-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudbuild-live.yaml
87 lines (79 loc) · 3.06 KB
/
cloudbuild-live.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# cloudbuild-live.yaml
steps:
- id: "Install Proxy"
name: gcr.io/cloud-builders/wget
entrypoint: bash
args:
- -c
- |
wget -O /workspace/cloud-sql-proxy \
https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.11.3/cloud-sql-proxy.linux.amd64 && \
chmod +x /workspace/cloud-sql-proxy
waitFor: ['-']
# build & push the container image
- id: "Send-a-hug: Build Live"
name: "gcr.io/kaniko-project/executor:v1.21.1"
args:
- "--cache=true"
- "--cache-ttl=48h"
- "--destination=europe-west1-docker.pkg.dev/$PROJECT_ID/imgs/${_IMAGE_NAME}:latest"
waitFor: ['-']
# local secrets only needed to run migrations
- id: "Get Secrets"
name: gcr.io/cloud-builders/gcloud
entrypoint: 'bash'
args: [ '-c', './get_secrets.sh' ]
env:
- 'SAH_HOME=/workspace'
- 'PROJECT_ID=$PROJECT_ID'
waitFor: ['Send-a-hug: Build Live', 'Install Proxy']
- id: "Run Migrations"
name: python:3.11
entrypoint: bash
args:
- '-c'
- |
set -e
pip install -r requirements.txt
mkdir -p /cloudsql
/workspace/cloud-sql-proxy --unix-socket /cloudsql $$_DB_HOST & \
sleep 2 && \
alembic upgrade head
env:
- 'SAH_MODE=${_SAH_MODE}'
- 'SAH_HOME=/workspace'
- 'DB_CREDENTIALS_PATH=/workspace/.secrets/db_${_SAH_MODE_LOWER}_creds/latest.json'
- 'FIREBASE_CREDENTIALS_FILE=/workspace/.secrets/platform_firebase_credentials/latest.json'
secretEnv: ['_DB_HOST']
waitFor: ['Get Secrets']
# Deploy container image to Cloud Run
- id: "Send-a-hug: Deploy Live"
name: "gcr.io/cloud-builders/gcloud"
entrypoint: bash
args:
- '-c'
- |
gcloud run deploy ${_IMAGE_NAME} --image 'europe-west1-docker.pkg.dev/$PROJECT_ID/imgs/${_IMAGE_NAME}:latest' \
--region europe-west1 --allow-unauthenticated --timeout=15m --min-instances 0 --memory 512Mi \
--platform managed --set-cloudsql-instances $$_DB_HOST --update-env-vars SAH_MODE=${_SAH_MODE} \
--update-env-vars FRONTEND=${_FRONTEND_URL} \
--update-env-vars DB_CREDENTIALS_PATH=/app/.secrets/db_${_SAH_MODE_LOWER}_creds/latest.json \
--update-env-vars FIREBASE_CREDENTIALS_FILE=/app/.secrets/platform_firebase_credentials/latest.json \
--update-secrets /app/.secrets/db_${_SAH_MODE_LOWER}_creds/latest.json=db_${_SAH_MODE_LOWER}_creds:latest \
--update-secrets /app/.secrets/platform_firebase_credentials/latest.json=platform_firebase_credentials:latest \
--update-secrets PRIVATE_VAPID_KEY=private_vapid_key:latest
secretEnv: ['_DB_HOST']
waitFor: ['Run Migrations']
substitutions:
_IMAGE_NAME: 'api'
_SAH_MODE: 'LIVE'
_SAH_MODE_LOWER: 'live' # very dumb but we should handle in the config object in python
_FRONTEND_URL: 'https://app.send-hug.com/'
availableSecrets:
secretManager:
- versionName: projects/$PROJECT_ID/secrets/db_host/versions/latest
env: '_DB_HOST'
logsBucket: 'gs://send-a-hug-platform_cloudbuilds'
timeout: 900s
tags:
- 'Send-a-hug'