-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeploycloudrun.py
More file actions
103 lines (87 loc) · 3.45 KB
/
deploycloudrun.py
File metadata and controls
103 lines (87 loc) · 3.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
import os
import subprocess
import json
from dotenv import load_dotenv
def run_command(command, error_msg, capture=True):
"""Utility to run shell commands."""
try:
result = subprocess.run(command, check=True, text=True, capture_output=capture)
return result.stdout.strip() if capture else True
except subprocess.CalledProcessError as e:
print(f"❌ {error_msg}")
if capture:
print(f"Error details: {e.stderr}")
return None
def setup_service_account(project_id):
"""Ensures the service account exists and has the necessary roles."""
sa_name = "adkvisualbuilder"
sa_email = f"{sa_name}@{project_id}.iam.gserviceaccount.com"
# 1. Check if Service Account exists
print(f"🔍 Checking if service account {sa_email} exists...")
check_cmd = ["gcloud", "iam", "service-accounts", "describe", sa_email, f"--project={project_id}", "--format=json"]
if run_command(check_cmd, "Service account not found, attempting to create...", capture=True) is None:
print(f"🛠️ Creating service account: {sa_name}...")
create_cmd = [
"gcloud", "iam", "service-accounts", "create", sa_name,
f"--display-name=ADK Visual Builder Service Account",
f"--project={project_id}"
]
run_command(create_cmd, "Failed to create service account.")
else:
print(f"✅ Service account {sa_name} already exists.")
# 2. Define roles to assign
roles = [
"roles/cloudbuild.builds.builder",
"roles/iam.serviceAccountUser",
"roles/storage.admin",
"roles/aiplatform.user", # Vertex AI User role
"roles/run.admin", # Ensure it can manage Cloud Run
"roles/logging.logWriter", # Missing this causes the error you see
"roles/artifactregistry.writer",
]
print(f"🔐 Assigning IAM roles to {sa_email}...")
for role in roles:
bind_cmd = [
"gcloud", "projects", "add-iam-policy-binding", project_id,
f"--member=serviceAccount:{sa_email}",
f"--role={role}",
"--quiet"
]
run_command(bind_cmd, f"Failed to assign role {role}")
return sa_email
def deploy_agent():
# 1. Load configuration
load_dotenv()
project_id = os.getenv("GOOGLE_CLOUD_PROJECT")
if not project_id:
print("❌ Error: GOOGLE_CLOUD_PROJECT not found in .env file.")
return
# Configuration values
location = "us-central1"
agent_path = "./Agent1"
service_name = "agent1service"
app_name = "agent1app"
# 2. Setup Service Account and Permissions
sa_email = setup_service_account(project_id)
if not sa_email:
return
# 3. Execute Deployment Command
# Added --service_account flag to the deployment
command = [
"adk", "deploy", "cloud_run",
f"--project={project_id}",
f"--region={location}",
f"--service_name={service_name}",
f"--app_name={app_name}",
f"--artifact_service_uri=memory://",
f"--with_ui",
agent_path,
f"--",
f"--service-account={sa_email}",
f"--build-service-account=projects/{project_id}/serviceAccounts/{sa_email}",
]
print(f"🚀 Deploying agent '{app_name}' to {project_id} using {sa_email}...")
# capture_output=False shows real-time logs
success = run_command(command, "ERROR", capture=False)
if __name__ == "__main__":
deploy_agent()