This is a repository that contains the code used to set up the cloud infrastructure for this blog post. The related GitHub repository with the Flask API can be found here.
- A GCP Project with a service account that has the following roles:
- Editor
- Service Usage Admin
- Artifact Registry Administrator
- Cloud Run Admin
- Project IAM Admin
- If this is the first time deploying the infrastructure, perform the steps in section 3 of the README first. Otherwise, continue with the steps listed below.
- Use the service account
docker-pusher
to push a Docker image to the artifact repository. See e.g. here. - Set
docker_image
inmain/variables.tf
to the name of the Docker image. - Create a Pull Request for merging the branch with your desired changes into
main
. A comment will be added with the output ofterraform plan
. - Create a new release through the GitHub UI. This will trigger the workflow that
calls
terraform apply
.
- Download your service account key in the
.json
-format and store it asinfra_service_account.json
. - Run
cp .env.template .env
and add the absolute path to your service account in the.env
file. - Create the bucket for the Terraform backend with:
source .env
terraform -chdir=backend init
terraform -chdir=backend apply
- Find the name of the created GCP bucket in Cloud Storage on GCP, and enter it in
main/backend.tf
- Set the variable
first_time
inmain/variables.tf
totrue
. - Create the initial infrastructure with:
terraform -chdir=main init
terraform -chdir=main apply
- Copy the contents of
infra_service_account.json
and paste them into a repository secret with the nameGOOGLE_CREDENTIALS
- Set the variable
first_time
inmain/variables.tf
tofalse
.