fix(devops): render.yaml deployment config is stale/non-functional#655
Open
Srejoye wants to merge 1 commit into
Open
fix(devops): render.yaml deployment config is stale/non-functional#655Srejoye wants to merge 1 commit into
Srejoye wants to merge 1 commit into
Conversation
render.yaml was a leftover Mongo-based template never updated for this repo's FastAPI/Postgres/Celery stack: - startCommand pointed at app:app, which doesn't exist; the real ASGI app is app.main:app (per Dockerfile CMD), and needs gunicorn's uvicorn worker class to serve it. - buildCommand installed from a root requirements.txt that doesn't exist; deps live at backend/requirements.txt. - envVars listed MONGO_URI (unreferenced anywhere in config.py) and ENCRYPTION_KEY (the real var is FIELD_ENCRYPTION_KEY), while omitting DATABASE_URL, CELERY_BROKER_URL/CELERY_RESULT_BACKEND, JWT_ALGORITHM, CHROMA_PERSIST_DIR, UPLOAD_DIR, and GRAPH_PERSIST_DIR. - PYTHON_VERSION (3.10.12) didn't match the Dockerfile's pinned python:3.11-slim base. Also add a CI smoke-test job that parses render.yaml, runs its buildCommand/startCommand verbatim, and curls /api/health, so future deploy-config drift fails CI instead of failing silently on Render.
param20h
approved these changes
Jun 22, 2026
Owner
|
fix issues |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #636
Problem
render.yamlwas a leftover/copy-pasted template from a different (Mongo-based) project, never updated to match this repo's actual FastAPI/Postgres/Celery architecture:startCommand: gunicorn app:app ...— noapp.py/app:appimport target exists anywhere in the repo. The real FastAPI instance isapp.main:app(confirmed byDockerfileline 84).buildCommand: pip install -r requirements.txt— runs from repo root, but the onlyrequirements.txtlives atbackend/requirements.txt.envVarsincludedMONGO_URI, unreferenced anywhere inbackend/app/config.py(the app usesDATABASE_URLfor SQLAlchemy/Postgres), andENCRYPTION_KEY, which doesn't match the realFIELD_ENCRYPTION_KEYsetting.DATABASE_URL,CELERY_BROKER_URL/CELERY_RESULT_BACKEND,JWT_ALGORITHM,CHROMA_PERSIST_DIR,UPLOAD_DIR,GRAPH_PERSIST_DIR) were absent.A deploy from this file as-is would fail at build (missing
requirements.txt) or, if worked around, fail at boot (gunicorn unable to locateapp:app).Fix
buildCommandnow installs frombackend/requirements.txt.startCommandnow runscd backend && gunicorn app.main:app --bind 0.0.0.0:$PORT --workers 2 -k uvicorn.workers.UvicornWorker— correct entrypoint, correct working directory (Render'sruntime: pythonbuilds/runs from repo root, sobackend/needs to become cwd forapp.mainto resolve), and the uvicorn worker class gunicorn needs to serve an ASGI app.MONGO_URI/ENCRYPTION_KEYwith the actual vars referenced inSettings(config.py):DATABASE_URL,CELERY_BROKER_URL,CELERY_RESULT_BACKEND,JWT_ALGORITHM,CHROMA_PERSIST_DIR,UPLOAD_DIR,GRAPH_PERSIST_DIR, plusFIELD_ENCRYPTION_KEY(auto-generated, same asSECRET_KEY) andENVIRONMENT=productionsovalidate_production()actually enforces the secrets it's meant to.PYTHON_VERSIONfrom the stale3.10.12to3.11.9, matching the Dockerfile's pinnedpython:3.11-slimbase.rootDir: backendinstead, but that would breakbuildCommand's reference tobackend/requirements.txtbecomingbackend/backend/requirements.txt; explicitbackend/-relative paths plus acd backendinstartCommandis more correct than aliasing the whole service root.CI safeguard
Since this is a config file, no unit test applies. Added a new
render-config-smoke-testjob to.github/workflows/ci.ymlthat:render.yamldirectly (not a copy/re-derivation of the commands).buildCommandverbatim.startCommandverbatim and polls/api/healthfor up to 30s.This makes deploy-config drift like this fail CI on every PR, instead of failing silently only on an actual Render deploy.
GSSoC'26