This folder contains all CI/automation scripts and workflows for GitHub Actions.
Workflows are configured to run automated tasks using GitHub Actions. For complex operations, we use dedicated scripts (in .github/scripts/) that are invoked from the workflow files.
- backup-dbs.yaml - Automated database backups for MongoDB and Qdrant (backups are being uploaded to internal gitlab and have no retention at the moment)
- verify-agent-deps.yaml - Dependency verification for agents
- GitHub must be able to access the target cluster OR you must have a self-hosted runner that can access both GitHub and the cluster (see Creating a Runner below)
- GitHub Environments must be configured with the appropriate variables and secrets for each cluster (e.g.,
PRE-PRODUCTION,PRODUCTION)
- Since every deployment is a bit different. the existing workflows won't necessarily work out of the box for deployment different from the one currently in use. Users wanting to deploy UnifAI in their own clusters should be aware of the infra and networking to either fit the workflow to their needs or create a new workflow that fits it.
- When using runners, the
runs-onfield refers to labels, not runner names. Ensure matching labels exist before running workflows. - Environment-specific variables (like
QDRANT_URL,MONGO_URI,API_URL) must be configured in GitHub repository settings under Environments.
The workflows use GitHub Environments to manage cluster-specific configurations:
- Go to Settings → Environments in your repository
- Create environments matching your cluster names (e.g.,
PRE-PRODUCTION,PRODUCTION) - Add environment-specific variables:
API_URL- Kubernetes API server URLMONGO_URI- MongoDB connection stringQDRANT_URL- Qdrant cluster URL
- Add environment-specific secrets:
ACCESS_TOKEN- Kubernetes access token- Other sensitive credentials as needed
MongoDB backups are performed using mongodump, which is straightforward:
mongodump --uri="mongodb://localhost:27017" --out="/tmp/backup"Parameters:
--uri- Connection string to the MongoDB instance to backup--out- Target directory for the backup (creates a new folder)--db(optional) - Specific database name (default: all databases)
Qdrant backups require creating snapshots via the API or UI. The workflow uses a Python script (.github/scripts/qdrant_backup.py) to:
- Connect to the Qdrant cluster
- Create snapshots for all collections
- Download the snapshots locally
- Upload them to the backup repository
For more details, see the Qdrant documentation.
- The workflow must have the
workflow_dispatchtrigger enabled - GitHub CLI must be installed and authenticated
- The workflow file must exist in the
mainbranch (workflows in feature branches cannot be manually triggered)
gh workflow run backup-dbs.yaml \
-f target_cluster=PRE-PRODUCTION \
-f target_branch=GENIE-1071/backup_dbs \
-f target_namespace=tag-ai--pipelineParameters:
-f target_cluster- The cluster environment to backup (must match a configured GitHub Environment)-f target_branch- The branch to checkout for the workflow-f target_namespace- The Kubernetes namespace to backup
To create a new self-hosted runner:
- Go to your repository's Settings tab
- In the left sidebar, select Actions → Runners
- Click New self-hosted runner
- Follow the setup instructions (the authentication tokens are unique to your repository)
For more details, see the GitHub documentation on self-hosted runners.
Since the GitHub runners can't reach gitlab we ha to use a VM running on CNV. To make gitlab "accessible" to this runner, we need to set a deploy token at the target repo (go to repository > deploy keys and set the VM public key as the deploy key). This allows the VM perform actions on the target repo without needing to specify credentials.
In the case if the Unifai team the lab structure is a bit "special" the code resides in a public GitHub repo whereas all the deployment resources reside inside the company intra-net. to overcome this we have a self-hosted runner with access to both domains so the code is downloaded from github (for example in order to run a workflow) and then all actions are being run against the intra resources.