DataBytes-Organisation · Tennie002 · Aug 31, 2025 · Sep 21, 2025 · Sep 21, 2025
diff --git a/.github/workflows/build-api.yml b/.github/workflows/build-api.yml
@@ -0,0 +1,53 @@
+name: build-api
+on:
+  push:
+    paths:
+      - "src/Components/API/**"
+      - ".github/workflows/build-api.yml"
+  workflow_dispatch:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    env:
+      REGION: us-central1
+      IMAGE_NAME: api
+      REPO_PATH: echonet
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up QEMU (multi-arch)
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Auth to GCP
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ secrets.GCP_WIF_PROVIDER }}
+          service_account: ${{ secrets.GCP_SA_EMAIL }}
+      - name: Configure Docker auth
+        run: gcloud auth configure-docker $REGION-docker.pkg.dev -q
+      - name: Configure Docker auth (staging AU registry)
+        run: gcloud auth configure-docker australia-southeast2-docker.pkg.dev -q
+      - name: Compute short SHA
+        id: vars
+        run: echo "sha_short=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
+      - name: Build & push (multi-arch)
+        uses: docker/build-push-action@v5
+        with:
+          context: src/Components/API
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ${{ env.REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.sha_short }}
+            ${{ env.REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:latest
+            australia-southeast2-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.sha_short }}
+            australia-southeast2-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:latest
+      - name: Trivy scan
+        uses: aquasecurity/trivy-action@v0.20.0
+        with:
+          image-ref: ${{ env.REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/$REPO_PATH/${{ env.IMAGE_NAME }}:latest
+          exit-code: '0'
+          severity: 'CRITICAL,HIGH'
diff --git a/.github/workflows/build-engine-model.yaml b/.github/workflows/build-engine-model.yaml
@@ -0,0 +1,49 @@
+name: build-engine-model
+on:
+  push:
+    paths:
+      - "src/Components/Engine/**"
+      - "src/Components/Engine/Dockerfile" 
+      - ".github/workflows/build-engine-model.yaml"
+  workflow_dispatch:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    env:
+      REGION: us-central1
+      REPO_PATH: echonet
+    steps:
+      - uses: actions/checkout@v4
+      - name: Auth to GCP
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ secrets.GCP_WIF_PROVIDER }}
+          service_account: ${{ secrets.GCP_SA_EMAIL }}
+      - name: Configure Docker auth
+        run: gcloud auth configure-docker $REGION-docker.pkg.dev -q
+      - name: Build & push engine
+        run: |
+          IMAGE_ENGINE="$REGION-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/$REPO_PATH/engine"
+          GIT_SHA=${GITHUB_SHA::7}
+          docker build -t $IMAGE_ENGINE:$GIT_SHA -t $IMAGE_ENGINE:latest src/Components/Engine
+          docker push $IMAGE_ENGINE:$GIT_SHA
+          docker push $IMAGE_ENGINE:latest
+      - name: Build & push model-server (if Dockerfile exists)
+        run: |
+          if [ -f src/Components/Engine/model-server.Dockerfile ]; then \
+            IMAGE_MODEL="$REGION-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/$REPO_PATH/model-server"; \
+            GIT_SHA=${GITHUB_SHA::7}; \
+            docker build -f src/Components/Engine/            "finalizers": ["kubernetes"]Dockerfile -t $IMAGE_MODEL:$GIT_SHA -t $IMAGE_MODEL:latest src/Components/Engine; \
+            docker push $IMAGE_MODEL:$GIT_SHA; \
+            docker push $IMAGE_MODEL:latest; \
+          else echo "No model-server.Dockerfile present"; fi
+      - name: Trivy scan engine
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          image-ref: ${{ env.REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/$REPO_PATH/engine:latest
+          exit-code: '0'
+          severity: 'CRITICAL,HIGH'
diff --git a/.github/workflows/build-hmi.yml b/.github/workflows/build-hmi.yml
@@ -0,0 +1,49 @@
+name: build-hmi
+on:
+  push:
+    paths:
+      - "src/Components/HMI/**"
+      - ".github/workflows/build-hmi.yml"
+  workflow_dispatch:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    env:
+      REGION: us-central1
+      REPO_PATH: echonet
+      IMAGE_NAME: hmi
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up QEMU (multi-arch)
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Auth to GCP
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ secrets.GCP_WIF_PROVIDER }}
+          service_account: ${{ secrets.GCP_SA_EMAIL }}
+      - name: Configure Docker auth (US registry)
+        run: gcloud auth configure-docker $REGION-docker.pkg.dev -q
+      - name: Configure Docker auth (AU registry)
+        run: gcloud auth configure-docker australia-southeast2-docker.pkg.dev -q
+      - name: Compute short SHA
+        id: vars
+        run: echo "sha_short=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
+      - name: Build & push HMI (multi-arch)
+        uses: docker/build-push-action@v5
+        with:
+          context: src/Components/HMI
+          file: src/Components/HMI/HMI.Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ${{ env.REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.sha_short }}
+            ${{ env.REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:latest
+            australia-southeast2-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.sha_short }}
+            australia-southeast2-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:latest
+
diff --git a/.github/workflows/build-mqtt.yml b/.github/workflows/build-mqtt.yml
@@ -0,0 +1,49 @@
+name: build-mqtt
+on:
+  push:
+    paths:
+      - "src/Components/MQTT-Server/**"
+      - ".github/workflows/build-mqtt.yml"
+  workflow_dispatch:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    env:
+      REGION: us-central1
+      REPO_PATH: echonet
+      IMAGE_NAME: mqtt
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up QEMU (multi-arch)
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Auth to GCP
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ secrets.GCP_WIF_PROVIDER }}
+          service_account: ${{ secrets.GCP_SA_EMAIL }}
+      - name: Configure Docker auth (US registry)
+        run: gcloud auth configure-docker $REGION-docker.pkg.dev -q
+      - name: Configure Docker auth (AU registry)
+        run: gcloud auth configure-docker australia-southeast2-docker.pkg.dev -q
+      - name: Compute short SHA
+        id: vars
+        run: echo "sha_short=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
+      - name: Build & push MQTT (multi-arch)
+        uses: docker/build-push-action@v5
+        with:
+          context: src/Components/MQTT-Server
+          file: src/Components/MQTT-Server/MQTT.Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ${{ env.REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.sha_short }}
+            ${{ env.REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:latest
+            australia-southeast2-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.sha_short }}
+            australia-southeast2-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:latest
+
diff --git a/.github/workflows/build-simulator.yml b/.github/workflows/build-simulator.yml
@@ -0,0 +1,49 @@
+name: build-simulator
+on:
+  push:
+    paths:
+      - "src/Components/Simulator/**"
+      - ".github/workflows/build-simulator.yml"
+  workflow_dispatch:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    env:
+      REGION: us-central1
+      REPO_PATH: echonet
+      IMAGE_NAME: simulator
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up QEMU (multi-arch)
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Auth to GCP
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ secrets.GCP_WIF_PROVIDER }}
+          service_account: ${{ secrets.GCP_SA_EMAIL }}
+      - name: Configure Docker auth (US registry)
+        run: gcloud auth configure-docker $REGION-docker.pkg.dev -q
+      - name: Configure Docker auth (AU registry)
+        run: gcloud auth configure-docker australia-southeast2-docker.pkg.dev -q
+      - name: Compute short SHA
+        id: vars
+        run: echo "sha_short=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
+      - name: Build & push Simulator (multi-arch)
+        uses: docker/build-push-action@v5
+        with:
+          context: src/Components/Simulator
+          file: src/Components/Simulator/Simulator.Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ${{ env.REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.sha_short }}
+            ${{ env.REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:latest
+            australia-southeast2-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.sha_short }}
+            australia-southeast2-docker.pkg.dev/${{ secrets.GCP_PROJECT }}/${{ env.REPO_PATH }}/${{ env.IMAGE_NAME }}:latest
+
diff --git a/.github/workflows/deploy-echonet.yaml b/.github/workflows/deploy-echonet.yaml
@@ -0,0 +1,95 @@
+name: deploy-echonet
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: "Target environment (staging|prod)"
+        required: true
+        default: "staging"
+      namespace:
+        description: "Kubernetes namespace"
+        required: false
+        default: "staging"
+  workflow_run:
+    workflows: ["build-api", "build-engine-model"]
+    types: ["completed"]
+
+jobs:
+  deploy:
+    if: |
+      github.event_name == 'workflow_dispatch' ||
+      (github.event.workflow_run.conclusion == 'success')
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    env:
+      REGION: us-central1
+      CLUSTER_NAME: echonet-gke
+      RELEASE: echonet
+      PROJECT_ID: ${{ secrets.GCP_PROJECT }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Auth to GCP
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ secrets.GCP_WIF_PROVIDER }}
+          service_account: ${{ secrets.GCP_SA_EMAIL }}
+
+      - name: Get GKE credentials
+        uses: google-github-actions/get-gke-credentials@v2
+        with:
+          cluster_name: ${{ env.CLUSTER_NAME }}
+          location: ${{ env.REGION }}
+
+      - name: Set ENV vars
+        id: setenv
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            ENV_INPUT='${{ github.event.inputs.environment }}'
+            NAMESPACE='${{ github.event.inputs.namespace }}'
+          else
+            # default to staging on build success auto-run
+            ENV_INPUT='staging'
+            NAMESPACE='staging'
+          fi
+          echo "env_sel=$ENV_INPUT" >> $GITHUB_OUTPUT
+          echo "ns=$NAMESPACE" >> $GITHUB_OUTPUT
+
+      - name: Select values file
+        id: values
+        run: |
+          if [ "${{ steps.setenv.outputs.env_sel }}" = "prod" ]; then
+            echo "file=deploy/helm/echonet/values-prod.yaml" >> $GITHUB_OUTPUT
+          else
+            echo "file=deploy/helm/echonet/values-staging.yaml" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Ensure namespace exists
+        run: |
+          kubectl get ns ${{ steps.setenv.outputs.ns }} 2>/dev/null || kubectl create ns ${{ steps.setenv.outputs.ns }}
+
+      - name: Install Helm
+        uses: azure/setup-helm@v4
+
+      - name: Helm upgrade
+        run: |
+          IMAGE_TAG=${GITHUB_SHA::7}
+          helm upgrade --install $RELEASE deploy/helm/echonet \
+            -n ${{ steps.setenv.outputs.ns }} \
+            -f ${{ steps.values.outputs.file }} \
+            --set image.tag=$IMAGE_TAG \
+            --set engine.tag=$IMAGE_TAG \
+            --set modelServer.tag=$IMAGE_TAG \
+            --wait --timeout 10m
+
+      - name: Show deployed images
+        run: |
+          kubectl -n ${{ steps.setenv.outputs.ns }} get deploy -o jsonpath='{range .items[*]}{.metadata.name}{" => "}{.spec.template.spec.containers[0].image}{"\n"}{end}'
+
+      - name: Post summary
+        run: |
+          echo "Deployment complete to namespace ${{ steps.setenv.outputs.ns }} using values: ${{ steps.values.outputs.file }}" >> $GITHUB_STEP_SUMMARY
diff --git a/.gitignore b/.gitignore
@@ -18,3 +18,15 @@ src/Components/HMI/ui/node_modules/*
 # Temporary files from Cloud Storage (added by ptanmay143)
 .tmp.driveupload
 *.mp3
+
+# Secret & credential files to ignore going forward
+*.secret.json
+**/echo_config.json
+**/db.config.js
+*.env.local
+secrets/
+**/init-mongo.js.backup
+**/mserver-env.yaml
+**/engine-env.yaml
+**/api-env.yaml
+**/hmi-env.yaml