# Cloud Run Deployment

This directory contains deployment configurations for running the Accessible Video Platform on Google Cloud Run.

## Files

- `cloudbuild.yaml` - Cloud Build configuration for CI/CD
- `api-service.yaml` - Cloud Run service definition for API
- `worker-service.yaml` - Cloud Run service definition for Celery workers
- `main.tf` - Terraform infrastructure as code
- `terraform.tfvars.example` - Example Terraform variables
- `deploy.sh` - Manual deployment script
- `README.md` - This file

## Prerequisites

1. **Google Cloud Project** with billing enabled
2. **Required APIs** enabled (script will enable them):
   - Cloud Build API
   - Cloud Run API
   - Container Registry API
   - Secret Manager API
   - Cloud Trace API
   - Cloud Monitoring API
   - Translate API
   - Text-to-Speech API
   - Cloud Storage API
   - AI Platform API

3. **Secrets** created in Secret Manager:
   - `mongodb-url` - MongoDB Atlas connection string
   - `redis-url` - Redis connection string (Cloud Memorystore)
   - `jwt-secret` - JWT signing secret
   - `jwt-refresh-secret` - JWT refresh token secret
   - `gemini-api-key` - Google Gemini API key
   - `sendgrid-api-key` - SendGrid API key for emails
   - `elevenlabs-api-key` - ElevenLabs API key for TTS
   - `sentry-dsn` - Sentry error tracking DSN

## Deployment Options

### Option 1: Terraform (Recommended)

```bash
# Initialize Terraform
cd infra/cloud-run
terraform init

# Copy and configure variables
cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars with your project details

# Plan deployment
terraform plan

# Deploy infrastructure
terraform apply
```

### Option 2: Manual Script

```bash
# Set environment variables
export PROJECT_ID="your-gcp-project-id"
export REGION="us-central1"

# Run deployment script
./infra/cloud-run/deploy.sh
```

### Option 3: Cloud Build Trigger

Set up a Cloud Build trigger connected to your Git repository that uses `cloudbuild.yaml` for automatic deployments on code changes.

## Local Development

Use the provided `docker-compose.yml` in the project root:

```bash
# Copy environment file
cp .env.example .env
# Edit .env with your development credentials

# Start all services
docker-compose up -d

# View logs
docker-compose logs -f api
docker-compose logs -f worker
```

## Service Architecture

- **API Service**: Handles HTTP requests, authentication, job management
  - Memory: 2Gi, CPU: 2000m
  - Autoscaling: 1-10 instances
  - Public access via HTTPS

- **Worker Service**: Processes video files with AI models
  - Memory: 4Gi, CPU: 4000m  
  - Autoscaling: 0-5 instances
  - Internal access only

## Monitoring

Both services include:
- **OpenTelemetry tracing** exported to Cloud Trace
- **Prometheus metrics** for monitoring
- **Sentry error tracking** for error reporting
- **Health checks** for service reliability

## Security

- Services run with least-privilege service accounts
- Secrets managed via Secret Manager
- No hardcoded credentials in containers
- Network isolation for worker service