Skip to content

Graviton Infrastructure for GitHub Copilot Extensions Learning Path #1614

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Feb 20, 2025
Merged

Graviton Infrastructure for GitHub Copilot Extensions Learning Path #1614

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
5e057cd
initial files for copilot deployment lp
JoeStech Feb 8, 2025
f2fba68
change page stubs
JoeStech Feb 9, 2025
1754f58
add instructions to install AWS services via CDK
JoeStech Feb 9, 2025
3f54444
deployment piece
JoeStech Feb 11, 2025
cd3177c
new files
JoeStech Feb 11, 2025
9a91064
config changes
JoeStech Feb 14, 2025
8d1280e
merge in main
JoeStech Feb 14, 2025
ed69e5e
resolve merge conflict
JoeStech Feb 14, 2025
f25c31e
address PR comments
JoeStech Feb 20, 2025
892cfef
merge in main
JoeStech Feb 20, 2025
68d7872
change time to read to 30
JoeStech Feb 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion assets/contributors.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ Albin Bernhardsson,,,,,
Przemyslaw Wirkus,,,,,
Zach Lasiuk,,,,,
Daniel Nguyen,,,,,
Joe Stech,Arm,,,,
Joe Stech,Arm,JoeStech,joestech,,
visualSilicon,,,,,
Konstantinos Margaritis,VectorCamp,,,,
Kieran Hejmadi,,,,,
Expand Down
47 changes: 47 additions & 0 deletions .../servers-and-cloud-computing/copilot-extension-deployment/1-cdk-installation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
---
title: CDK installation
weight: 2

### FIXED, DO NOT MODIFY
layout: learningpathall
---

## What is AWS CDK?

AWS CDK is an AWS-native Infrastructure as Code tool that allows cloud engineers to write IaC templates in many different languages. Regardless of the language used, all CDK code eventually transpiles to TypeScript, and the TypeScript generates CloudFormation templates, which then deploy the specified resources.

This Learning Path will use the Python flavor of AWS CDK, because the Copilot Extension that will be deployed is also written in Python. Writing both IaC and application code in the same language is helpful for certain teams, especially those without dedicated platform engineers.

## How do I install AWS CDK?

To install the required packages, you will need npm and Python installed. Next, run

```bash
npm install -g aws-cdk
```

To verify that the installation was successful, run

```bash
cdk --version
```

You should see a version number returned, signifying success.

After the CDK CLI is installed, you can use it to create a new Python CDK environment:

```bash
mkdir copilot-extension-deployment
cd copilot-extension-deployment
cdk init app --language python
```

This will set up convenient file stubs, as well as create a `requirements.txt` file with the Python CDK libraries required. The `init` command uses the name of the project folder to name various elements of the project. Hyphens in the folder name are converted to underscores. Install the packages in the `requirements.txt`:

```bash
source .venv/bin/activate
pip install -r requirements.txt
```

Now you are ready to specify the AWS services needed for your GitHub Copilot Extension.

243 changes: 243 additions & 0 deletions ...aths/servers-and-cloud-computing/copilot-extension-deployment/2-cdk-services.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,243 @@
---
title: Deploying AWS services
weight: 3

### FIXED, DO NOT MODIFY
layout: learningpathall
---
## What AWS services do I need?

In [the first GitHub Copilot Extension Learning Path](learning-paths/servers-and-cloud-computing/gh-copilot-simple) you ran a GitHub Copilot Extension from a single Linux computer, with the public URL being provided by an ngrok tunnel to your localhost.

In an actual production environment, you'll want:

* A domain that you own with DNS settings that you control (you can get this through AWS Route 53)
* A load balancer (AWS ALB)
* An auto-scaling cluster (AWS ASG) in a private virtual cloud subnet (AWS VPC) that you can adjust the size of based on load

In order to use your custom domain with your ALB, you'll also need a custom TLS certificate in order to allow the ALB to do TLS termination before the ALB forwards the packets to your ASG instances.

The following sections will walk you through setting up all these required services in AWS CDK.

## Imports

You will have an auto-generated folder called `copilot_extension_deployment` within the `copilot-extension-deployment` that you previously created. It will contain a file called `copilot_extension_deployment_stack.py`. Open this file, and add the following import lines:

```python
from aws_cdk import (
Stack,
aws_ec2 as ec2,
aws_elasticloadbalancingv2 as elbv2,
aws_autoscaling as autoscaling,
aws_iam as iam,
CfnOutput,
aws_certificatemanager as acm,
aws_route53 as route53,
aws_route53_targets as targets
)
```

Then, within the generated class (`class CopilotExtensionDeploymentStack(Stack):`) in the same file, add all the AWS services needed for your Extension deployment as described in the following sections.

## Virtual Private Cloud (VPC)

The code below will create a VPC with a public and private subnet. These subnets have a CIDR mask of 24, which means you'll get 256 total IPs in each subnet. If you need more than this, adjust accordingly.

```python
vpc = ec2.Vpc(self, "FlaskStackVPC",
max_azs=2,
subnet_configuration=[
ec2.SubnetConfiguration(
name="Private",
subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS,
cidr_mask=24
),
ec2.SubnetConfiguration(
name="Public",
subnet_type=ec2.SubnetType.PUBLIC,
cidr_mask=24
)
]
)
```

You'll also need a security group for the EC2 instances:

```python
security_group = ec2.SecurityGroup(self, "EC2SecurityGroup",
vpc=vpc,
allow_all_outbound=True,
description="Security group for EC2 instances"
)
```

## EC2

Once you have your VPC templates set up, you can use them in your EC2 templates.

First, create a User Data script for all the EC2 templates that will launch in your auto-scaling group. This will install an SSM agent and the AWS CLI, for later convenience:

```python
user_data = ec2.UserData.for_linux()
user_data.add_commands(
"apt-get update",
# Install SSM agent
"sudo snap install amazon-ssm-agent --classic",
"sudo systemctl enable snap.amazon-ssm-agent.amazon-ssm-agent.service",
"sudo systemctl start snap.amazon-ssm-agent.amazon-ssm-agent.service",
# Install AWS CLI v2
"apt install unzip",
'curl "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o "awscliv2.zip"',
"unzip awscliv2.zip",
"sudo ./aws/install",
# add any additional commands that you'd like to run on instance launch here
)
```

After the launch template, you'll want to get the latest Ubuntu 24.04 Arm AMI:

```python
ubuntu_arm_ami = ec2.MachineImage.lookup(
name="ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-server-*",
owners=["099720109477"], # Canonical's AWS account ID
filters={"architecture": ["arm64"]}
)
```

Next create an IAM role that will allow your EC2 instances to use the SSM agent, write logs to CloudWatch, and access AWS S3:

```Python
ec2_role_name = "Proj-Flask-LLM-ALB-EC2-Role"
ec2_role = iam.Role(self, "EC2Role",
assumed_by=iam.ServicePrincipal("ec2.amazonaws.com"),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name("AmazonSSMManagedInstanceCore"),
iam.ManagedPolicy.from_aws_managed_policy_name("CloudWatchAgentServerPolicy"),
iam.ManagedPolicy.from_aws_managed_policy_name("CloudWatchLogsFullAccess"),
iam.ManagedPolicy.from_aws_managed_policy_name("AmazonS3FullAccess")
],
role_name=ec2_role_name,
)
```

Now pull all these elements together in the launch template that the ASG will use:

```Python
launch_template = ec2.LaunchTemplate(self, "LaunchTemplate",
instance_type=ec2.InstanceType("c8g.xlarge"),
machine_image=ubuntu_arm_ami,
user_data=user_data,
security_group=security_group,
role=ec2_role,
detailed_monitoring=True,
block_devices=[
ec2.BlockDevice(
device_name="/dev/sda1",
volume=ec2.BlockDeviceVolume.ebs(
volume_size=50,
volume_type=ec2.EbsDeviceVolumeType.GP3,
delete_on_termination=True
)
)
]
)
```

Finally, create the ASG, specifying the launch template you just created as the launch template for the EC2 instances within the ASG:

```Python
asg = autoscaling.AutoScalingGroup(self, "ASG",
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS),
launch_template=launch_template,
min_capacity=1,
max_capacity=1,
desired_capacity=1
)
```

As you can see, you'll want the instances inside your private subnet for security, and you only need one instance to begin with. You can scale manually later on, or create an autoscaling function, depending on your needs.

## Application Load Balancer (ALB)

First, create an ALB using the VPC resources you previously specified, within the PUBLIC subnet:

```Python
alb = elbv2.ApplicationLoadBalancer(self, "ALB",
vpc=vpc,
internet_facing=True,
vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC)
)
```

Next add a custom certificate. You'll need to generate this certificate beforehand. If you want to do this from the AWS console, see [Getting Started with AWS Certificate Manager](https://aws.amazon.com/certificate-manager/getting-started/).

Replace `ACM_CERTIFICATE_ARN` with the ARN of your newly created certificate:

```Python
certificate = acm.Certificate.from_certificate_arn(
self,
"Certificate",
os.environ["ACM_CERTIFICATE_ARN"]
)
```

Next configure a listener for the ALB that uses the certificate and adds the ASG as a target, listening on port 8080 (this is where you'll serve your Flask app):

```Python
# Add a listener to the ALB with HTTPS
listener = alb.add_listener("HttpsListener",
port=443,
certificates=[certificate],
ssl_policy=elbv2.SslPolicy.RECOMMENDED)

# Add the ASG as a target to the ALB listener
listener.add_targets("ASGTarget",
port=8080,
targets=[asg],
protocol=elbv2.ApplicationProtocol.HTTP,
health_check=elbv2.HealthCheck(
path="/health",
healthy_http_codes="200-299"
))
```

## Custom domain setup in Route 53

The final step in setting up your AWS services is to add an ALB-linked A record to the hosted zone for your domain. This makes sure that when GitHub invokes your API, the DNS is pointed to the IP of your ALB. You will need to replace `HOSTED_ZONE_DOMAIN_NAME` with your hosted zone domain, and replace `SUBDOMAIN_NAME` with the subdomain that maps to the ACM certificate that you generated and used in your ALB.

```Python
hosted_zone = route53.HostedZone.from_lookup(self, "HostedZone",
domain_name=os.environ["HOSTED_ZONE_DOMAIN_NAME"],
)

# Create an A record for the subdomain
route53.ARecord(self, "ALBDnsRecord",
zone=hosted_zone,
record_name=os.environ["SUBDOMAIN_NAME"],
target=route53.RecordTarget.from_alias(targets.LoadBalancerTarget(alb))
)
```

## How do I deploy?

Once you have added all of the sections above to your `copilot_extension_deployment_stack.py` file, you can deploy your services to AWS. You must first ensure that your CDK environment in AWS is 'bootstrapped', which means that the AWS CDK has created all the resources it needs to use when deploying (IAM roles, an ECR repo for images, and buckets for artifacts). The bootstrap process is a one-time deal, and can generally be done by running:

```bash
cdk bootstrap aws://123456789012/us-east-1
```

Replace the AWS account and region with your account and region.

{{% notice Note %}}
if your organization has governance rules in place regarding naming conventions you'll need a custom bootstrap yaml. To learn more about custom bootstrapping, see the [AWS guide on Bootstrapping your environment for use with the AWS CDK](https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping-env.html).
{{% /notice %}}

Once your environment has been bootstrapped, you can run:

```bash
cdk deploy
```

from within the directory that includes your stack file. This deployment will take a few minutes, as CloudFormation deploys your resources.
58 changes: 58 additions & 0 deletions .../servers-and-cloud-computing/copilot-extension-deployment/3-flask-deployment.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
---
title: Deploying Flask
weight: 4

### FIXED, DO NOT MODIFY
layout: learningpathall
---

## How do I deploy my Copilot Extension Flask app to my newly created EC2 instance?

In the first GitHub Copilot Extension Learning Path you created a Flask app in the section titled "[How can I create my own private GitHub Copilot Extension?](http://localhost:1313/learning-paths/servers-and-cloud-computing/gh-copilot-simple/run-python/)".

You will deploy this Flask app on your newly created EC2 instance. First, get your EC2 instance ID:

```bash
aws ec2 describe-instances --filters "Name=tag:Name,Values=CopilotExtensionDeploymentStack/LaunchTemplate" --query "Reservations[*].Instances[*].InstanceId" --output text
```

Then use that ID to log in with AWS SSM. You must use AWS SSM because your instance is in a private subnet for security purposes, but because the SSM agent is running on the instance, it creates a tunnel that allows you to SSH into the machine with the following command:

```bash
aws ssm start-session --target [your instance ID]
```

You should now be able to go through the steps in "[How can I create my own private GitHub Copilot Extension?](http://localhost:1313/learning-paths/servers-and-cloud-computing/gh-copilot-simple/run-python/)" to create your Flask app, create a Python virtual environment, and install the appropriate packages.

The only two changes you'll make are to add a health check endpoint (for the ALB health check), and to run your app on 0.0.0.0 port 8080, which the ALB is listening for.

First, add the following endpoint to your main flask file:

```Python
@app.route('/health')
def health():
return Response(status=200)
```

Next, add the `host` argument to the `app.run` call at the end of the file and update the port number. The final result should look like this:

```Python
if __name__ == '__main__':
app.run(host='0.0.0.0', port=8080)
```

This will expose your app to the port that you set up your ALB listener to listen on.

Run the simple extension:

```Python
python ./simple-extension.py
```

You should now be able to navigate to your API subdomain from any browser and see

```text
"Hello! Welcome to the example GitHub Copilot Extension in Python!"
```

Your API is now complete and ready to be configured in your GitHub Application.
25 changes: 25 additions & 0 deletions ...ths/servers-and-cloud-computing/copilot-extension-deployment/4-github-config.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
title: Configuring GitHub
weight: 5

### FIXED, DO NOT MODIFY
layout: learningpathall
---

## How do I configure my GitHub Application to use my API?

Open the GitHub App that you created in [the first GitHub Copilot Extension Learning Path](learning-paths/servers-and-cloud-computing/gh-copilot-simple).

Navigate to the 'Copilot' tab, and add your URL to the field under the 'Agent Definition' section:

![Configure URL](configure.png)

You will also want to change the 'Callback URL' under the General tab. This is the full URL to redirect to after a user authorizes an installation.

## Test your Extension

You are now ready to test your productionized Extension. For guidance on testing, see [Test your Copilot Extension](http://localhost:1313/learning-paths/servers-and-cloud-computing/gh-copilot-simple/copilot-test/) in the previous Copilot Extension Learning Path.

## Next Steps

You are now ready to build a more advanced Copilot Extension that uses RAG techniques in [Create a RAG-based GitHub Copilot Extension in Python](../copilot-extension).
Loading