fix(brain): memory leak fixes in S3AI Brain System #33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # AGENT MU v10.0 - CI/CD Pipeline | |
| # Builds, tests, and deploys AGENT MU to production | |
| # Cycle 56: Uses VIBEE-generated PAS daemon code | |
| name: AGENT MU - Build & Deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - vibee-v*-production-swarm | |
| paths: | |
| - 'src/agent_mu/**' | |
| - 'generated/agent_mu_pas_daemon.zig' | |
| - 'docker/Dockerfile.agent-mu' | |
| - 'k8s/agent-mu-deployment.yaml' | |
| - '.github/workflows/agent-mu-deploy.yml' | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - 'src/agent_mu/**' | |
| - 'generated/agent_mu_pas_daemon.zig' | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Version tag (e.g., v10.0.0)' | |
| required: true | |
| default: 'v10.0.0' | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ghashtag/trinity/agent-mu | |
| jobs: | |
| test: | |
| name: Test AGENT MU | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Zig | |
| uses: mlugg/setup-zig@v2 | |
| with: | |
| version: 0.15.2 | |
| - name: Run Tests | |
| run: | | |
| zig test src/agent_mu/meta_learner.zig | |
| zig test src/agent_mu/comptime_optimizer.zig | |
| zig test src/agent_mu/runtime_pattern_manager.zig | |
| zig test src/agent_mu/predictive/markov_predictor.zig | |
| zig test src/agent_mu/predictive/monte_carlo.zig | |
| zig test src/agent_mu/evolution/checkpoint_manager.zig | |
| # Cycle 56: Test VIBEE-generated PAS daemon | |
| zig test generated/agent_mu_pas_daemon.zig | |
| - name: Build Test | |
| run: zig build agent-mu -Drelease-fast=true | |
| - name: CLI Validation Test | |
| run: | | |
| zig-out/bin/agent-mu-daemon --test | |
| build: | |
| name: Build Docker Image | |
| needs: test | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| outputs: | |
| image-tag: ${{ steps.meta.outputs.tags }} | |
| image-digest: ${{ steps.build.outputs.digest }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ github.ref_name }},prefix= | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=semver,pattern={{version}} | |
| type=sha,prefix={{branch}}- | |
| - name: Build and push | |
| id: build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./docker/Dockerfile.agent-mu | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| platforms: linux/amd64,linux/arm64 | |
| security-scan: | |
| name: Security Scan | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ needs.build.outputs.image-tag }} | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Upload Trivy results to GitHub Security | |
| uses: github/codeql-action/upload-sarif@v2 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| deploy-staging: | |
| name: Deploy to Staging | |
| needs: [build, security-scan] | |
| runs-on: ubuntu-latest | |
| if: github.ref != 'refs/heads/main' | |
| environment: staging | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up kubectl | |
| uses: azure/setup-kubectl@v3 | |
| - name: Configure kubectl | |
| run: | | |
| echo "${{ secrets.KUBE_CONFIG_STAGING }}" | base64 -d > kubeconfig | |
| export KUBECONFIG=kubeconfig | |
| - name: Deploy to Kubernetes | |
| run: | | |
| export KUBECONFIG=kubeconfig | |
| kubectl set image deployment/agent-mu \ | |
| agent-mu=${{ needs.build.outputs.image-tag }} \ | |
| -n trinity-staging | |
| - name: Verify deployment | |
| run: | | |
| export KUBECONFIG=kubeconfig | |
| kubectl rollout status deployment/agent-mu -n trinity-staging | |
| kubectl get pods -n trinity-staging -l app=agent-mu | |
| deploy-production: | |
| name: Deploy to Production | |
| needs: [build, security-scan] | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| environment: production | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up kubectl | |
| uses: azure/setup-kubectl@v3 | |
| - name: Configure kubectl | |
| run: | | |
| echo "${{ secrets.KUBE_CONFIG_PROD }}" | base64 -d > kubeconfig | |
| export KUBECONFIG=kubeconfig | |
| - name: Deploy to Kubernetes | |
| run: | | |
| export KUBECONFIG=kubeconfig | |
| kubectl apply -f k8s/agent-mu-deployment.yaml | |
| - name: Wait for rollout | |
| run: | | |
| export KUBECONFIG=kubeconfig | |
| kubectl rollout status deployment/agent-mu -n trinity --timeout=5m | |
| - name: Verify deployment | |
| run: | | |
| export KUBECONFIG=kubeconfig | |
| kubectl get pods -n trinity -l app=agent-mu | |
| kubectl get svc -n trinity agent-mu | |
| - name: Run smoke tests | |
| run: | | |
| export KUBECONFIG=kubeconfig | |
| POD=$(kubectl get pod -n trinity -l app=agent-mu -o jsonpath='{.items[0].metadata.name}') | |
| kubectl exec -n trinity $POD -- curl -f http://localhost:8080/health | |
| notify: | |
| name: Notify Results | |
| needs: [test, build, security-scan] | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - name: Send notification | |
| run: | | |
| echo "Deployment status: ${{ job.status }}" | |
| # Add Slack/Discord/webhook notification here |