daily_issue_scraper/deploy.sh at main · char.tngl.sh/sunstead-backend

This repository has no description

sunstead-backend / daily_issue_scraper / deploy.sh

at main 2.5 kB View raw

Mark Pokidko Sunstead backend — Tangled Discover + AI-Solve (snapshot, no history) 1d ago

 1#!/usr/bin/env bash
 2# Build image (Cloud Build), push to Artifact Registry, deploy Cloud Run Job.
 3#
 4# Usage (from repo root):
 5#   ./daily_issue_scraper/deploy.sh
 6#
 7# Optional overrides:
 8#   PROJECT_ID=my-project REGION=europe-west1 JOB_NAME=tangled-daily-sync ./daily_issue_scraper/deploy.sh
 9#
10# Requires: gcloud auth, and the secrets below stored in Google Secret Manager.
11# Secrets are referenced (never passed as plaintext env vars) so DB creds / API
12# keys are not visible in `gcloud run jobs describe` or to run.viewer roles.
13# One-time setup (run once per secret):
14#   printf '%s' "$DB_CONNECTION_STRING" | gcloud secrets create tangled-db-url --data-file=-
15#   printf '%s' "$GEMINI_API_KEY"       | gcloud secrets create gemini-api-key  --data-file=-
16# Grant the job's runtime service account roles/secretmanager.secretAccessor.
17
18set -euo pipefail
19
20ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
21REGION="${REGION:-europe-west1}"
22REPOSITORY="${REPOSITORY:-tangled}"
23IMAGE_NAME="${IMAGE_NAME:-daily-issue-scraper}"
24JOB_NAME="${JOB_NAME:-tangled-daily-sync}"
25TASK_TIMEOUT="${TASK_TIMEOUT:-3600}"
26MEMORY="${MEMORY:-1Gi}"
27CPU="${CPU:-1}"
28MAX_RETRIES="${MAX_RETRIES:-1}"
29# Secret Manager secret names (override if yours differ). Mapped to env vars in the job.
30DB_SECRET="${DB_SECRET:-tangled-db-url}"
31GEMINI_SECRET="${GEMINI_SECRET:-gemini-api-key}"
32
33PROJECT_ID="${PROJECT_ID:-$(gcloud config get-value project 2>/dev/null)}"
34if [[ -z "$PROJECT_ID" || "$PROJECT_ID" == "(unset)" ]]; then
35  echo "ERROR: Set PROJECT_ID or run: gcloud config set project YOUR_PROJECT_ID" >&2
36  exit 1
37fi
38
39IMAGE="${REGION}-docker.pkg.dev/${PROJECT_ID}/${REPOSITORY}/${IMAGE_NAME}:latest"
40
41echo "==> Project:  $PROJECT_ID"
42echo "==> Region:   $REGION"
43echo "==> Image:    $IMAGE"
44echo "==> Job:      $JOB_NAME"
45echo "==> Secrets:  DB_CONNECTION_STRING<-$DB_SECRET, GEMINI_API_KEY<-$GEMINI_SECRET"
46echo
47
48echo "==> Build & push (Cloud Build)"
49gcloud builds submit \
50  --project="$PROJECT_ID" \
51  --config="$ROOT/daily_issue_scraper/cloudbuild.yaml" \
52  "$ROOT"
53
54echo
55echo "==> Deploy Cloud Run Job"
56gcloud run jobs deploy "$JOB_NAME" \
57  --project="$PROJECT_ID" \
58  --region="$REGION" \
59  --image="$IMAGE" \
60  --set-secrets="DB_CONNECTION_STRING=${DB_SECRET}:latest,GEMINI_API_KEY=${GEMINI_SECRET}:latest" \
61  --task-timeout="$TASK_TIMEOUT" \
62  --memory="$MEMORY" \
63  --cpu="$CPU" \
64  --max-retries="$MAX_RETRIES"
65
66echo
67echo "Done. Run once:"
68echo "  gcloud run jobs execute $JOB_NAME --project=$PROJECT_ID --region=$REGION"

Configure Feed

Configure Feed