This guide provides comprehensive instructions for deploying TrustNet, an AI-powered misinformation detection system, to Google Cloud Platform.
- Prerequisites
- Quick Deployment
- Manual Deployment
- Environment Configuration
- Production Deployment
- Local Development
- Monitoring & Troubleshooting
- Rollback Procedures
-
Google Cloud SDK
# Install gcloud CLI # Download from: https://cloud.google.com/sdk/docs/install # Verify installation gcloud --version
-
Terraform (v1.0+)
# Download from: https://terraform.io/downloads terraform --version -
Docker
# Download from: https://docker.com/get-started docker --version -
Node.js (v18+)
# Download from: https://nodejs.org node --version npm --version
-
Create or Select Project
# Create new project gcloud projects create trustnet-prod --name="TrustNet Production" # Or use existing project gcloud config set project your-project-id
-
Enable Billing
# Link billing account (replace BILLING_ACCOUNT_ID) gcloud billing projects link trustnet-prod --billing-account=BILLING_ACCOUNT_ID -
Set Default Configuration
gcloud config set project trustnet-prod gcloud config set compute/region asia-south1 gcloud auth application-default login
-
Create Terraform State Bucket
gsutil mb gs://trustnet-terraform-state gsutil versioning set on gs://trustnet-terraform-state
For rapid deployment using the automated script:
# Clone repository
git clone https://github.com/Your-Voldemort/TrustNet.git
cd TrustNet
# Make deployment script executable
chmod +x scripts/deploy/deploy-services.sh
# Deploy to development environment
./scripts/deploy/deploy-services.sh dev asia-south1
# Deploy to production environment
./scripts/deploy/deploy-services.sh prod asia-south1The automated script will:
- ✅ Enable required Google Cloud APIs
- ✅ Deploy infrastructure with Terraform
- ✅ Build and deploy services via Cloud Build
- ✅ Configure monitoring and alerts
gcloud services enable \
run.googleapis.com \
pubsub.googleapis.com \
firestore.googleapis.com \
aiplatform.googleapis.com \
dlp.googleapis.com \
webrisk.googleapis.com \
cloudbuild.googleapis.com \
artifactregistry.googleapis.com \
secretmanager.googleapis.com# Store API keys in Secret Manager
echo "your-fact-check-api-key" | gcloud secrets create fact-check-api-key --data-file=-
echo "your-perspective-api-key" | gcloud secrets create perspective-api-key --data-file=-cd infra/terraform
# Initialize Terraform
terraform init
# Create workspace for environment
terraform workspace new production
terraform workspace select production
# Plan deployment
terraform plan \
-var="project_id=trustnet-prod" \
-var="region=asia-south1" \
-var="environment=prod"
# Apply infrastructure
terraform apply \
-var="project_id=trustnet-prod" \
-var="region=asia-south1" \
-var="environment=prod"# Return to project root
cd ../..
# Submit build to Cloud Build
gcloud builds submit \
--config=infra/ci/cloudbuild.yaml \
--substitutions=_REGION=asia-south1,_ENVIRONMENT=prod \
.# Check API health
API_URL=$(gcloud run services describe trustnet-api --region=asia-south1 --format='value(status.url)')
curl ${API_URL}/health
# Check worker status
gcloud run services describe trustnet-worker --region=asia-south1# .env.development
GOOGLE_CLOUD_PROJECT_ID=trustnet-dev
ENVIRONMENT=development
FIRESTORE_DATABASE=trustnet-dev
LOG_LEVEL=debug
MAX_INSTANCES=10
CPU=1
MEMORY=2Gi# .env.staging
GOOGLE_CLOUD_PROJECT_ID=trustnet-staging
ENVIRONMENT=staging
FIRESTORE_DATABASE=trustnet-staging
LOG_LEVEL=info
MAX_INSTANCES=50
CPU=2
MEMORY=4Gi# .env.production
GOOGLE_CLOUD_PROJECT_ID=trustnet-prod
ENVIRONMENT=production
FIRESTORE_DATABASE=trustnet-prod
LOG_LEVEL=warn
MAX_INSTANCES=1000
CPU=4
MEMORY=8Gi- Load testing completed
- Security scan passed
- Database migrations tested
- Monitoring dashboards configured
- Rollback plan documented
- Team notified of deployment window
-
Create Production Branch
git checkout -b release/v1.0.0 git tag v1.0.0 git push origin v1.0.0
-
Deploy Infrastructure
cd infra/terraform terraform workspace select production terraform apply -var-file="production.tfvars"
-
Deploy Application
gcloud builds submit \ --config=infra/ci/cloudbuild.yaml \ --substitutions=_REGION=asia-south1,_ENVIRONMENT=prod \ --tag=v1.0.0
-
Post-deployment Verification
# Health check curl https://api.trustnet.com/health # Functional test curl -X POST https://api.trustnet.com/v1/analyze \ -H "Content-Type: application/json" \ -d '{"text": "Test content", "language": "en"}' # Performance test ab -n 100 -c 10 https://api.trustnet.com/health
# Clone repository
git clone https://github.com/Your-Voldemort/TrustNet.git
cd TrustNet
# Install dependencies
cd services/api
npm install
# Set up local environment
cp .env.example .env.local# .env.local
GOOGLE_CLOUD_PROJECT_ID=trustnet-dev
ENVIRONMENT=development
PORT=8080
FIRESTORE_EMULATOR_HOST=localhost:8080
PUBSUB_EMULATOR_HOST=localhost:8085# Start Google Cloud emulators
gcloud emulators firestore start --host-port=localhost:8080 &
gcloud emulators pubsub start --host-port=localhost:8085 &
# Start development server
npm run dev# Build local image
docker build -t trustnet-api:local ./services/api
# Run with Docker Compose
docker-compose up -d
# View logs
docker-compose logs -f# API health endpoint
curl https://api.trustnet.com/health
# Cloud Run service health
gcloud run services describe trustnet-api --region=asia-south1# View API logs
gcloud logs read "resource.type=cloud_run_revision AND resource.labels.service_name=trustnet-api" --limit=50
# View worker logs
gcloud logs read "resource.type=cloud_run_revision AND resource.labels.service_name=trustnet-worker" --limit=50
# Filter by severity
gcloud logs read "severity>=ERROR" --limit=20# Check service metrics
gcloud monitoring metrics list --filter="resource.type=cloud_run_revision"
# View request latency
gcloud monitoring time-series list \
--filter='resource.type="cloud_run_revision" AND metric.type="run.googleapis.com/request_latencies"'# Check build logs
gcloud builds log $(gcloud builds list --limit=1 --format='value(id)')
# Check service configuration
gcloud run services describe trustnet-api --region=asia-south1# Update service memory
gcloud run services update trustnet-api \
--region=asia-south1 \
--memory=8Gi# Verify secrets
gcloud secrets versions access latest --secret="fact-check-api-key"
# Update secret
echo "new-api-key" | gcloud secrets versions add fact-check-api-key --data-file=-# List recent revisions
gcloud run revisions list --service=trustnet-api --region=asia-south1
# Rollback to previous revision
gcloud run services update-traffic trustnet-api \
--region=asia-south1 \
--to-revisions=trustnet-api-00002-abc=100cd infra/terraform
# View state history
terraform state list
# Rollback to previous state
terraform apply -target=resource_name -var-file="previous.tfvars"# Firestore automatic backups are enabled
# Contact support for restore procedures if needed| Environment | API Instances | Worker Instances | CPU | Memory |
|---|---|---|---|---|
| Development | 1-5 | 1-2 | 1 | 2Gi |
| Staging | 2-10 | 2-5 | 2 | 4Gi |
| Production | 10-1000 | 5-100 | 4 | 8Gi |
# Set up billing alerts
gcloud alpha billing budgets create \
--billing-account=BILLING_ACCOUNT_ID \
--display-name="TrustNet Budget" \
--budget-amount=1000USD- All services deployed with Cloud Run (fully managed, no VPC required)
- HTTPS enforced for all external traffic
- Internal service communication via private Google network
- Principle of least privilege applied
- Service accounts with minimal required permissions
- Regular access reviews recommended
- Data encrypted at rest (Firestore native encryption)
- Data encrypted in transit (TLS 1.2+)
- API keys stored in Secret Manager
- No sensitive data in logs
- Weekly: Review logs and error rates
- Monthly: Update dependencies and security patches
- Quarterly: Performance optimization review
- Annually: Architecture and cost review
- Development Team:
dev-team@trustnet.com - DevOps Team:
devops@trustnet.com - Google Cloud Support: Support Case
For additional support, see Architecture Documentation or contact the development team.