-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathcloudbuild.yaml
More file actions
115 lines (108 loc) · 3.66 KB
/
cloudbuild.yaml
File metadata and controls
115 lines (108 loc) · 3.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# ==========================================
# CodeGuard AI - Google Cloud Build Configuration
# CI/CD Pipeline for Cloud Run Deployment
# ==========================================
#
# Setup Instructions:
# 1. Enable Cloud Build API: gcloud services enable cloudbuild.googleapis.com
# 2. Enable Cloud Run API: gcloud services enable run.googleapis.com
# 3. Enable Artifact Registry: gcloud services enable artifactregistry.googleapis.com
#
# Create Artifact Registry repository:
# gcloud artifacts repositories create codeguard-repo \
# --repository-format=docker \
# --location=us-central1 \
# --description="CodeGuard AI Docker images"
#
# Grant Cloud Build permission to deploy to Cloud Run:
# gcloud projects add-iam-policy-binding PROJECT_ID \
# --member="serviceAccount:PROJECT_NUMBER@cloudbuild.gserviceaccount.com" \
# --role="roles/run.admin"
#
# gcloud iam service-accounts add-iam-policy-binding \
# PROJECT_NUMBER-compute@developer.gserviceaccount.com \
# --member="serviceAccount:PROJECT_NUMBER@cloudbuild.gserviceaccount.com" \
# --role="roles/iam.serviceAccountUser"
#
# Trigger deployment:
# gcloud builds submit --config=cloudbuild.yaml ./backend
#
# Or connect to GitHub for automatic deployments.
# ==========================================
# Substitution variables (set in Cloud Build trigger or command line)
substitutions:
_REGION: us-central1
_SERVICE_NAME: codeguard-backend
_ARTIFACT_REPO: codeguard-repo
steps:
# ==========================================
# Step 1: Build Docker image
# ==========================================
- name: 'gcr.io/cloud-builders/docker'
id: 'build'
args:
- 'build'
- '-t'
- '${_REGION}-docker.pkg.dev/$PROJECT_ID/${_ARTIFACT_REPO}/${_SERVICE_NAME}:$COMMIT_SHA'
- '-t'
- '${_REGION}-docker.pkg.dev/$PROJECT_ID/${_ARTIFACT_REPO}/${_SERVICE_NAME}:latest'
- '-f'
- 'Dockerfile'
- '.'
dir: 'backend'
# ==========================================
# Step 2: Push to Artifact Registry
# ==========================================
- name: 'gcr.io/cloud-builders/docker'
id: 'push'
args:
- 'push'
- '--all-tags'
- '${_REGION}-docker.pkg.dev/$PROJECT_ID/${_ARTIFACT_REPO}/${_SERVICE_NAME}'
waitFor: ['build']
# ==========================================
# Step 3: Deploy to Cloud Run
# ==========================================
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
id: 'deploy'
entrypoint: 'gcloud'
args:
- 'run'
- 'deploy'
- '${_SERVICE_NAME}'
- '--image'
- '${_REGION}-docker.pkg.dev/$PROJECT_ID/${_ARTIFACT_REPO}/${_SERVICE_NAME}:$COMMIT_SHA'
- '--region'
- '${_REGION}'
- '--platform'
- 'managed'
- '--allow-unauthenticated'
- '--memory'
- '512Mi'
- '--cpu'
- '1'
- '--min-instances'
- '0'
- '--max-instances'
- '10'
- '--concurrency'
- '80'
- '--timeout'
- '300s'
# Environment variables (secrets should be from Secret Manager)
- '--set-env-vars'
- 'ENVIRONMENT=production,DEBUG=False,LOG_LEVEL=INFO'
# Secret Manager integration (create secrets first)
# - '--set-secrets'
# - 'DATABASE_URL=DATABASE_URL:latest,CLERK_SECRET_KEY=CLERK_SECRET_KEY:latest'
waitFor: ['push']
# Images to be pushed to Artifact Registry
images:
- '${_REGION}-docker.pkg.dev/$PROJECT_ID/${_ARTIFACT_REPO}/${_SERVICE_NAME}:$COMMIT_SHA'
- '${_REGION}-docker.pkg.dev/$PROJECT_ID/${_ARTIFACT_REPO}/${_SERVICE_NAME}:latest'
# Build options
options:
logging: CLOUD_LOGGING_ONLY
machineType: 'E2_HIGHCPU_8'
# Build timeout (10 minutes)
timeout: '600s'