Deploy oct server to cloud run with gcloud
The easiest way to ensure a stable environment is a container. Please build and start it by utilizing docker compose:
docker compose -f dev.docker-compose.yaml build
docker compose -f dev.docker-compose.yaml up -dBash into the container to perform all required setup steps:
docker exec -it gcloud-run bashWhenever possible steps are stored in bash scripts which utilize gcloud commands to perform the required tasks.
A couple of manual steps are required before the automated part.
- You only have to do this once: Perform auth login. It will provide a URL you need to paste to browser manually. Once you enter the generated confomation token back in the terminal the process is completed. All info is stored in a named container volume, so the info is persisted and data will be back after container restarts. You can print auth info with a script.
- You need to install Google Cloud Build GitHub App in GitHub. Configure the repository the repository that should be used bind to it. Once you did, you need to retrieve the installation id Google Cloud Build app here: https://github.com/settings/installations. The id needs to be used in step 3.5. below.
- You only have to do this once: Create an env file from template in the project's root. Adjust the values accordingly and in the order descibed below:
- First set the
PROJECT_IDin the env file and save it. Directly use a script to create the project to create a project. It also sets the default project in the local settings. - Use printBillingAccounts.sh to retrieve the billing account number and set
BILLING_ACCOUNT_IDin the env file. - Enable all required APIs. It requires the billing account previously set.
- Use printRegions.sh to print all regions and set
DEFAULT_REGIONin the env file. Save the env file. Use another script set the default region in the local glcoud config. - Set the
GITHUB_APP_IDin the env file retrieved in step 2 which will bind the project to the specified repository. - Update the GitHub repository related variables
- Adjust OCT environment properties if values are already known. Otherwise, leave as is, because they can be altered and updated later.
- First set the
- Verify the env file
- GitHub:
4.a. Create a classic access token with all
repoandread:userpermissions. If your app is installed in an organization, make sure to also select theread:orgpermission. (see) 4.b. Store this token in<repo-root>/.local/gh.token. The folder is in contained.gitignoreand the token can be deleted once it was successfully processed with the next step: 4.c. Store the GitHub token as secret
Either: Execute all setup steps one after the other:
- Create new service account and update required permissions
- Create a builds to repo connection
- Create a builds repository
- Create a docker artifacts repository
- Create a builds trigger
Or: Perform them all sequentially with one script:
You have to enable public access to the deployed app. Usage is only possible after first deployment of the app to cloud run.
Secret can be manually updated here: https://console.cloud.google.com/security/secret-manager
It is higly recommende to update at least the OCT_JWT_PRIVATE_KEY. It is the seed for the JWT generator. If not set a default value is created.
Secrets OCT_OAUTH_GITHUB_CLIENTID and OCT_OAUTH_GITHUB_CLIENTSECRET are required for GitHub OAtuh support.
Secrets OCT_OAUTH_GOOGLE_CLIENTID and OCT_OAUTH_GOOGLE_CLIENTSECRET are required for Google OAuth support.
Proper values should be set in the .env file in the root of the project. All environment variables are described here
Once you updated all secrets and environemnt variables use this script to update the secret to the latest versions and the environment variables for the deployed service.
If you want to delete the project use the following script:
- Delete the project. It can be recovered within the next 30 days.