-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcloudbuild.yaml
More file actions
149 lines (135 loc) · 4.97 KB
/
cloudbuild.yaml
File metadata and controls
149 lines (135 loc) · 4.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
steps:
# ==========================================
# 0. Quality Gate (lint + unit tests)
# ==========================================
- name: 'python:3.11-slim'
id: 'Lint and Test'
entrypoint: 'bash'
args:
- '-c'
- |
pip install --quiet ruff
echo "--- Ruff lint ---"
ruff check src/ web/ --select E,F,W --ignore E501
pip install --quiet -r requirements.txt pytest
echo "--- Unit tests ---"
PYTHONPATH=src pytest src/cathode_screening/tests/ \
--ignore=src/cathode_screening/tests/test_decision_grade.py \
-x -q
# ==========================================
# 1. Backend Pipeline
# ==========================================
# Fetch artifacts from GCS (or use local copy if present)
- name: 'gcr.io/cloud-builders/gsutil'
id: 'Fetch Artifacts'
entrypoint: 'bash'
args:
- '-c'
- |
if [[ -d "data/artifacts" ]]; then
echo "Using local data/artifacts from build context"
exit 0
fi
artifacts_uri="${_ARTIFACTS_GCS_URI}"
if [[ -z "${artifacts_uri}" ]]; then
artifacts_uri="gs://${PROJECT_ID}_cloudbuild/cathode/artifacts"
fi
echo "Fetching artifacts from ${artifacts_uri}"
mkdir -p data/artifacts
gsutil -m rsync -r "${artifacts_uri}" data/artifacts
# Build Backend Image
- name: 'gcr.io/cloud-builders/docker'
id: 'Build Backend'
waitFor: ['Fetch Artifacts', 'Lint and Test']
args: ['build', '-t', 'gcr.io/$PROJECT_ID/cathode-backend', '-f', 'backend.Dockerfile', '.']
# Push Backend Image
- name: 'gcr.io/cloud-builders/docker'
id: 'Push Backend'
args: ['push', 'gcr.io/$PROJECT_ID/cathode-backend']
# Deploy Backend to Cloud Run
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
id: 'Deploy Backend'
entrypoint: 'bash'
args:
- '-c'
- |
FRONTEND_ORIGIN="${_FRONTEND_ORIGIN}"
if [[ -z "$FRONTEND_ORIGIN" ]]; then
FRONTEND_ORIGIN=$(gcloud run services describe cathode-frontend \
--platform managed --region us-central1 \
--format 'value(status.url)' 2>/dev/null || echo "")
fi
if [[ -z "$FRONTEND_ORIGIN" ]]; then
echo "WARNING: _FRONTEND_ORIGIN not set and frontend not yet deployed. CORS will be restrictive."
FRONTEND_ORIGIN="https://localhost:3000"
fi
echo "CORS origin: $FRONTEND_ORIGIN"
gcloud run deploy cathode-backend \
--image gcr.io/$PROJECT_ID/cathode-backend \
--region us-central1 \
--platform managed \
--allow-unauthenticated \
--set-env-vars "CATHODE_ENV=production,CATHODE_AUTH_ENABLED=true,CATHODE_MODEL_TYPE=chgnet,CATHODE_REQUIRE_MANIFEST_SIGNATURE=${_REQUIRE_MANIFEST_SIGNATURE},CATHODE_TRUST_PROXY=true,CATHODE_TRUST_PROXY_HOPS=1,CATHODE_FORCE_HTTPS=true,CATHODE_SECURITY_HEADERS=true,CATHODE_PROMETHEUS_ENABLED=true,CATHODE_LOG_REQUESTS=true,CATHODE_ALLOW_UNSAFE_TORCH_LOAD=false,CATHODE_CORS_ORIGINS=$FRONTEND_ORIGIN" \
--port 8080 \
--memory 4Gi \
--cpu 2 \
--timeout 300 \
--cpu-boost \
--max-instances 5
# ==========================================
# 2. Frontend Pipeline
# ==========================================
# Fetch Backend URL for linking
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
id: 'Fetch Backend URL'
entrypoint: 'bash'
args:
- '-c'
- |
gcloud run services describe cathode-backend --platform managed --region us-central1 --format 'value(status.url)' > backend_url.txt
echo "Backend URL: $(cat backend_url.txt)"
# Build Frontend Image (Injecting Backend URL)
- name: 'gcr.io/cloud-builders/docker'
id: 'Build Frontend'
entrypoint: 'bash'
args:
- '-c'
- |
export BACKEND_URL=$(cat backend_url.txt)
docker build -t gcr.io/$PROJECT_ID/cathode-frontend \
--build-arg NEXT_PUBLIC_API_URL=$$BACKEND_URL \
-f frontend.Dockerfile .
# Push Frontend Image
- name: 'gcr.io/cloud-builders/docker'
id: 'Push Frontend'
args: ['push', 'gcr.io/$PROJECT_ID/cathode-frontend']
# Deploy Frontend to Cloud Run
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
id: 'Deploy Frontend'
entrypoint: gcloud
args:
- 'run'
- 'deploy'
- 'cathode-frontend'
- '--image'
- 'gcr.io/$PROJECT_ID/cathode-frontend'
- '--region'
- 'us-central1'
- '--platform'
- 'managed'
- '--allow-unauthenticated'
- '--port'
- '3000'
- '--memory'
- '1Gi'
images:
- 'gcr.io/$PROJECT_ID/cathode-backend'
- 'gcr.io/$PROJECT_ID/cathode-frontend'
options:
logging: CLOUD_LOGGING_ONLY
substitutions:
_ARTIFACTS_GCS_URI: ""
_API_KEYS_SECRET: "cathode-api-keys"
_MANIFEST_KEY_SECRET: "cathode-manifest-hmac-key"
_REQUIRE_MANIFEST_SIGNATURE: "true"
_FRONTEND_ORIGIN: "" # Set via --substitutions or auto-resolved from deployed frontend