New Configuration into CI/CD Pipeline for Automated Deployment of LibreChat with JWT Support

[AliSMAmin]

Discovery:

With the recent updates to LibreChat to include JWT authentication, the CI/CD pipeline needs to be updated to automate the deployment of the new version to ECS. This includes ensuring that the ECS task definition is properly updated with the JWT-related environment variables and that the deployment process handles secure secrets management through AWS Secrets Manager or SSM Parameter Store. Automating this ensures smooth, repeatable deployments without manual intervention.

Problem Definition:

The current CI/CD pipeline for LibreChat does not account for the newly added JWT environment variables or secure secrets management. To support automated deployment of the new version with JWT authentication, the CI/CD pipeline must be updated to include these configurations and properly trigger the ECS deployment with the updated task definition.

Motivations:

By updating the CI/CD pipeline, we can:

• Ensure the deployment of the updated LibreChat version with JWT authentication is fully automated and secure.
• Prevent manual errors during deployment by automating the configuration of environment variables and secret keys.
• Maintain a consistent deployment process across development, staging, and production environments.

Proposed Solution:

1. Update the CI/CD Pipeline to Include Environment Variables:

   • Modify the CI/CD pipeline configuration (e.g., GitHub Actions, Jenkins, CircleCI) to inject the required JWT environment variables (JWT_SECRET_KEY, JWT_EXPIRATION) during deployment.
   • Ensure that sensitive data such as JWT_SECRET_KEY is pulled securely from AWS Secrets Manager or SSM Parameter Store and injected into the ECS task definition at runtime.

2. Automate ECS Task Definition Updates:

   • Ensure the CI/CD pipeline updates the ECS task definition with the new environment variables for JWT authentication during deployment.
   • Use AWS CLI or SDK to automate the update of the ECS task definition and trigger the ECS service update to deploy the new task definition.

3. Automate Secrets Management:

   • Integrate the CI/CD pipeline with AWS Secrets Manager or SSM Parameter Store to securely pass sensitive information like JWT_SECRET_KEY to ECS tasks.
   • Ensure that the pipeline can fetch the latest secret values and update the task definition without hardcoding sensitive information into the pipeline configuration.

4. Test and Validate Deployment:

   • Implement automated tests in the pipeline to validate that the updated ECS task definition with JWT environment variables deploys correctly.
   • Ensure that the deployment is successfully triggered after each commit, with the updated version of LibreChat running on ECS.
   • Test JWT authentication in the deployed environment to confirm that tokens are validated correctly, and users can authenticate as expected.

5. Monitor Deployment and Rollback:

   • Integrate deployment monitoring with AWS CloudWatch or other tools to track deployment status and any potential issues.
   • Ensure that the pipeline includes rollback mechanisms to revert to a previous version in case of failures during deployment.

Definition of Done:

• [ ] The CI/CD pipeline is updated to automatically inject JWT-related environment variables (JWT_SECRET_KEY, JWT_EXPIRATION) during the deployment process.
• [ ] The ECS task definition is updated as part of the CI/CD process to reflect the new JWT configuration.
• [ ] Sensitive data is securely managed through AWS Secrets Manager or SSM Parameter Store, and no sensitive information is hardcoded into the CI/CD pipeline.
• [ ] The deployment process is automated, triggering ECS service updates after each commit with the updated LibreChat version.
• [ ] Automated tests validate that the deployment works as expected and JWT authentication functions correctly in the deployed environment.
• [ ] Monitoring and rollback mechanisms are in place to ensure safe deployment and allow for quick recovery in case of issues.

Additional Information:

• Secrets Management: Ensure that the JWT_SECRET_KEY is securely retrieved from AWS Secrets Manager or SSM Parameter Store during deployment and injected into the ECS task definition via the CI/CD pipeline.
• Testing: Automate testing of JWT authentication as part of the pipeline to ensure correct functionality after each deployment.
• Logging and Monitoring: Enable logging of deployment events and monitor the deployment process for any issues or failures.

[tomasvalererealms]

time 5

started modifying the librechat existing .github deployment scripts to adapt to our use case

[tomasvalererealms]

time 4 the github actions deployment script has been modified to accomodate an error to setup AWS credentials. Now it works correctly to compile the app, generate the image, pull it into the ECS cluster and to containerize it