feat: Scaleway Serverless Containers deployment setup

[kaaloo]

Description

This PR replaces the GitLab deployment trigger with a direct Scaleway Serverless Containers deployment mechanism.

Key Changes:

• GitHub Workflow: Updated build_and_deploy.yml to use scaleway/action-scw and the Scaleway CLI for direct deployment.
• Caddy Proxy: Added Caddy as a front-facing proxy (listening on port 8080) to route traffic between the FastAPI backend (8000) and Docusaurus docs (3000).
• Docker Image: Updated Dockerfile to install Caddy and include the new proxy configuration.
• Local Deployment Script: Added scripts/deploy_to_scaleway.sh (reachable via just deploy-scaleway) for manual building and deployment from a local machine.
• Environment: Updated .env.example with the required Scaleway credentials.

Deployment Instructions:

1. Ensure the following secrets are set in GitHub:
   • SCW_ACCESS_KEY
   • SCW_SECRET_KEY
   • SCW_DEFAULT_ORGANIZATION_ID
   • SCW_DEFAULT_PROJECT_ID
2. For local deployment, add these to your .env file.
3. Ensure the evalap container is created in Scaleway (region fr-par).
4. Custom domain evalap.etalab.gouv.fr should be configured in Scaleway for TLS termination.

Summary by CodeRabbit

• Infrastructure & Deployment

  • Deployment migrated to Scaleway with an automated in-repo build-and-deploy flow, plus a convenience deploy command/recipe and helper script.

• Runtime & Routing

  • App now served via a reverse proxy on port 8080, consolidating API and web traffic and exposing service on host port 80.
  • Supervisor configured to run the proxy alongside existing services.

• Configuration & CI

  • Environment example now includes Scaleway credentials.
  • CI and pre-commit now lint .env files.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@kaaloo has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 8 minutes and 47 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

Adds Scaleway deployment support and a Caddy reverse proxy: new Scaleway env vars and lint directive, CI/CD switched to in-repo Scaleway deployment, a deploy script and justfile target, Caddy installed and configured in image and supervisord, and compose/port mapping adjusted.

Changes

Cohort / File(s)	Summary
Env example ./.env.example	Added Scaleway credentials: SCW_ACCESS_KEY, SCW_SECRET_KEY, SCW_DEFAULT_ORGANIZATION_ID, SCW_DEFAULT_PROJECT_ID; included dotenv-linter directive to ignore UnorderedKey for the SCW block and reordered a few existing keys.
CI/CD & deploy tooling ./.github/workflows/build_and_deploy.yml, ./justfile, ./scripts/deploy_to_scaleway.sh	Replaced GitLab-triggered deploy with in-repo Scaleway deployment: CI builds/pushes image to Scaleway registry, logs in via scw CLI, finds container, updates image/port and triggers deploy; added deploy-scaleway just target and deploy script with dependency checks and error handling.
Reverse proxy & compose ./Caddyfile, ./compose.yml	Added Caddy configuration routing /api/* → localhost:8000 and others → localhost:3000; compose port mapping changed to host 80:8080 (container listens on 8080).
Image & process management ./Dockerfile, ./supervisord.conf	Installed Caddy in image, copied Caddyfile into image, exposed port 8080; added supervisord program for Caddy (autostart/autorestart, logs to stdout/stderr, priority).
Pre-commit / CI checks ./.github/workflows/pr_checks.yml, ./.pre-commit-config.yaml	Added dotenv-linter pre-commit hook and a GitHub Action step to lint .env files (new action added; .env.example contains an inline UnorderedKey ignore comment).

Sequence Diagram(s)

sequenceDiagram
    actor Dev as Developer
    participant GH as GitHub Actions
    participant DockerReg as Scaleway Registry
    participant SCW as Scaleway API (scw CLI)
    participant Container as Scaleway Container

    Dev->>GH: push commit / trigger workflow
    GH->>DockerReg: docker build && docker push (image:repo:tag)
    GH->>SCW: scw login (use SCW_* env vars)
    GH->>SCW: find container by name
    alt container found
        GH->>SCW: update container image & port
        GH->>SCW: trigger container deployment
        SCW->>Container: deploy new image
        Container-->>GH: deployment status / URL
    else not found
        SCW-->>GH: error: container not found
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: add conditional deployment based on DEPLOYMENT_ENABLED variable #347: Modifies the same .github/workflows/build_and_deploy.yml deploy job (adds a conditional gate for the deploy job).

Poem

🐰 I hopped through code and nudged a key,
I taught the Caddy how to route with glee,
Pushed images up where Scaleway beams,
Containers wake and stretch their seams,
I thumped a drum, then munched a carrot. 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly and concisely summarizes the main objective: introducing Scaleway Serverless Containers deployment setup as a primary change across multiple files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

🤖 Fix all issues with AI agents

In @.env.example:
- Around line 56-60: The .env.example SCW entries are out of alphabetical order
and trigger dotenv-linter; reorder the SCW_* variables to alphabetical order
(SCW_ACCESS_KEY, SCW_DEFAULT_ORGANIZATION_ID, SCW_DEFAULT_PROJECT_ID,
SCW_SECRET_KEY) in the file and keep the placeholder values intact so linting
passes; update the block containing SCW_ACCESS_KEY, SCW_SECRET_KEY,
SCW_DEFAULT_ORGANIZATION_ID, SCW_DEFAULT_PROJECT_ID accordingly.

In @.github/workflows/build_and_deploy.yml:
- Around line 92-102: The scw commands use unquoted variable expansions which
can cause word-splitting/globbing; update the invocations that reference
CONTAINER_NAME, CONTAINER_ID and FULL_IMAGE_NAME (the scw container container
list and scw container container update calls) to wrap those variables in double
quotes (e.g., "$CONTAINER_NAME", "$CONTAINER_ID", "$FULL_IMAGE_NAME") so values
with spaces or special chars are handled safely and reliably.

In `@Dockerfile`:
- Around line 15-21: The Dockerfile's Caddy install RUN step fails because the
image lacks gpg; update the apt-get install list in the RUN block that runs
"apt-get update && apt-get install -y debian-keyring debian-archive-keyring
apt-transport-https curl ..." to also install gnupg (so the "gpg --dearmor -o
/usr/share/keyrings/caddy-stable-archive-keyring.gpg" command succeeds), keep
the rest of the chained commands the same, and ensure apt-get clean && rm -rf
/var/lib/apt/lists/* remains at the end.

In `@scripts/deploy_to_scaleway.sh`:
- Around line 12-21: Add a dependency check for the jq binary similar to the
existing checks for scw and docker: detect jq with "command -v jq &> /dev/null",
print a clear error like "Error: jq is not installed." and exit with non-zero
status if missing; update the same dependency-check block (the shell snippet
that currently checks scw and docker) to include this jq check so later uses of
jq fail early with a helpful message.
- Around line 7-10: The REPO_NAME extraction can produce an empty or invalid
value leading to a broken IMAGE_NAME; update the script to validate and fall
back when REPO_NAME is empty or doesn't match expected pattern: detect if
REPO_NAME (the variable created by the git/sed pipeline) is empty or contains
invalid characters, and if so set REPO_NAME to a safe default (e.g.,
"unknown-repo" or derive from git basename of remote URL) before constructing
IMAGE_NAME and IMAGE_TAG; ensure IMAGE_NAME="ghcr.io/${REPO_NAME}/evalap" only
happens after this validation and use IMAGE_TAG (git rev-parse --short HEAD)
unchanged.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/pr_checks.yml:
- Around line 63-66: The workflow step named "Lint .env files" currently uses
dotenv-linter/action-dotenv-linter@v2; update that to
dotenv-linter/action-dotenv-linter@v4.0.0 to align with the pre-commit hook
(dotenv-linter@v4.0.0) and keep the existing with: dotenv_linter_flags: --skip
UnorderedKey unchanged so CI and local linting behavior match.