-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeploy.sh
More file actions
executable file
·155 lines (144 loc) · 7.32 KB
/
deploy.sh
File metadata and controls
executable file
·155 lines (144 loc) · 7.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
#!/usr/bin/env bash
# ─────────────────────────────────────────────────────────────────────────────
# Glotti — Automated Cloud Deployment Script
#
# This script performs a full deployment to Google Cloud Run, including:
# 1. Enabling required GCP APIs
# 2. Creating Firestore database (if not exists)
# 3. Storing the Gemini API key in Secret Manager (if not exists)
# 4. Building and deploying the container to Cloud Run
#
# Usage:
# ./deploy.sh # Uses current gcloud project
# ./deploy.sh --project my-project-id # Specify a project
# ./deploy.sh --region europe-west1 # Override region (default: us-central1)
#
# Prerequisites:
# - Google Cloud CLI (gcloud) installed and authenticated
# - A Gemini API key (will prompt if not in Secret Manager)
# ─────────────────────────────────────────────────────────────────────────────
set -euo pipefail
# ─── Defaults ──────────────────────────────────────────────────────────────────
SERVICE_NAME="debatepro-backend"
REGION="us-central1"
PORT="8080"
SECRET_NAME="GEMINI_API_KEY"
# ─── Parse Arguments ──────────────────────────────────────────────────────────
while [[ $# -gt 0 ]]; do
case $1 in
--project) PROJECT_ID="$2"; shift 2 ;;
--region) REGION="$2"; shift 2 ;;
--service) SERVICE_NAME="$2"; shift 2 ;;
*) echo "Unknown option: $1"; exit 1 ;;
esac
done
# ─── Resolve Project ──────────────────────────────────────────────────────────
if [[ -z "${PROJECT_ID:-}" ]]; then
PROJECT_ID=$(gcloud config get-value project 2>/dev/null || true)
if [[ -z "$PROJECT_ID" ]]; then
echo "Error: No project set. Use --project <id> or run: gcloud config set project <id>"
exit 1
fi
fi
echo ""
echo "╔══════════════════════════════════════════════════════════╗"
echo "║ Glotti — Cloud Deployment ║"
echo "╠══════════════════════════════════════════════════════════╣"
echo "║ Project: $PROJECT_ID"
echo "║ Region: $REGION"
echo "║ Service: $SERVICE_NAME"
echo "╚══════════════════════════════════════════════════════════╝"
echo ""
# ─── Step 1: Enable Required APIs ─────────────────────────────────────────────
echo "▶ Step 1/4: Enabling required GCP APIs..."
gcloud services enable \
run.googleapis.com \
cloudbuild.googleapis.com \
secretmanager.googleapis.com \
artifactregistry.googleapis.com \
firestore.googleapis.com \
--project="$PROJECT_ID" \
--quiet
echo " ✅ APIs enabled"
# ─── Step 2: Create Firestore Database (if not exists) ────────────────────────
echo ""
echo "▶ Step 2/4: Setting up Firestore..."
if gcloud firestore databases describe --project="$PROJECT_ID" &>/dev/null; then
echo " ✅ Firestore database already exists"
else
echo " Creating Firestore database (Native mode)..."
gcloud firestore databases create \
--project="$PROJECT_ID" \
--location="$REGION" \
--type=firestore-native \
--quiet
echo " ✅ Firestore database created"
fi
# ─── Step 3: Store API Key in Secret Manager (if not exists) ──────────────────
echo ""
echo "▶ Step 3/4: Configuring Secret Manager..."
if gcloud secrets describe "$SECRET_NAME" --project="$PROJECT_ID" &>/dev/null; then
echo " ✅ Secret '$SECRET_NAME' already exists"
else
echo " Secret '$SECRET_NAME' not found. Creating..."
# Prompt for the API key
read -rsp " Enter your Gemini API key: " API_KEY
echo ""
if [[ -z "$API_KEY" ]]; then
echo " Error: API key cannot be empty."
exit 1
fi
gcloud secrets create "$SECRET_NAME" \
--replication-policy="automatic" \
--project="$PROJECT_ID" \
--quiet
printf '%s' "$API_KEY" | gcloud secrets versions add "$SECRET_NAME" \
--data-file=- \
--project="$PROJECT_ID" \
--quiet
echo " ✅ Secret created and API key stored"
fi
# Grant Cloud Run's service account access to the secret
PROJECT_NUMBER=$(gcloud projects describe "$PROJECT_ID" --format='value(projectNumber)')
SA_EMAIL="${PROJECT_NUMBER}-compute@developer.gserviceaccount.com"
echo " Granting Secret Manager access to Cloud Run service account..."
gcloud projects add-iam-policy-binding "$PROJECT_ID" \
--member="serviceAccount:${SA_EMAIL}" \
--role="roles/secretmanager.secretAccessor" \
--condition=None \
--quiet &>/dev/null
echo " ✅ IAM binding configured"
# ─── Step 4: Build & Deploy to Cloud Run ──────────────────────────────────────
echo ""
echo "▶ Step 4/4: Building and deploying to Cloud Run..."
echo " This will use Cloud Build to build the Docker image and deploy it."
echo ""
gcloud run deploy "$SERVICE_NAME" \
--source . \
--region "$REGION" \
--project "$PROJECT_ID" \
--allow-unauthenticated \
--set-secrets="${SECRET_NAME}=${SECRET_NAME}:latest" \
--port="$PORT" \
--concurrency=1 \
--min-instances=0 \
--max-instances=10 \
--timeout=3600 \
--memory=512Mi \
--cpu=1 \
--quiet
# ─── Done ─────────────────────────────────────────────────────────────────────
SERVICE_URL=$(gcloud run services describe "$SERVICE_NAME" \
--region "$REGION" \
--project "$PROJECT_ID" \
--format='value(status.url)')
echo ""
echo "╔══════════════════════════════════════════════════════════╗"
echo "║ ✅ Deployment Complete! ║"
echo "╠══════════════════════════════════════════════════════════╣"
echo "║ Service URL: $SERVICE_URL"
echo "║ ║"
echo "║ Manage: https://console.cloud.google.com/run ║"
echo "║ Logs: gcloud run services logs read $SERVICE_NAME ║"
echo "╚══════════════════════════════════════════════════════════╝"
echo ""