-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeploy_gcp.ps1
More file actions
186 lines (150 loc) · 6.11 KB
/
deploy_gcp.ps1
File metadata and controls
186 lines (150 loc) · 6.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
# CathodeScreen Deployment Script for Google Cloud Platform
# Usage: .\deploy_gcp.ps1 -ProjectId YOUR_PROJECT_ID [-ArtifactsGcsUri gs://YOUR_BUCKET/path]
param (
[Parameter(Mandatory = $true)]
[string]$ProjectId,
[string]$Region = "us-central1",
[string]$BackendServiceName = "cathode-backend",
[string]$FrontendServiceName = "cathode-frontend",
[string]$ArtifactsGcsUri = "",
[switch]$UseSecretManager,
[string]$ApiKeysSecret = "cathode-api-keys",
[string]$ApiKeyHashesSecret = "",
[string]$ManifestKeySecret = "cathode-manifest-hmac-key",
[string]$ServiceAccount = "",
[int]$BackendConcurrency = 0,
[int]$BackendMaxInstances = 0,
[int]$BackendMinInstances = 0,
[switch]$AllowUnauthenticatedBackend
)
$ErrorActionPreference = "Stop"
function Write-Step {
param($Message)
Write-Host "`n========================================================" -ForegroundColor Cyan
Write-Host $Message -ForegroundColor Cyan
Write-Host "========================================================`n"
}
function Test-Secret {
param([string]$SecretName)
if ([string]::IsNullOrWhiteSpace($SecretName)) {
return $false
}
$null = gcloud secrets describe $SecretName --project $ProjectId --format "value(name)" 2>$null
return $LASTEXITCODE -eq 0
}
# 1. Check Pre-requisites
Write-Step "Checking Prerequisites"
if (-not (Get-Command gcloud -ErrorAction SilentlyContinue)) {
Write-Error "Google Cloud SDK (gcloud) is not installed. Please install it first."
}
Write-Host "Project ID: $ProjectId"
Write-Host "Region: $Region"
Write-Host "Backend: $BackendServiceName"
Write-Host "Frontend: $FrontendServiceName"
# 2. Configure Project
Write-Step "Configuring GCP Project"
gcloud config set project $ProjectId
# 3. Deploy Backend
Write-Step "Building & Deploying Backend (Cloud Run)"
Write-Host "NOTE: If prompted to enable APIs (run.googleapis.com, cloudbuild.googleapis.com), please press 'y' and Enter." -ForegroundColor Yellow
# Build using cloudbuild.yaml to support custom Dockerfile
$BuildArgs = @("builds", "submit", "--config", "backend.cloudbuild.yaml", ".")
if (-not [string]::IsNullOrWhiteSpace($ArtifactsGcsUri)) {
$BuildArgs += @("--substitutions", "_ARTIFACTS_GCS_URI=$ArtifactsGcsUri")
} elseif (-not (Test-Path "data/artifacts")) {
Write-Host "Warning: data/artifacts not found locally and -ArtifactsGcsUri not set. Cloud Build will fail." -ForegroundColor Yellow
}
gcloud @BuildArgs
if ($LASTEXITCODE -ne 0) { Write-Error "Backend build failed." }
if ($UseSecretManager) {
Write-Step "Checking Secret Manager"
if (-not (Test-Secret $ApiKeysSecret) -and -not (Test-Secret $ApiKeyHashesSecret)) {
Write-Host "Warning: API key secrets not found. Create them in Secret Manager before deploy." -ForegroundColor Yellow
}
if (-not (Test-Secret $ManifestKeySecret)) {
Write-Host "Warning: Manifest key secret not found. Signature verification will fail." -ForegroundColor Yellow
}
}
$BackendEnvVars = @(
"PORT=8080",
"CATHODE_ENV=production",
"CATHODE_AUTH_ENABLED=true",
"CATHODE_REQUIRE_MANIFEST_SIGNATURE=true",
"CATHODE_TRUST_PROXY=true",
"CATHODE_TRUST_PROXY_HOPS=1",
"CATHODE_FORCE_HTTPS=true",
"CATHODE_SECURITY_HEADERS=true",
"CATHODE_PROMETHEUS_ENABLED=true",
"CATHODE_LOG_REQUESTS=true",
"CATHODE_ALLOW_UNSAFE_TORCH_LOAD=false"
)
$BackendArgs = @(
"run", "deploy", $BackendServiceName,
"--image", "gcr.io/$ProjectId/$BackendServiceName",
"--platform", "managed",
"--region", $Region,
"--port", "8080",
"--memory", "2Gi",
"--set-env-vars", ($BackendEnvVars -join ",")
)
if ($AllowUnauthenticatedBackend) {
$BackendArgs += "--allow-unauthenticated"
} else {
$BackendArgs += "--no-allow-unauthenticated"
}
if (-not [string]::IsNullOrWhiteSpace($ServiceAccount)) {
$BackendArgs += @("--service-account", $ServiceAccount)
}
if ($BackendConcurrency -gt 0) {
$BackendArgs += @("--concurrency", $BackendConcurrency)
}
if ($BackendMaxInstances -gt 0) {
$BackendArgs += @("--max-instances", $BackendMaxInstances)
}
if ($BackendMinInstances -gt 0) {
$BackendArgs += @("--min-instances", $BackendMinInstances)
}
if ($UseSecretManager) {
$Secrets = @()
if (-not [string]::IsNullOrWhiteSpace($ApiKeysSecret)) {
$Secrets += "CATHODE_API_KEYS=$ApiKeysSecret:latest"
}
if (-not [string]::IsNullOrWhiteSpace($ApiKeyHashesSecret)) {
$Secrets += "CATHODE_API_KEY_HASHES=$ApiKeyHashesSecret:latest"
}
if (-not [string]::IsNullOrWhiteSpace($ManifestKeySecret)) {
$Secrets += "CATHODE_MANIFEST_HMAC_KEY=$ManifestKeySecret:latest"
}
if ($Secrets.Count -gt 0) {
$BackendArgs += @("--set-secrets", ($Secrets -join ","))
}
}
gcloud @BackendArgs
if ($LASTEXITCODE -ne 0) { Write-Error "Backend deployment failed." }
# Get Backend URL
$BackendUrl = (gcloud run services describe $BackendServiceName --platform managed --region $Region --format 'value(status.url)')
if ([string]::IsNullOrWhiteSpace($BackendUrl)) {
Write-Error "Failed to retrieve Backend URL. Please check the backend deployment."
}
Write-Host "Backend is live at: $BackendUrl" -ForegroundColor Green
# 4. Deploy Frontend
Write-Step "Building & Deploying Frontend (Cloud Run)"
Write-Host "Injecting Backend URL: $BackendUrl"
# Build with backend URL substitution
gcloud builds submit --config frontend.cloudbuild.yaml --substitutions="_BACKEND_URL=$BackendUrl" .
if ($LASTEXITCODE -ne 0) { Write-Error "Frontend build failed." }
$FrontendArgs = @(
"run", "deploy", $FrontendServiceName,
"--image", "gcr.io/$ProjectId/$FrontendServiceName",
"--platform", "managed",
"--region", $Region,
"--allow-unauthenticated",
"--port", "3000",
"--memory", "1Gi"
)
gcloud @FrontendArgs
if ($LASTEXITCODE -ne 0) { Write-Error "Frontend deployment failed." }
$FrontendUrl = (gcloud run services describe $FrontendServiceName --platform managed --region $Region --format 'value(status.url)')
Write-Step "Deployment Complete! 🚀"
Write-Host "Frontend: $FrontendUrl" -ForegroundColor Green
Write-Host "Backend: $BackendUrl" -ForegroundColor Green