573ec92668
- Backend: 127.0.0.1:1222 → container :8000 (avoids conflict with :8000) - PG: 10.220.168.5:15432, Redis: 10.220.168.5:16379 (for Cloud Run VPC access) - No host binding on standard ports to avoid conflicts with other apps - Updated firewall rule and Cloud Run worker script accordingly Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
81 lines
2.5 KiB
Bash
Executable file
81 lines
2.5 KiB
Bash
Executable file
#!/bin/bash
|
|
# ===========================================
|
|
# Deploy Celery Worker to Cloud Run
|
|
# ===========================================
|
|
# Run from repo root: ./deploy/cloud-run-worker.sh
|
|
# Prereqs: gcloud auth, Artifact Registry repo, VPC Connector
|
|
# ===========================================
|
|
set -euo pipefail
|
|
|
|
PROJECT_ID="optical-414516"
|
|
REGION="europe-west1"
|
|
SERVICE_NAME="nexus-worker"
|
|
REPO="europe-west1-docker.pkg.dev/${PROJECT_ID}/nexus"
|
|
IMAGE="${REPO}/${SERVICE_NAME}"
|
|
TAG=$(git rev-parse --short HEAD)
|
|
|
|
# VM internal IP (optical-web-1 in europe-west2-c, same VPC "default")
|
|
VM_IP="10.220.168.5"
|
|
|
|
VPC_CONNECTOR="projects/${PROJECT_ID}/locations/${REGION}/connectors/nexus-vpc"
|
|
|
|
# Load .env if present (for API keys etc.)
|
|
if [ -f .env ]; then
|
|
set -a
|
|
source .env
|
|
set +a
|
|
fi
|
|
|
|
# Configure docker for Artifact Registry
|
|
echo "[0/4] Configuring Docker auth for Artifact Registry..."
|
|
gcloud auth configure-docker europe-west1-docker.pkg.dev --quiet
|
|
|
|
echo "[1/4] Building worker image..."
|
|
docker build \
|
|
-t "${IMAGE}:${TAG}" \
|
|
-t "${IMAGE}:latest" \
|
|
-f backend/Dockerfile.worker \
|
|
backend
|
|
|
|
echo "[2/4] Pushing to Artifact Registry..."
|
|
docker push "${IMAGE}:${TAG}"
|
|
docker push "${IMAGE}:latest"
|
|
|
|
echo "[3/4] Deploying to Cloud Run..."
|
|
gcloud run deploy "${SERVICE_NAME}" \
|
|
--project="${PROJECT_ID}" \
|
|
--region="${REGION}" \
|
|
--image="${IMAGE}:${TAG}" \
|
|
--no-allow-unauthenticated \
|
|
--no-cpu-throttling \
|
|
--min-instances=0 \
|
|
--max-instances=3 \
|
|
--memory=2Gi \
|
|
--cpu=2 \
|
|
--timeout=1800 \
|
|
--vpc-connector="${VPC_CONNECTOR}" \
|
|
--vpc-egress=private-ranges-only \
|
|
--set-env-vars="\
|
|
ENVIRONMENT=production,\
|
|
DATABASE_URL=postgresql://${POSTGRES_USER:-nexus_user}:${POSTGRES_PASSWORD}@${VM_IP}:15432/${POSTGRES_DB:-nexus_db},\
|
|
REDIS_URL=redis://${VM_IP}:16379/0,\
|
|
CELERY_BROKER_URL=redis://${VM_IP}:16379/0,\
|
|
CELERY_RESULT_BACKEND=redis://${VM_IP}:16379/0,\
|
|
QDRANT_URL=http://${VM_IP}:6333,\
|
|
OPENAI_API_KEY=${OPENAI_API_KEY:-},\
|
|
ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-},\
|
|
GOOGLE_API_KEY=${GOOGLE_API_KEY:-},\
|
|
JWT_SECRET=${JWT_SECRET},\
|
|
ENTRA_CLIENT_ID=${ENTRA_CLIENT_ID},\
|
|
ENTRA_CLIENT_SECRET=${ENTRA_CLIENT_SECRET},\
|
|
ENTRA_TENANT_ID=${ENTRA_TENANT_ID},\
|
|
LLAMAPARSE_API_KEY=${LLAMAPARSE_API_KEY:-},\
|
|
SHAREPOINT_TENANT_DOMAIN=${SHAREPOINT_TENANT_DOMAIN:-company.sharepoint.com}"
|
|
|
|
echo ""
|
|
echo "[4/4] Done!"
|
|
echo "Image: ${IMAGE}:${TAG}"
|
|
gcloud run services describe "${SERVICE_NAME}" \
|
|
--project="${PROJECT_ID}" \
|
|
--region="${REGION}" \
|
|
--format="value(status.url)" 2>/dev/null || true
|