feat: Scaleway Serverless Containers deployment setup

.env.example

@@ -40,19 +40,26 @@ MISTRAL_API_KEY=your-mistral-api-key-here
 
 # Albert API Keys (different environments)
 ALBERT_API_KEY=your-albert-api-key-here
-ALBERT_API_KEY_STAGING=your-albert-staging-key-here
 ALBERT_API_KEY_DEV=your-albert-dev-key-here
+ALBERT_API_KEY_STAGING=your-albert-staging-key-here
 
 # France Services API Key
-MFS_API_KEY_V2=your-mfs-api-key-here
 MFS_API_KEY=your-mfs-api-key-here
+MFS_API_KEY_V2=your-mfs-api-key-here
 
 # XAI API Key (Grok)
 XAI_API_KEY=your-xai-api-key-here
 
 # Cortex API Key
 CORTEX_API_KEY=your-cortex-api-key-here
 
+# Scaleway Credentials (for deployment)
+# dotenv-linter:off UnorderedKey
+SCW_ACCESS_KEY=your-access-key
+SCW_SECRET_KEY=your-secret-key
+SCW_DEFAULT_ORGANIZATION_ID=your-org-id
+SCW_DEFAULT_PROJECT_ID=your-project-id
+
 # =============================================================================
 # EvalAP API Configuration
 # =============================================================================

.github/workflows/build_and_deploy.yml

@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 
 env:
-  IMAGE_NAME: ghcr.io/${{ github.repository }}/evalap
+  IMAGE_NAME: rg.fr-par.scw.cloud/evalap/evalap
   IMAGE_TAG: ${{ github.sha }}
 
 jobs:
@@ -33,12 +33,12 @@ jobs:
       - id: get_head_commit_title
         run: echo "title=$(git log --format=%B -n 1 HEAD | head -n 1)" >> $GITHUB_OUTPUT
 
-      - name: Log in to GitHub Container Registry
+      - name: Log in to Scaleway Container Registry
         uses: docker/login-action@v3
         with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          registry: rg.fr-par.scw.cloud
+          username: nologin
+          password: ${{ secrets.SCW_SECRET_KEY }}
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -65,20 +65,41 @@ jobs:
     runs-on: ubuntu-latest
     needs: build-and-push
     steps:
-      - name: Trigger dev deployment
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Scaleway CLI
+        uses: scaleway/action-scw@v0
+        with:
+          save-config: true
+          export-config: true
+        env:
+          SCW_ACCESS_KEY: ${{ secrets.SCW_ACCESS_KEY }}
+          SCW_SECRET_KEY: ${{ secrets.SCW_SECRET_KEY }}
+          SCW_DEFAULT_ORGANIZATION_ID: ${{ secrets.SCW_DEFAULT_ORGANIZATION_ID }}
+          SCW_DEFAULT_PROJECT_ID: ${{ secrets.SCW_DEFAULT_PROJECT_ID }}
+          SCW_DEFAULT_REGION: fr-par
+          SCW_DEFAULT_ZONE: fr-par-1
+
+      - name: Deploy to Scaleway Container
         run: |
-          RESPONSE="$(curl --request POST \
-            --form token=${{ secrets.GITLAB_CI_TOKEN }} \
-            --form ref=main \
-            --form 'variables[pipeline_name]=${{ github.event.repository.name }} - ${{ needs.build-and-push.outputs.commit_title }}' \
-            --form 'variables[docker_image_tag]=${{ env.IMAGE_TAG }}' \
-            --form 'variables[application_to_deploy]=evalap' \
-            --form 'variables[deployment_environment]=dev' \
-            'https://gitlab.com/api/v4/projects/58117805/trigger/pipeline')"
-
-          if echo "$RESPONSE" | grep -q '"status":"created"'; then
-            echo $RESPONSE
-          else
-            echo $RESPONSE
+          CONTAINER_NAME="evalap"
+          FULL_IMAGE_NAME="${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}"
+
+          echo "Deploying $FULL_IMAGE_NAME to container $CONTAINER_NAME..."
+
+          # Find container ID
+          CONTAINER_ID=$(scw container container list region=fr-par name="$CONTAINER_NAME" -o json | jq -r '.[0].id')
+
+          if [ "$CONTAINER_ID" == "null" ] || [ -z "$CONTAINER_ID" ]; then
+            echo "Error: Container $CONTAINER_NAME not found."
             exit 1
           fi
+
+          echo "Found container ID: $CONTAINER_ID"
+
+          # Update container image and port
+          scw container container update region=fr-par "$CONTAINER_ID" registry-image="$FULL_IMAGE_NAME" port=8080
+
+          # Deploy
+          scw container container deploy region=fr-par "$CONTAINER_ID"

.github/workflows/pr_checks.yml

@@ -60,6 +60,9 @@ jobs:
           RUFF_OUTPUT_FORMAT: github
         run: uv run ruff check --config=pyproject.toml --select=F,Q,I
 
+      - name: Lint .env files
+        uses: dotenv-linter/action-dotenv-linter@v2
+
 #      - name: Check formatting
 #        run: uv run ruff format --check --diff --config=pyproject.toml
 

.pre-commit-config.yaml

@@ -43,3 +43,9 @@ repos:
       # Remove trailing whitespace
       - id: trailing-whitespace
         exclude: '^(\.claude/|\.cursor/|\.specify/|\.windsurf/)'
+
+  - repo: https://github.com/dotenv-linter/dotenv-linter
+    rev: v4.0.0
+    hooks:
+      - id: dotenv-linter
+        args: [check]

Caddyfile

@@ -0,0 +1,8 @@
+:8080 {
+    handle_path /api/* {
+        reverse_proxy localhost:8000
+    }
+    handle {
+        reverse_proxy localhost:3000
+    }
+}

Dockerfile

@@ -12,6 +12,14 @@ ENV UV_COMPILE_BYTECODE=1 \
     UV_LINK_MODE=copy \
     UV_PYTHON_CACHE_DIR=/root/.cache/uv/python
 
+# Install Caddy
+RUN apt-get update && apt-get install -y debian-keyring debian-archive-keyring apt-transport-https curl gnupg \
+    && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg \
+    && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list \
+    && apt-get update \
+    && apt-get install -y caddy \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+
 # Install Python 3.12 using uv (fast!)
 RUN --mount=type=cache,target=/root/.cache/uv \
     uv python install 3.12
@@ -47,6 +55,7 @@ COPY ./docs /app/docs
 COPY ./evalap /app/evalap
 COPY ./scripts /app/scripts
 COPY supervisord.conf /app/supervisord.conf
+COPY Caddyfile /app/Caddyfile
 
 # Copy built Docusaurus site
 COPY --from=docs-builder /app/docs/build /app/docs/build
@@ -63,3 +72,5 @@ RUN --mount=type=cache,target=/root/.cache/uv \
 ENV PATH="/app/.venv/bin:$PATH"
 
 WORKDIR /app
+
+EXPOSE 8080

compose.yml

@@ -35,8 +35,7 @@ services:
       - MISTRAL_API_KEY=${MISTRAL_API_KEY}
       - ALBERT_API_KEY=${ALBERT_API_KEY}
     ports:
-      - "8000:8000"
-      - "3000:3000"
+      - "80:8080"
     volumes:
       - evalap_data:/data
       - huggingface_cache:/root/.cache/huggingface

justfile

@@ -202,3 +202,7 @@ sync:
 # Test a PR: list open PRs, select one, checkout its branch, migrate, and run
 pray:
   scripts/pray.sh
+
+# Build production image and deploy to Scaleway (requires scw and docker)
+deploy-scaleway:
+  scripts/deploy_to_scaleway.sh

scripts/deploy_to_scaleway.sh

@@ -0,0 +1,75 @@
+#!/bin/bash
+set -e
+
+# Configuration
+CONTAINER_NAME="evalap"
+REGION="fr-par"
+
+# Get Scaleway Registry endpoint
+echo "🔍 Fetching Scaleway Registry endpoint for namespace 'evalap'..."
+REGISTRY_ENDPOINT=$(scw registry namespace list region=$REGION -o json | jq -r '.[] | select(.name == "evalap") | .endpoint')
+
+if [ -z "$REGISTRY_ENDPOINT" ]; then
+    echo "❌ Error: Scaleway Registry namespace 'evalap' not found in region $REGION."
+    echo "Current namespaces:"
+    scw registry namespace list region=$REGION
+    exit 1
+fi
+
+IMAGE_NAME="${REGISTRY_ENDPOINT}/${CONTAINER_NAME}"
+IMAGE_TAG=$(git rev-parse --short HEAD)
+
+# Check dependencies
+if ! command -v scw &> /dev/null; then
+    echo "Error: scw CLI is not installed."
+    exit 1
+fi
+
+if ! command -v docker &> /dev/null; then
+    echo "Error: docker is not installed."
+    exit 1
+fi
+
+if ! command -v jq &> /dev/null; then
+    echo "Error: jq is not installed."
+    exit 1
+fi
+
+echo "🚀 Starting deployment of $CONTAINER_NAME to Scaleway ($REGION)"
+
+# 1. Build the production image
+echo "📦 Building production Docker image..."
+docker build --platform linux/amd64 -t "${IMAGE_NAME}:${IMAGE_TAG}" .
+
+# 2. Login to Scaleway Registry
+echo "🔐 Logging in to Scaleway Registry..."
+scw registry login
+
+# 3. Push to Registry
+echo "⬆️ Pushing image to $IMAGE_NAME:$IMAGE_TAG..."
+docker push "${IMAGE_NAME}:${IMAGE_TAG}"
+
+# 4. Find Scaleway Container ID
+echo "🔍 Searching for container named '$CONTAINER_NAME'..."
+CONTAINER_ID=$(scw container container list region=$REGION name=$CONTAINER_NAME -o json | jq -r '.[0].id')
+
+if [ "$CONTAINER_ID" == "null" ] || [ -z "$CONTAINER_ID" ]; then
+    echo "❌ Error: Container '$CONTAINER_NAME' not found in region $REGION."
+    echo "Please create the container first in the Scaleway Console or via Terraform."
+    exit 1
+fi
+
+echo "✅ Found container ID: $CONTAINER_ID"
+
+# 5. Update and Deploy
+echo "🔄 Updating container with new image..."
+scw container container update "$CONTAINER_ID" \
+    region=$REGION \
+    registry-image="${IMAGE_NAME}:${IMAGE_TAG}" \
+    port=8080
+
+echo "🚀 Triggering deployment..."
+scw container container deploy "$CONTAINER_ID" region=$REGION
+
+echo "✨ Deployment triggered successfully!"
+echo "Check the status at: https://console.scaleway.com/containers/containers/$REGION/$CONTAINER_ID"

supervisord.conf

@@ -34,3 +34,13 @@ stderr_logfile=/dev/stderr
 stdout_logfile_maxbytes = 0
 stderr_logfile_maxbytes = 0
 priority=999
+[program:caddy]
+command=caddy run --config /app/Caddyfile --adapter caddyfile
+directory=/app
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stderr_logfile=/dev/stderr
+stdout_logfile_maxbytes = 0
+stderr_logfile_maxbytes = 0
+priority=1