From bf2000800822e80b216d21d7192316c3a2f1c4fb Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 17:13:50 -0600 Subject: [PATCH 01/17] fix: correct GCS_SERVICE_ACCOUNT_KEY echo syntax and update relationship in Thing model --- .github/workflows/staging_deploy.yml | 2 +- db/thing.py | 2 +- schemas/thing.py | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/staging_deploy.yml b/.github/workflows/staging_deploy.yml index bf9a046a6..e12a024f8 100644 --- a/.github/workflows/staging_deploy.yml +++ b/.github/workflows/staging_deploy.yml @@ -48,7 +48,7 @@ jobs: echo " CLOUD_SQL_DATABASE: \"${{ secrets.CLOUD_SQL_DATABASE }}\"" >> app.yaml echo " CLOUD_SQL_USER: \"${{ secrets.CLOUD_SQL_USER }}\"" >> app.yaml echo " CLOUD_SQL_PASSWORD: \"${{ secrets.CLOUD_SQL_PASSWORD }}\"" >> app.yaml - echo " GCS_SERVICE_ACCOUNT_KEY: \"${{ secrets.GCS_SERVICE_ACCOUNT_KEY}}\"" >> app.yaml + echo " GCS_SERVICE_ACCOUNT_KEY: ${{ secrets.GCS_SERVICE_ACCOUNT_KEY }} >> app.yaml echo " GCS_BUCKET_NAME: \"${{secrets.GCS_BUCKET_NAME}}\"" >> app.yaml echo " AUTHENTIK_URL: \"${{secrets.AUTHENTIK_URL}}\"" >> app.yaml echo " AUTHENTIK_CLIENT_ID: \"${{secrets.AUTHENTIK_CLIENT_ID}}\"" >> app.yaml diff --git a/db/thing.py b/db/thing.py index 7ebd20f30..3ec71919a 100644 --- a/db/thing.py +++ b/db/thing.py @@ -113,7 +113,7 @@ class WellScreen(Base, AutoBaseMixin): String(1000), nullable=True, info={"unit": "description of the screen"} ) # Define a relationship to well if needed - # well = relationship("Well") + thing = relationship("Thing") # ============= EOF ============================================= diff --git a/schemas/thing.py b/schemas/thing.py index 69fc0a7b7..a7504fab6 100644 --- a/schemas/thing.py +++ b/schemas/thing.py @@ -161,6 +161,7 @@ class WellScreenResponse(ORMBaseModel): """ thing_id: int + thing: WellResponse screen_depth_bottom: float screen_depth_top: float screen_type: str | None = None From ccfe95578a439b946bf19da8d8bbecfea65bed86 Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 17:18:05 -0600 Subject: [PATCH 02/17] fix: update staging deployment configuration for dev environment --- .github/workflows/staging_deploy.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/staging_deploy.yml b/.github/workflows/staging_deploy.yml index e12a024f8..13d8001f9 100644 --- a/.github/workflows/staging_deploy.yml +++ b/.github/workflows/staging_deploy.yml @@ -2,7 +2,7 @@ name: CD (Staging) on: push: - branches: [pre-production] + branches: [pre-production, dev] permissions: contents: write @@ -36,7 +36,7 @@ jobs: # Uses Google Cloud Secret Manager to store secret credentials - name: Create app.yaml run: | - echo "service: ocotillo-api" > app.yaml + echo "service: ocotillo-api-dev" > app.yaml echo "runtime: python313" >> app.yaml echo "entrypoint: gunicorn -w 4 -k uvicorn.workers.UvicornWorker main:app" >> app.yaml echo "instance_class: F4" >> app.yaml @@ -63,10 +63,11 @@ jobs: # Clean up old versions - delete only the oldest version, one created and one destroyed - name: Clean up oldest version run: | - OLDEST_VERSION=$(gcloud app versions list --service=ocotillo-api --project=${{ secrets.GCP_PROJECT_ID }} --format="value(id)" --sort-by="version.createTime" | head -n 1) + OLDEST_VERSION=$(gcloud app versions list --service=ocotillo-api-dev --project=${{ secrets.GCP_PROJECT_ID }} + --format="value(id)" --sort-by="version.createTime" | head -n 1) if [ ! -z "$OLDEST_VERSION" ]; then echo "Deleting oldest version: $OLDEST_VERSION" - gcloud app versions delete $OLDEST_VERSION --service=ocotillo-api --project=${{ secrets.GCP_PROJECT_ID }} --quiet + gcloud app versions delete $OLDEST_VERSION --service=ocotillo-api-dev --project=${{ secrets.GCP_PROJECT_ID }} --quiet echo "Deleted oldest version: $OLDEST_VERSION" else echo "No versions to delete" From c942375bc92fc10bf66882b00b432e3126d14148 Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 17:28:28 -0600 Subject: [PATCH 03/17] fix: correct syntax for GCS_SERVICE_ACCOUNT_KEY in staging deployment configuration --- .github/workflows/staging_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/staging_deploy.yml b/.github/workflows/staging_deploy.yml index 13d8001f9..122791382 100644 --- a/.github/workflows/staging_deploy.yml +++ b/.github/workflows/staging_deploy.yml @@ -48,7 +48,7 @@ jobs: echo " CLOUD_SQL_DATABASE: \"${{ secrets.CLOUD_SQL_DATABASE }}\"" >> app.yaml echo " CLOUD_SQL_USER: \"${{ secrets.CLOUD_SQL_USER }}\"" >> app.yaml echo " CLOUD_SQL_PASSWORD: \"${{ secrets.CLOUD_SQL_PASSWORD }}\"" >> app.yaml - echo " GCS_SERVICE_ACCOUNT_KEY: ${{ secrets.GCS_SERVICE_ACCOUNT_KEY }} >> app.yaml + echo " GCS_SERVICE_ACCOUNT_KEY: ${{ secrets.GCS_SERVICE_ACCOUNT_KEY }} \" >> app.yaml echo " GCS_BUCKET_NAME: \"${{secrets.GCS_BUCKET_NAME}}\"" >> app.yaml echo " AUTHENTIK_URL: \"${{secrets.AUTHENTIK_URL}}\"" >> app.yaml echo " AUTHENTIK_CLIENT_ID: \"${{secrets.AUTHENTIK_CLIENT_ID}}\"" >> app.yaml From 1eca98a879bc885fe9e359cb09be439367da8849 Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 17:30:43 -0600 Subject: [PATCH 04/17] fix: correct syntax for GCS_SERVICE_ACCOUNT_KEY in staging deployment configuration --- .github/workflows/staging_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/staging_deploy.yml b/.github/workflows/staging_deploy.yml index 122791382..b9c724fb0 100644 --- a/.github/workflows/staging_deploy.yml +++ b/.github/workflows/staging_deploy.yml @@ -48,7 +48,7 @@ jobs: echo " CLOUD_SQL_DATABASE: \"${{ secrets.CLOUD_SQL_DATABASE }}\"" >> app.yaml echo " CLOUD_SQL_USER: \"${{ secrets.CLOUD_SQL_USER }}\"" >> app.yaml echo " CLOUD_SQL_PASSWORD: \"${{ secrets.CLOUD_SQL_PASSWORD }}\"" >> app.yaml - echo " GCS_SERVICE_ACCOUNT_KEY: ${{ secrets.GCS_SERVICE_ACCOUNT_KEY }} \" >> app.yaml + echo " GCS_SERVICE_ACCOUNT_KEY: ${{ secrets.GCS_SERVICE_ACCOUNT_KEY }} " >> app.yaml echo " GCS_BUCKET_NAME: \"${{secrets.GCS_BUCKET_NAME}}\"" >> app.yaml echo " AUTHENTIK_URL: \"${{secrets.AUTHENTIK_URL}}\"" >> app.yaml echo " AUTHENTIK_CLIENT_ID: \"${{secrets.AUTHENTIK_CLIENT_ID}}\"" >> app.yaml From dfbf9f29aaeb15e295f493c810b7efdf795714dc Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 17:40:02 -0600 Subject: [PATCH 05/17] fix: correct syntax for GCS_SERVICE_ACCOUNT_KEY in staging deployment configuration --- .github/workflows/staging_deploy.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/staging_deploy.yml b/.github/workflows/staging_deploy.yml index b9c724fb0..0d9ad47cb 100644 --- a/.github/workflows/staging_deploy.yml +++ b/.github/workflows/staging_deploy.yml @@ -36,7 +36,7 @@ jobs: # Uses Google Cloud Secret Manager to store secret credentials - name: Create app.yaml run: | - echo "service: ocotillo-api-dev" > app.yaml + echo "service: dev-ocotillo-api" > app.yaml echo "runtime: python313" >> app.yaml echo "entrypoint: gunicorn -w 4 -k uvicorn.workers.UvicornWorker main:app" >> app.yaml echo "instance_class: F4" >> app.yaml @@ -63,11 +63,11 @@ jobs: # Clean up old versions - delete only the oldest version, one created and one destroyed - name: Clean up oldest version run: | - OLDEST_VERSION=$(gcloud app versions list --service=ocotillo-api-dev --project=${{ secrets.GCP_PROJECT_ID }} + OLDEST_VERSION=$(gcloud app versions list --service=dev-ocotillo-api --project=${{ secrets.GCP_PROJECT_ID }} --format="value(id)" --sort-by="version.createTime" | head -n 1) if [ ! -z "$OLDEST_VERSION" ]; then echo "Deleting oldest version: $OLDEST_VERSION" - gcloud app versions delete $OLDEST_VERSION --service=ocotillo-api-dev --project=${{ secrets.GCP_PROJECT_ID }} --quiet + gcloud app versions delete $OLDEST_VERSION --service=dev-ocotillo-api --project=${{ secrets.GCP_PROJECT_ID }} --quiet echo "Deleted oldest version: $OLDEST_VERSION" else echo "No versions to delete" From 9e11ad17addef0aa0d18f5f9f92d349033211342 Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 17:48:29 -0600 Subject: [PATCH 06/17] fix: correct syntax for GCS_SERVICE_ACCOUNT_KEY in staging deployment configuration --- .github/workflows/staging_deploy.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/staging_deploy.yml b/.github/workflows/staging_deploy.yml index 0d9ad47cb..14cb6979e 100644 --- a/.github/workflows/staging_deploy.yml +++ b/.github/workflows/staging_deploy.yml @@ -63,8 +63,7 @@ jobs: # Clean up old versions - delete only the oldest version, one created and one destroyed - name: Clean up oldest version run: | - OLDEST_VERSION=$(gcloud app versions list --service=dev-ocotillo-api --project=${{ secrets.GCP_PROJECT_ID }} - --format="value(id)" --sort-by="version.createTime" | head -n 1) + OLDEST_VERSION=$(gcloud app versions list --service=dev-ocotillo-api --project=${{ secrets.GCP_PROJECT_ID}} --format="value(id)" --sort-by="version.createTime" | head -n 1) if [ ! -z "$OLDEST_VERSION" ]; then echo "Deleting oldest version: $OLDEST_VERSION" gcloud app versions delete $OLDEST_VERSION --service=dev-ocotillo-api --project=${{ secrets.GCP_PROJECT_ID }} --quiet From 5285228c933a7437ea23dfe0605ad45004405587 Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 18:01:22 -0600 Subject: [PATCH 07/17] fix: add debug prints for GCS_SERVICE_ACCOUNT_KEY in production mode --- services/gcs_helper.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/gcs_helper.py b/services/gcs_helper.py index 1ef8661c6..f1b334dd9 100644 --- a/services/gcs_helper.py +++ b/services/gcs_helper.py @@ -33,6 +33,8 @@ def get_storage_bucket() -> storage.Bucket: if settings.mode == "production": key_json = os.environ.get("GCS_SERVICE_ACCOUNT_KEY") + print(key_json) + print(json.loads(key_json, strict=False)) # Load service account credentials creds = service_account.Credentials.from_service_account_info( json.loads(key_json) From 062604bb239d792ab4f42a1aa7ec79dd58f5b926 Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 18:12:58 -0600 Subject: [PATCH 08/17] fix: add debug prints for GCS_SERVICE_ACCOUNT_KEY in production mode --- .github/workflows/staging_deploy.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/staging_deploy.yml b/.github/workflows/staging_deploy.yml index 14cb6979e..600249eb8 100644 --- a/.github/workflows/staging_deploy.yml +++ b/.github/workflows/staging_deploy.yml @@ -42,18 +42,18 @@ jobs: echo "instance_class: F4" >> app.yaml echo "" >> app.yaml echo "env_variables:" >> app.yaml - echo " MODE: \"production\"" >> app.yaml - echo " DB_DRIVER: \"cloudsql\"" >> app.yaml - echo " CLOUD_SQL_INSTANCE_NAME: \"${{ secrets.CLOUD_SQL_INSTANCE_NAME }}\"" >> app.yaml - echo " CLOUD_SQL_DATABASE: \"${{ secrets.CLOUD_SQL_DATABASE }}\"" >> app.yaml - echo " CLOUD_SQL_USER: \"${{ secrets.CLOUD_SQL_USER }}\"" >> app.yaml - echo " CLOUD_SQL_PASSWORD: \"${{ secrets.CLOUD_SQL_PASSWORD }}\"" >> app.yaml - echo " GCS_SERVICE_ACCOUNT_KEY: ${{ secrets.GCS_SERVICE_ACCOUNT_KEY }} " >> app.yaml - echo " GCS_BUCKET_NAME: \"${{secrets.GCS_BUCKET_NAME}}\"" >> app.yaml - echo " AUTHENTIK_URL: \"${{secrets.AUTHENTIK_URL}}\"" >> app.yaml - echo " AUTHENTIK_CLIENT_ID: \"${{secrets.AUTHENTIK_CLIENT_ID}}\"" >> app.yaml - echo " AUTHENTIK_AUTHORIZE_URL: \"${{secrets.AUTHENTIK_AUTHORIZE_URL}}\"" >> app.yaml - echo " AUTHENTIK_TOKEN_URL: \"${{secrets.AUTHENTIK_TOKEN_URL}}\"" >> app.yaml + echo " MODE: 'production'" >> app.yaml + echo " DB_DRIVER: 'cloudsql'" >> app.yaml + echo " CLOUD_SQL_INSTANCE_NAME: '${{ secrets.CLOUD_SQL_INSTANCE_NAME }}'" >> app.yaml + echo " CLOUD_SQL_DATABASE: '${{ secrets.CLOUD_SQL_DATABASE }}'" >> app.yaml + echo " CLOUD_SQL_USER: '${{ secrets.CLOUD_SQL_USER }}'" >> app.yaml + echo " CLOUD_SQL_PASSWORD: '${{ secrets.CLOUD_SQL_PASSWORD }}'" >> app.yaml + echo " GCS_SERVICE_ACCOUNT_KEY: '${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}' " >> app.yaml + echo " GCS_BUCKET_NAME: '${{secrets.GCS_BUCKET_NAME}}'" >> app.yaml + echo " AUTHENTIK_URL: '${{secrets.AUTHENTIK_URL}}'" >> app.yaml + echo " AUTHENTIK_CLIENT_ID: '${{secrets.AUTHENTIK_CLIENT_ID}}'" >> app.yaml + echo " AUTHENTIK_AUTHORIZE_URL: '${{secrets.AUTHENTIK_AUTHORIZE_URL}}'" >> app.yaml + echo " AUTHENTIK_TOKEN_URL: '${{secrets.AUTHENTIK_TOKEN_URL}}'" >> app.yaml - name: Deploy to Google Cloud From 5645a1b6db895d850b64e350aa03c6e0e74b4464 Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 18:18:26 -0600 Subject: [PATCH 09/17] fix: update debug prints for GCS_SERVICE_ACCOUNT_KEY and correct YAML syntax in staging deployment --- .github/workflows/staging_deploy.yml | 24 ++++++++++++------------ services/gcs_helper.py | 4 ++-- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/staging_deploy.yml b/.github/workflows/staging_deploy.yml index 600249eb8..6b5e73c4b 100644 --- a/.github/workflows/staging_deploy.yml +++ b/.github/workflows/staging_deploy.yml @@ -42,18 +42,18 @@ jobs: echo "instance_class: F4" >> app.yaml echo "" >> app.yaml echo "env_variables:" >> app.yaml - echo " MODE: 'production'" >> app.yaml - echo " DB_DRIVER: 'cloudsql'" >> app.yaml - echo " CLOUD_SQL_INSTANCE_NAME: '${{ secrets.CLOUD_SQL_INSTANCE_NAME }}'" >> app.yaml - echo " CLOUD_SQL_DATABASE: '${{ secrets.CLOUD_SQL_DATABASE }}'" >> app.yaml - echo " CLOUD_SQL_USER: '${{ secrets.CLOUD_SQL_USER }}'" >> app.yaml - echo " CLOUD_SQL_PASSWORD: '${{ secrets.CLOUD_SQL_PASSWORD }}'" >> app.yaml - echo " GCS_SERVICE_ACCOUNT_KEY: '${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}' " >> app.yaml - echo " GCS_BUCKET_NAME: '${{secrets.GCS_BUCKET_NAME}}'" >> app.yaml - echo " AUTHENTIK_URL: '${{secrets.AUTHENTIK_URL}}'" >> app.yaml - echo " AUTHENTIK_CLIENT_ID: '${{secrets.AUTHENTIK_CLIENT_ID}}'" >> app.yaml - echo " AUTHENTIK_AUTHORIZE_URL: '${{secrets.AUTHENTIK_AUTHORIZE_URL}}'" >> app.yaml - echo " AUTHENTIK_TOKEN_URL: '${{secrets.AUTHENTIK_TOKEN_URL}}'" >> app.yaml + echo " MODE: \"production\"" >> app.yaml + echo " DB_DRIVER: \"cloudsql\"" >> app.yaml + echo " CLOUD_SQL_INSTANCE_NAME: \"${{ secrets.CLOUD_SQL_INSTANCE_NAME }}\"" >> app.yaml + echo " CLOUD_SQL_DATABASE: \"${{ secrets.CLOUD_SQL_DATABASE }}\"" >> app.yaml + echo " CLOUD_SQL_USER: \"${{ secrets.CLOUD_SQL_USER }}\"" >> app.yaml + echo " CLOUD_SQL_PASSWORD: \"${{ secrets.CLOUD_SQL_PASSWORD }}\"" >> app.yaml + echo " GCS_SERVICE_ACCOUNT_KEY: '${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}'" >> app.yaml + echo " GCS_BUCKET_NAME: \"${{secrets.GCS_BUCKET_NAME}}\"" >> app.yaml + echo " AUTHENTIK_URL: \"${{secrets.AUTHENTIK_URL}}\"" >> app.yaml + echo " AUTHENTIK_CLIENT_ID: \"${{secrets.AUTHENTIK_CLIENT_ID}}\"" >> app.yaml + echo " AUTHENTIK_AUTHORIZE_URL: \"${{secrets.AUTHENTIK_AUTHORIZE_URL}}\"" >> app.yaml + echo " AUTHENTIK_TOKEN_URL: \"${{secrets.AUTHENTIK_TOKEN_URL}}\"" >> app.yaml - name: Deploy to Google Cloud diff --git a/services/gcs_helper.py b/services/gcs_helper.py index f1b334dd9..5b47aaaed 100644 --- a/services/gcs_helper.py +++ b/services/gcs_helper.py @@ -33,8 +33,8 @@ def get_storage_bucket() -> storage.Bucket: if settings.mode == "production": key_json = os.environ.get("GCS_SERVICE_ACCOUNT_KEY") - print(key_json) - print(json.loads(key_json, strict=False)) + print( type(key_json),key_json) + print(json.loads(key_json)) # Load service account credentials creds = service_account.Credentials.from_service_account_info( json.loads(key_json) From 06d8d18620259f96beabd8a9506ad50017f3f99f Mon Sep 17 00:00:00 2001 From: jirhiker Date: Tue, 26 Aug 2025 00:18:43 +0000 Subject: [PATCH 10/17] Formatting changes --- services/gcs_helper.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/gcs_helper.py b/services/gcs_helper.py index 5b47aaaed..d63a40ff6 100644 --- a/services/gcs_helper.py +++ b/services/gcs_helper.py @@ -33,7 +33,7 @@ def get_storage_bucket() -> storage.Bucket: if settings.mode == "production": key_json = os.environ.get("GCS_SERVICE_ACCOUNT_KEY") - print( type(key_json),key_json) + print(type(key_json), key_json) print(json.loads(key_json)) # Load service account credentials creds = service_account.Credentials.from_service_account_info( From 744e310fecb7a271f4ae0cedab524b5a0c1573cc Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 18:24:05 -0600 Subject: [PATCH 11/17] fix: escape single quotes for GCS_SERVICE_ACCOUNT_KEY in staging deployment configuration --- .github/workflows/staging_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/staging_deploy.yml b/.github/workflows/staging_deploy.yml index 6b5e73c4b..c8ab239b3 100644 --- a/.github/workflows/staging_deploy.yml +++ b/.github/workflows/staging_deploy.yml @@ -48,7 +48,7 @@ jobs: echo " CLOUD_SQL_DATABASE: \"${{ secrets.CLOUD_SQL_DATABASE }}\"" >> app.yaml echo " CLOUD_SQL_USER: \"${{ secrets.CLOUD_SQL_USER }}\"" >> app.yaml echo " CLOUD_SQL_PASSWORD: \"${{ secrets.CLOUD_SQL_PASSWORD }}\"" >> app.yaml - echo " GCS_SERVICE_ACCOUNT_KEY: '${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}'" >> app.yaml + echo " GCS_SERVICE_ACCOUNT_KEY: \'${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}\'" >> app.yaml echo " GCS_BUCKET_NAME: \"${{secrets.GCS_BUCKET_NAME}}\"" >> app.yaml echo " AUTHENTIK_URL: \"${{secrets.AUTHENTIK_URL}}\"" >> app.yaml echo " AUTHENTIK_CLIENT_ID: \"${{secrets.AUTHENTIK_CLIENT_ID}}\"" >> app.yaml From 0250504ffde30b6b98cf8a313bfb1fedc198962e Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 18:25:46 -0600 Subject: [PATCH 12/17] fix: update GCS_SERVICE_ACCOUNT_KEY syntax in staging deployment configuration --- .github/workflows/staging_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/staging_deploy.yml b/.github/workflows/staging_deploy.yml index c8ab239b3..4249ee973 100644 --- a/.github/workflows/staging_deploy.yml +++ b/.github/workflows/staging_deploy.yml @@ -48,7 +48,7 @@ jobs: echo " CLOUD_SQL_DATABASE: \"${{ secrets.CLOUD_SQL_DATABASE }}\"" >> app.yaml echo " CLOUD_SQL_USER: \"${{ secrets.CLOUD_SQL_USER }}\"" >> app.yaml echo " CLOUD_SQL_PASSWORD: \"${{ secrets.CLOUD_SQL_PASSWORD }}\"" >> app.yaml - echo " GCS_SERVICE_ACCOUNT_KEY: \'${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}\'" >> app.yaml + echo " GCS_SERVICE_ACCOUNT_KEY: \"${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}\"" >> app.yaml echo " GCS_BUCKET_NAME: \"${{secrets.GCS_BUCKET_NAME}}\"" >> app.yaml echo " AUTHENTIK_URL: \"${{secrets.AUTHENTIK_URL}}\"" >> app.yaml echo " AUTHENTIK_CLIENT_ID: \"${{secrets.AUTHENTIK_CLIENT_ID}}\"" >> app.yaml From b7f9246006c75cf86255f269ff42ef093d8ae148 Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 18:34:10 -0600 Subject: [PATCH 13/17] fix: decode GCS_SERVICE_ACCOUNT_KEY from base64 in production mode --- services/gcs_helper.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/services/gcs_helper.py b/services/gcs_helper.py index d63a40ff6..f9d0decfd 100644 --- a/services/gcs_helper.py +++ b/services/gcs_helper.py @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # =============================================================================== +import base64 import json import os import datetime @@ -32,12 +33,12 @@ def get_storage_bucket() -> storage.Bucket: if settings.mode == "production": - key_json = os.environ.get("GCS_SERVICE_ACCOUNT_KEY") - print(type(key_json), key_json) - print(json.loads(key_json)) + key_base64 = os.environ.get("GCS_SERVICE_ACCOUNT_KEY") + decoded = base64.b64decode(key_base64).decode("utf-8") + print(decoded) # Load service account credentials creds = service_account.Credentials.from_service_account_info( - json.loads(key_json) + json.loads(decoded) ) # Create storage client From 56b739a60c5030af0481a21fac4b623035fa8ea9 Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 18:36:56 -0600 Subject: [PATCH 14/17] fix: remove debug print for GCS_SERVICE_ACCOUNT_KEY in production mode --- services/gcs_helper.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/gcs_helper.py b/services/gcs_helper.py index f9d0decfd..2e5c8ee36 100644 --- a/services/gcs_helper.py +++ b/services/gcs_helper.py @@ -35,7 +35,7 @@ def get_storage_bucket() -> storage.Bucket: if settings.mode == "production": key_base64 = os.environ.get("GCS_SERVICE_ACCOUNT_KEY") decoded = base64.b64decode(key_base64).decode("utf-8") - print(decoded) + # Load service account credentials creds = service_account.Credentials.from_service_account_info( json.loads(decoded) From 479a3c2fb233cb7dcd55b74dd7aea5873c494324 Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 18:41:31 -0600 Subject: [PATCH 15/17] feat: add dev deployment configuration for Google Cloud --- .github/workflows/dev_deploy.yml | 89 ++++++++++++++++++++++++++++ .github/workflows/staging_deploy.yml | 8 +-- 2 files changed, 93 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/dev_deploy.yml diff --git a/.github/workflows/dev_deploy.yml b/.github/workflows/dev_deploy.yml new file mode 100644 index 000000000..6260cab69 --- /dev/null +++ b/.github/workflows/dev_deploy.yml @@ -0,0 +1,89 @@ +name: CD (Staging) + +on: + push: + branches: [dev] + +permissions: + contents: write + +jobs: + staging-deploy: + + runs-on: ubuntu-latest + environment: staging + + steps: + - name: Check out source repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install uv in container + uses: astral-sh/setup-uv@v6 + with: + version: "latest" + + - name: Generate requirements.txt + run: | + uv export -o requirements.txt + + - name: Authenticate to Google Cloud + uses: 'google-github-actions/auth@v2' + with: + credentials_json: ${{ secrets.CLOUD_DEPLOY_SERVICE_ACCOUNT_KEY }} + + # Uses Google Cloud Secret Manager to store secret credentials + - name: Create app.yaml + run: | + echo "service: dev-ocotillo-api" > app.yaml + echo "runtime: python313" >> app.yaml + echo "entrypoint: gunicorn -w 4 -k uvicorn.workers.UvicornWorker main:app" >> app.yaml + echo "instance_class: F4" >> app.yaml + echo "" >> app.yaml + echo "env_variables:" >> app.yaml + echo " MODE: \"production\"" >> app.yaml + echo " DB_DRIVER: \"cloudsql\"" >> app.yaml + echo " CLOUD_SQL_INSTANCE_NAME: \"${{ secrets.CLOUD_SQL_INSTANCE_NAME }}\"" >> app.yaml + echo " CLOUD_SQL_DATABASE: \"${{ secrets.CLOUD_SQL_DATABASE }}\"" >> app.yaml + echo " CLOUD_SQL_USER: \"${{ secrets.CLOUD_SQL_USER }}\"" >> app.yaml + echo " CLOUD_SQL_PASSWORD: \"${{ secrets.CLOUD_SQL_PASSWORD }}\"" >> app.yaml + echo " GCS_SERVICE_ACCOUNT_KEY: \"${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}\"" >> app.yaml + echo " GCS_BUCKET_NAME: \"${{secrets.GCS_BUCKET_NAME}}\"" >> app.yaml + echo " AUTHENTIK_URL: \"${{secrets.AUTHENTIK_URL}}\"" >> app.yaml + echo " AUTHENTIK_CLIENT_ID: \"${{secrets.AUTHENTIK_CLIENT_ID}}\"" >> app.yaml + echo " AUTHENTIK_AUTHORIZE_URL: \"${{secrets.AUTHENTIK_AUTHORIZE_URL}}\"" >> app.yaml + echo " AUTHENTIK_TOKEN_URL: \"${{secrets.AUTHENTIK_TOKEN_URL}}\"" >> app.yaml + + + - name: Deploy to Google Cloud + run: | + gcloud app deploy app.yaml --quiet --project ${{ secrets.GCP_PROJECT_ID }} + + # Clean up old versions - delete only the oldest version, one created and one destroyed + - name: Clean up oldest version + run: | + OLDEST_VERSION=$(gcloud app versions list --service=dev-ocotillo-api --project=${{ secrets.GCP_PROJECT_ID}} --format="value(id)" --sort-by="version.createTime" | head -n 1) + if [ ! -z "$OLDEST_VERSION" ]; then + echo "Deleting oldest version: $OLDEST_VERSION" + gcloud app versions delete $OLDEST_VERSION --service=dev-ocotillo-api --project=${{ secrets.GCP_PROJECT_ID }} --quiet + echo "Deleted oldest version: $OLDEST_VERSION" + else + echo "No versions to delete" + fi + + - name: Remove app.yaml + run: | + rm app.yaml + + # Use PR author's username as git user name + - name: Set up git user + run: | + git config --global user.name "${{ github.actor }}" + git config --global user.email "${{ github.actor }}@users.noreply.github.com" + + # ":" are not alloed in git tags, so replace with "-" + - name: Tag commit + run: | + git tag -a "staging-deploy-$(date -u +%Y-%m-%d)T$(date -u +%H-%M-%S%z)" -m "staging gcloud deployment: $(date -u +%Y-%m-%d)T$(date -u +%H:%M:%S%z)" + git push origin --tags \ No newline at end of file diff --git a/.github/workflows/staging_deploy.yml b/.github/workflows/staging_deploy.yml index 4249ee973..67853446c 100644 --- a/.github/workflows/staging_deploy.yml +++ b/.github/workflows/staging_deploy.yml @@ -2,7 +2,7 @@ name: CD (Staging) on: push: - branches: [pre-production, dev] + branches: [pre-production] permissions: contents: write @@ -36,7 +36,7 @@ jobs: # Uses Google Cloud Secret Manager to store secret credentials - name: Create app.yaml run: | - echo "service: dev-ocotillo-api" > app.yaml + echo "service: ocotillo-api" > app.yaml echo "runtime: python313" >> app.yaml echo "entrypoint: gunicorn -w 4 -k uvicorn.workers.UvicornWorker main:app" >> app.yaml echo "instance_class: F4" >> app.yaml @@ -63,10 +63,10 @@ jobs: # Clean up old versions - delete only the oldest version, one created and one destroyed - name: Clean up oldest version run: | - OLDEST_VERSION=$(gcloud app versions list --service=dev-ocotillo-api --project=${{ secrets.GCP_PROJECT_ID}} --format="value(id)" --sort-by="version.createTime" | head -n 1) + OLDEST_VERSION=$(gcloud app versions list --service=ocotillo-api --project=${{ secrets.GCP_PROJECT_ID}} --format="value(id)" --sort-by="version.createTime" | head -n 1) if [ ! -z "$OLDEST_VERSION" ]; then echo "Deleting oldest version: $OLDEST_VERSION" - gcloud app versions delete $OLDEST_VERSION --service=dev-ocotillo-api --project=${{ secrets.GCP_PROJECT_ID }} --quiet + gcloud app versions delete $OLDEST_VERSION --service=ocotillo-api --project=${{ secrets.GCP_PROJECT_ID }} --quiet echo "Deleted oldest version: $OLDEST_VERSION" else echo "No versions to delete" From 5bc8d035749661ea69507eebb17a4816ab33d754 Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 18:42:41 -0600 Subject: [PATCH 16/17] fix: update deployment configuration name from Staging to Development --- .github/workflows/dev_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dev_deploy.yml b/.github/workflows/dev_deploy.yml index 6260cab69..ee852d2dc 100644 --- a/.github/workflows/dev_deploy.yml +++ b/.github/workflows/dev_deploy.yml @@ -1,4 +1,4 @@ -name: CD (Staging) +name: CD (Development) on: push: From 2e1a852cf045c3dffcf4ef379af94ea862bfe92f Mon Sep 17 00:00:00 2001 From: jakeross Date: Mon, 25 Aug 2025 18:43:59 -0600 Subject: [PATCH 17/17] fix: remove unnecessary git setup and tagging steps from dev deployment configuration --- .github/workflows/dev_deploy.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/.github/workflows/dev_deploy.yml b/.github/workflows/dev_deploy.yml index ee852d2dc..fb71d3464 100644 --- a/.github/workflows/dev_deploy.yml +++ b/.github/workflows/dev_deploy.yml @@ -76,14 +76,3 @@ jobs: run: | rm app.yaml - # Use PR author's username as git user name - - name: Set up git user - run: | - git config --global user.name "${{ github.actor }}" - git config --global user.email "${{ github.actor }}@users.noreply.github.com" - - # ":" are not alloed in git tags, so replace with "-" - - name: Tag commit - run: | - git tag -a "staging-deploy-$(date -u +%Y-%m-%d)T$(date -u +%H-%M-%S%z)" -m "staging gcloud deployment: $(date -u +%Y-%m-%d)T$(date -u +%H:%M:%S%z)" - git push origin --tags \ No newline at end of file