Skip to content

mnemom/deploy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

133 Commits
.github
.github
 
 
docs/adr
docs/adr
 
 
scripts
scripts
 
 
tests/e2e
tests/e2e
 
 
CLAUDE.md
CLAUDE.md
 
 
README.md
README.md
 
 
eslint.config.mjs
eslint.config.mjs
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

mnemom/deploy

Centralized deployment orchestrator for all mnemom services and packages.

Architecture

flowchart LR
    subgraph trigger["Trigger"]
        dispatch["repo CI passes"]
        manual["manual dispatch"]
    end

    subgraph services["Services"]
        gw["mnemom-platform / gateway\n☁️ CF Worker"]
        obs["mnemom-platform / observer\n☁️ CF Worker"]
        cli["mnemom-platform / cli\n📦 npm"]
        api["mnemom-api\n☁️ CF Worker"]
        rep["mnemom-reputation\n☁️ CF Worker"]
        risk["mnemom-risk\n☁️ CF Worker"]
        prover["mnemom-prover\n🐍 Modal"]
        web["mnemom-website\n🌐 Netlify"]
        coh["coherence\n✈️ Fly.io"]
        hunt["hunter\n✈️ Fly.io"]
    end

    subgraph packages["Packages"]
        aap["aap\n📦 npm + PyPI"]
        aip["aip\n📦 npm + PyPI"]
        otel["aip-otel-exporter\n📦 npm + PyPI"]
        types["mnemom-types\n📦 npm + PyPI"]
    end

    trigger --> services
    trigger --> packages
Loading

Repos

Repo Deploy Target Type
mnemom-platform (gateway) Cloudflare Worker Service
mnemom-platform (observer) Cloudflare Worker Service
mnemom-platform (cli) npm Package
mnemom-api Cloudflare Worker Service
mnemom-reputation Cloudflare Worker Service
mnemom-risk Cloudflare Worker Service
mnemom-prover Modal Service
mnemom-website Netlify Service
coherence Fly.io Service (opt-in, not in all)
hunter Fly.io Service
aap npm + PyPI Package
aip npm + PyPI Package
aip-otel-exporter npm + PyPI Package
mnemom-types npm + PyPI Package

Not orchestrated

These repos are not managed by this deploy workflow:

  • reputation-check — GitHub Action, consumed from the repo directly
  • docs — Mintlify auto-deploys on push
  • .github — Org profile README, no deploy

Opt-in — coherence

coherence is orchestrated but not in the default repos=all deploy set until its Fly app + DNS (api.coherence.mnemom.ai, trust.mnemom.ai) are provisioned. To deploy it before GA:

gh workflow run deploy.yml --repo mnemom/deploy \
  -f repos=coherence -f environment=staging

Coherence follows the standard pattern: merge to main → its CI dispatches to this orchestrator → staging-migrate applies migrations 136/137 (in mnemom-api/database/migrations/) → staging-coherence deploys the Fly app → waits for production approval → prod-migrateprod-coherence. When Fly + DNS are live, add set_deploy "coherence" to the all block in plan and drop this callout.

How it works

  1. Any repo merges to main or staging
  2. That repo's CI runs and passes
  3. CI dispatches to this orchestrator via repository_dispatch
  4. Staging: deploys automatically
  5. Production: single approval gate, then deploys

Usage

Automatic (via CI dispatch)

Each repo's CI workflow notifies this orchestrator on success:

# Add to each repo's ci.yml — runs only on main/staging push, not PRs
- name: Trigger deploy
  if: github.event_name == 'push' && success()
  uses: peter-evans/repository-dispatch@v3
  with:
    token: ${{ secrets.DEPLOY_TOKEN }}
    repository: mnemom/deploy
    event-type: deploy
    client-payload: >-
      {
        "repo": "${{ github.event.repository.name }}",
        "sha": "${{ github.sha }}",
        "environment": "${{ github.ref == 'refs/heads/main' && 'production' || 'staging' }}"
      }

Manual (deploy all or specific repos)

# Deploy everything to staging
gh workflow run deploy.yml --repo mnemom/deploy -f repos=all -f environment=staging

# Deploy just mnemom-api to production
gh workflow run deploy.yml --repo mnemom/deploy -f repos=mnemom-api -f environment=production

# Deploy mnemom-platform + mnemom-api together
gh workflow run deploy.yml --repo mnemom/deploy -f repos=mnemom-platform,mnemom-api -f environment=production


# Deploy aap package
gh workflow run deploy.yml --repo mnemom/deploy -f repos=aap -f environment=production

Dashboard

View all deployments: https://github.com/mnemom/deploy/actions

Each run shows a visual dependency graph with color-coded status per service.

Required secrets

Add these to the mnemom/deploy repo settings:

Secret Used by Description
DEPLOY_TOKEN All jobs GitHub PAT with repo scope across mnemom org
CLOUDFLARE_API_TOKEN mnemom-platform, api, reputation, risk Cloudflare API token
CLOUDFLARE_ACCOUNT_ID mnemom-platform, api, reputation, risk Cloudflare account ID
NPM_TOKEN mnemom-platform/cli, aap, aip, aip-otel-exporter, mnemom-types npm publish auth token
PYPI_API_TOKEN aap, aip, aip-otel-exporter, mnemom-types PyPI publish auth token
MODAL_TOKEN_ID mnemom-prover Modal deployment credentials
MODAL_TOKEN_SECRET mnemom-prover Modal deployment credentials
FLY_API_TOKEN hunter Fly.io deploy token
NETLIFY_AUTH_TOKEN mnemom-website Netlify deploy token
NETLIFY_SITE_ID mnemom-website Netlify site identifier

Environment-specific secrets should be set on the staging and production environments, not at repo level.

Environments

Environment Protection Behavior
staging None Auto-deploys on dispatch
production Requires approval Single approval covers all jobs in the run

About

Centralized deployment orchestrator for mnemom services

Resources

Readme

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages