
129f44c
fix: fix the alibaba model language code issue
yagarwal1307 Oct 22, 2025
3ac8eab
Merge branch 'dev' into ya/china-cloud-cd
yagarwal1307 Oct 22, 2025
35499f0
merge dev into ya/china-cloud-cd
yagarwal1307 Oct 25, 2025
fae1ba1
Merge branch 'dev' into ya/china-cloud-cd
yagarwal1307 Oct 27, 2025
1a8ec2c
chore: Disable Sentry, Betterstack and Posthog for China
yagarwal1307 Oct 27, 2025
f7ae29e
Merge branch 'dev' into ya/china-cloud-cd
yagarwal1307 Oct 30, 2025
969439c
chore: add auto deployment to ci/cd
yagarwal1307 Oct 30, 2025
1fe4380
chore: fix the config file path
yagarwal1307 Oct 30, 2025
7728d68
chore: fix the missing env
yagarwal1307 Oct 30, 2025
12d15fc
chore: fix other env varibale
yagarwal1307 Oct 30, 2025
c82611a
chore: fix alibaba env variables
yagarwal1307 Oct 30, 2025
f6be1c6
chore: disable webrtc for china cloud
yagarwal1307 Oct 30, 2025
09822b6
chore: remove ssl false flag from codebase
yagarwal1307 Oct 30, 2025
fca9701
Merge branch 'dev' into ya/china-cloud-cd
aisraelov Oct 30, 2025
8176e7f
Merge branch 'dev' into ya/china-cloud-cd
yagarwal1307 Oct 31, 2025
5e99c3d
chore: modify the china deployment ga
yagarwal1307 Oct 31, 2025
a5e9d95
Merge branch 'dev' into ya/china-cloud-cd
aisraelov Nov 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
250 changes: 250 additions & 0 deletions .github/workflows/china-deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,250 @@
name: China Cloud Deployment

on:
push:
branches:
- dev
paths:
- "cloud/**"
- ".github/workflows/china-deployment.yml"

jobs:
china-cloud-deploy:
runs-on: ubuntu-latest
permissions:
contents: read
env:
NODE_ENV: production
PORT: "80"
SYSTEM_DASHBOARD_PACKAGE_NAME: system.augmentos.dashboard
CLOUD_VERSION: 2.1.2
REDEPLOY: 2
DEPLOYMENT_REGION: china
ADMIN_EMAILS: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
CLOUD_PUBLIC_HOST_NAME: api.mentraglass.cn
CLOUD_HOST_NAME: api.mentraglass.cn
CLOUD_LOCAL_HOST_NAME: cloud-prod-cloud.default.svc.cluster.local:80
PORTER_APP_NAME: cloud-prod
ACR_INSTANCE_ID: cri-h675v46p9lj694l6
ACR_REGION_ID: cn-shenzhen
ACR_PUBLIC_DOMAIN: mentra-acr-cnsz-a-registry.cn-shenzhen.cr.aliyuncs.com

# Mentra config
MONGO_URL: ${{ secrets.MONGO_URL }}
AUGMENTOS_AUTH_JWT_SECRET: ${{ secrets.AUGMENTOS_AUTH_JWT_SECRET }}
INVITE_JWT_SECRET: ${{ secrets.INVITE_JWT_SECRET }}
JOE_MAMA_USER_JWT: ${{ secrets.JOE_MAMA_USER_JWT }}
TPA_AUTH_JWT_PRIVATE_KEY: ${{ secrets.TPA_AUTH_JWT_PRIVATE_KEY }}

# Livekit config
LIVEKIT_URL: ${{ secrets.LIVEKIT_URL }}
LIVEKIT_API_SECRET: ${{ secrets.LIVEKIT_API_SECRET }}
LIVEKIT_API_KEY: ${{ secrets.LIVEKIT_API_KEY }}
# Authing config
AUTHING_APP_SECRET: ${{ secrets.AUTHING_APP_SECRET }}
AUTHING_APP_ID: ${{ secrets.AUTHING_APP_ID }}
AUTHING_APP_HOST: ${{ secrets.AUTHING_APP_HOST }}
# Supabase config
SUPABASE_URL: ${{ secrets.SUPABASE_URL }}
SUPABASE_SERVICE_KEY: ${{ secrets.SUPABASE_SERVICE_KEY }}
SUPABASE_JWT_SECRET: ${{ secrets.SUPABASE_JWT_SECRET }}
# Azure OpenAI config
AZURE_OPENAI_API_DEPLOYMENT_NAME: gpt-4o
AZURE_OPENAI_API_INSTANCE_NAME: mentra-uscentral-resource
AZURE_OPENAI_API_KEY: ${{ secrets.AZURE_OPENAI_API_KEY }}
AZURE_OPENAI_API_VERSION: 2024-08-01-preview
# Azure Speech config
AZURE_SPEECH_KEY: ${{ secrets.AZURE_SPEECH_KEY }}
AZURE_SPEECH_REGION: centralus
# Soniox config
SONIOX_API_KEY: ${{ secrets.SONIOX_API_KEY }}
# Anthropic config
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
# ElevenLabs config
ELEVENLABS_API_KEY: ${{ secrets.ELEVENLABS_API_KEY }}
ELEVENLABS_DEFAULT_VOICE_ID: TX3LPaxmHKxFdv7VOQHJ
# OpenAI config
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
# LLM config
LLM_MODEL: gpt-4o
LLM_PROVIDER: azure
# Alibaba config
ALIBABA_ENDPOINT: ${{ secrets.ALIBABA_ENDPOINT }}
ALIBABA_WORKSPACE: ${{ secrets.ALIBABA_WORKSPACE }}
ALIBABA_DASHSCOPE_API_KEY: ${{ secrets.ALIBABA_DASHSCOPE_API_KEY }}
# BetterStack config
BETTERSTACK_SOURCE_TOKEN: ${{ secrets.BETTERSTACK_SOURCE_TOKEN }}
# Posthog config
POSTHOG_HOST: https://us.i.posthog.com
POSTHOG_PROJECT_API_KEY: ${{ secrets.POSTHOG_PROJECT_API_KEY }}
# Sentry config
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
# SerpAPI config
SERPAPI_API_KEY: ${{ secrets.SERPAPI_API_KEY }}
# Cloudflare config
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUD_URL: cloud
# Resend config
RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }}

steps:
# 1. Checkout source code
- uses: actions/checkout@v4

# 2. Short commit SHA for tagging
- id: vars
run: echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"

# 3. Compute Docker tags dynamically
- id: docker-tags
run: |
BRANCH=${GITHUB_REF_NAME//\//-}
echo "tags=$BRANCH latest" >> "$GITHUB_OUTPUT"

# 4. Docker Buildx
- uses: docker/setup-buildx-action@v2

# 5. Install Alibaba Cloud CLI
- name: Install Alibaba Cloud CLI
run: |
curl -sSL https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz | tar -xz
sudo mv aliyun /usr/local/bin/

# 6. Configure Alibaba CLI with long-lived AK/SK
- name: Configure Alibaba Cloud CLI
run: |
aliyun configure set \
--profile default \
--mode AK \
--region $ACR_REGION_ID \
--access-key-id ${{ secrets.ALIBABA_ACCESS_KEY_ID }} \
--access-key-secret ${{ secrets.ALIBABA_ACCESS_KEY_SECRET }}
shell: bash

# 7. Get temporary Docker login token
- id: acr-token
run: |
TOKEN=$(aliyun cr GetAuthorizationToken \
--InstanceId $ACR_INSTANCE_ID \
--RegionId $ACR_REGION_ID \
| jq -r '.AuthorizationToken')
echo "token=$TOKEN" >> "$GITHUB_OUTPUT"

# 8. Docker login with temporary token
- name: Docker Login to ACR
run: |
docker login \
--username cr_temp_user \
--password ${{ steps.acr-token.outputs.token }} \
$ACR_PUBLIC_DOMAIN

# 9. Build & push Docker image
- uses: docker/build-push-action@v4
with:
context: ./cloud
file: ./cloud/docker/Dockerfile.livekit
push: true
tags: |
${{ env.ACR_PUBLIC_DOMAIN }}/mentra-dev/backend:${{ steps.vars.outputs.sha_short }}
${{ env.ACR_PUBLIC_DOMAIN }}/mentra-dev/backend:latest

# 10. Replace secrets in autoscaling config
- name: Replace secrets in autoscaling config
run: |
envsubst < .github/workflows/eci-autoscaling-config.yml > final-deployment.yml
shell: bash

# 11. Fetch Scaling Group ID
- name: Fetch Scaling Group ID
id: fetch-sg
run: |
set -e
SCALING_GROUP_NAME="mentra-dev-ecisg-cloud"

echo "🔍 Fetching Scaling Group ID..."
RAW_JSON=$(aliyun ess DescribeScalingGroups \
--RegionId $ACR_REGION_ID \
--ScalingGroupName $SCALING_GROUP_NAME)

SCALING_GROUP_ID=$(echo "$RAW_JSON" | jq -r '.ScalingGroups.ScalingGroup[0].ScalingGroupId')
echo "Scaling_Group_ID=$SCALING_GROUP_ID" >> $GITHUB_OUTPUT

# 12. Create Scaling Configuration
- name: Create Scaling Configuration
id: create-config
run: |
set -e
NEW_CONFIG_NAME="deploymentConfiguration_${{ steps.vars.outputs.sha_short }}"

echo "🧩 Creating new scaling configuration..."
CONFIG_JSON=$(aliyun ess ApplyEciScalingConfiguration \
--RegionId $ACR_REGION_ID \
--ScalingGroupId ${{ steps.fetch-sg.outputs.Scaling_Group_ID }} \
--Content "$(cat final-deployment.yml)" \
--version 2022-02-22 --method POST --force)

CONFIG_ID=$(echo "$CONFIG_JSON" | jq -r '.ScalingConfigurationId')
echo "Scaling_Configuration_ID=$CONFIG_ID" >> $GITHUB_OUTPUT
echo "✅ Created scaling configuration: $CONFIG_ID"

# 13. Start Instance Refresh
- name: Start Instance Refresh
id: start-refresh
run: |
set -e
echo "🚀 Starting instance refresh..."
REFRESH_JSON=$(aliyun ess StartInstanceRefresh \
--ScalingGroupId ${{ steps.fetch-sg.outputs.Scaling_Group_ID }} \
--DesiredConfiguration.ScalingConfigurationId ${{ steps.create-config.outputs.Scaling_Configuration_ID }} \
--Strategy Rolling \
--DesiredPercentage 100 \
--SkipMatching false \
--version 2022-02-22 --method POST --force)

REFRESH_ID=$(echo "$REFRESH_JSON" | jq -r '.InstanceRefreshTaskId')
echo "Instance_Refresh_Task_ID=$REFRESH_ID" >> $GITHUB_OUTPUT
echo "🌀 Started Instance Refresh Task: $REFRESH_ID"

# 14. Monitor Instance Refresh
- name: Monitor Instance Refresh
run: |
set -e
MAX_ATTEMPTS=40
INTERVAL=15

SCALING_GROUP_ID="${{ steps.fetch-sg.outputs.Scaling_Group_ID }}"
INSTANCE_REFRESH_TASK_ID="${{ steps.start-refresh.outputs.Instance_Refresh_Task_ID }}"

for ((i=1; i<=MAX_ATTEMPTS; i++)); do
STATUS_JSON=$(aliyun ess DescribeInstanceRefreshes \
--ScalingGroupId "$SCALING_GROUP_ID" \
--InstanceRefreshTaskIds "$INSTANCE_REFRESH_TASK_ID" \
--RegionId "$ACR_REGION_ID" \
--method GET \
--version 2022-02-22 \
--force)

# Extract the status of the specified instance refresh task
STATUS=$(echo "$STATUS_JSON" | jq -r '.InstanceRefreshTasks[0].Status')
echo "⏱️ Attempt $i: Current status = $STATUS"

case "$STATUS" in
Successful)
echo "✅ Instance refresh completed successfully!"
exit 0
;;
Failed)
echo "❌ Instance refresh failed!"
exit 1
;;
InProgress)
echo "⏳ Instance refresh in progress..."
;;
*)
echo "⚠️ Unexpected status: $STATUS"
;;
esac

sleep $INTERVAL
done
136 changes: 136 additions & 0 deletions .github/workflows/eci-autoscaling-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
k8s.aliyun.com/ess-scaling-group-max-size: "2"
k8s.aliyun.com/ess-scaling-group-name: mentra-dev-ecisg-cloud
k8s.aliyun.com/ess-scaling-group-min-size: "1"
name: mentra-dev-ecig-api-cnsz
spec:
replicas: 1
selector:
matchLabels:
app: mentra-dev-ecig-api-cnsz
template:
metadata:
annotations:
k8s.aliyun.com/eci-vswitch: vsw-wz951dlbxvoeeakcrmjr2
k8s.aliyun.com/eci-spot-strategy: NoSpot
k8s.aliyun.com/eci-security-group: sg-wz98079z7qd7oz2xtmt3
k8s.aliyun.com/eci-use-specs: 2.0-4.0Gi
spec:
containers:
- args:
- ./start.sh
env:
- name: ANTHROPIC_API_KEY
value: "${ANTHROPIC_API_KEY}"
- name: AUGMENTOS_AUTH_JWT_SECRET
value: "${AUGMENTOS_AUTH_JWT_SECRET}"
- name: AZURE_OPENAI_API_DEPLOYMENT_NAME
value: "${AZURE_OPENAI_API_DEPLOYMENT_NAME}"
- name: AZURE_OPENAI_API_INSTANCE_NAME
value: "${AZURE_OPENAI_API_INSTANCE_NAME}"
- name: AZURE_OPENAI_API_KEY
value: "${AZURE_OPENAI_API_KEY}"
- name: AZURE_OPENAI_API_VERSION
value: "${AZURE_OPENAI_API_VERSION}"
- name: AZURE_SPEECH_KEY
value: "${AZURE_SPEECH_KEY}"
- name: AZURE_SPEECH_REGION
value: "${AZURE_SPEECH_REGION}"
- name: CLOUDFLARE_ACCOUNT_ID
value: "${CLOUDFLARE_ACCOUNT_ID}"
- name: CLOUDFLARE_API_TOKEN
value: "${CLOUDFLARE_API_TOKEN}"
- name: CLOUD_URL
value: "${CLOUD_URL}"
- name: CLOUD_VERSION
value: "${CLOUD_VERSION}"
- name: ELEVENLABS_API_KEY
value: "${ELEVENLABS_API_KEY}"
- name: ELEVENLABS_DEFAULT_VOICE_ID
value: "${ELEVENLABS_DEFAULT_VOICE_ID}"
- name: INVITE_JWT_SECRET
value: "${INVITE_JWT_SECRET}"
- name: JOE_MAMA_USER_JWT
value: "${JOE_MAMA_USER_JWT}"
- name: LLM_MODEL
value: "${LLM_MODEL}"
- name: LLM_PROVIDER
value: "${LLM_PROVIDER}"
- name: MONGO_URL
value: "${MONGO_URL}"
- name: NODE_ENV
value: "${NODE_ENV}"
- name: OPENAI_API_KEY
value: "${OPENAI_API_KEY}"
- name: PORT
value: "${PORT}"
- name: POSTHOG_HOST
value: "${POSTHOG_HOST}"
- name: POSTHOG_PROJECT_API_KEY
value: "${POSTHOG_PROJECT_API_KEY}"
- name: RESEND_API_KEY
value: "${RESEND_API_KEY}"
- name: SENTRY_DSN
value: "${SENTRY_DSN}"
- name: SERPAPI_API_KEY
value: "${SERPAPI_API_KEY}"
- name: SONIOX_API_KEY
value: "${SONIOX_API_KEY}"
- name: SUPABASE_JWT_SECRET
value: "${SUPABASE_JWT_SECRET}"
- name: SYSTEM_DASHBOARD_PACKAGE_NAME
value: "${SYSTEM_DASHBOARD_PACKAGE_NAME}"
- name: TPA_AUTH_JWT_PRIVATE_KEY
value: "${TPA_AUTH_JWT_PRIVATE_KEY}"
- name: CLOUD_PUBLIC_HOST_NAME
value: "${CLOUD_PUBLIC_HOST_NAME}"
- name: CLOUD_LOCAL_HOST_NAME
value: "${CLOUD_LOCAL_HOST_NAME}"
- name: PORTER_APP_NAME
value: "${PORTER_APP_NAME}"
- name: CLOUD_HOST_NAME
value: "${CLOUD_HOST_NAME}"
- name: SUPABASE_URL
value: "${SUPABASE_URL}"
- name: SUPABASE_SERVICE_KEY
value: "${SUPABASE_SERVICE_KEY}"
- name: LIVEKIT_URL
value: "${LIVEKIT_URL}"
- name: LIVEKIT_API_SECRET
value: "${LIVEKIT_API_SECRET}"
- name: LIVEKIT_API_KEY
value: "${LIVEKIT_API_KEY}"
- name: BETTERSTACK_SOURCE_TOKEN
value: "${BETTERSTACK_SOURCE_TOKEN}"
- name: ADMIN_EMAILS
value: "${ADMIN_EMAILS}"
- name: redeploy
value: "${REDEPLOY}"
- name: AUTHING_APP_HOST
value: "${AUTHING_APP_HOST}"
- name: AUTHING_APP_ID
value: "${AUTHING_APP_ID}"
- name: AUTHING_APP_SECRET
value: "${AUTHING_APP_SECRET}"
- name: DEPLOYMENT_REGION
value: "${DEPLOYMENT_REGION}"
- name: ALIBABA_ENDPOINT
value: "${ALIBABA_ENDPOINT}"
- name: ALIBABA_WORKSPACE
value: "${ALIBABA_WORKSPACE}"
- name: ALIBABA_DASHSCOPE_API_KEY
value: "${ALIBABA_DASHSCOPE_API_KEY}"
image: mentra-acr-cnsz-a-registry-vpc.cn-shenzhen.cr.aliyuncs.com/mentra-dev/backend:latest
imagePullPolicy: Always
lifecycle: {}
livenessProbe: {}
name: mentra-dev-eci-api-cnsz
readinessProbe: {}
resources:
limits:
cpu: 0m
memory: 0m
restartPolicy: Always
Loading