To deploy this system in production, there are only a few manual steps:
- Setup a GCP Project
- Create Terraform Google Cloud Storage bucket
- Perform initial Terraform run
Create a new GCP project and take note of the name and project ID.
This Google Cloud Bucket is used as a backing store for Terraform, so must be manually setup. Note the name you use
as you'll need to edit infra/terraform/main.tf to point to it.
Once those two things are setup, everything else can be configured with Infrastructure-as-code in Terraform. However,
you must run terraform apply once manually to setup the correct permissions for the Cloud Build service account to
run Terraform automatically in the future.
-
Create a new GCP project.
-
Create a new Terraform file for the region by copying infra/terraform/main.tf into a new subdirectory
- Modify the project ID in the new Terraform file
- Modify the Cloud Storage bucket names to match the new region:
- Terraform bucket
- Frontend bucket
- Connect bucket
- Run
terraform initin the new subdirectory
-
Enable all the GCP APIs needed:
- Cloud Build
- Cloud Engine
- Cloud Run
- Cloud SQL
- IAM
- KMS
- DNS
- Secret Manager
- Serverless VPC Access
- Service Networking
- Artifact Registry
- Kubernetes Engine
-
Create a new DB password in the new projects Secret Manager with the name
fabra-db-password -
Create a new Terraform bucket in Cloud Storage and add it to the Terraform file
-
Connect the Github repository to the new GCP project
-
Copy OAuth secrets to the new project's Secret Manager and ensure the code references them correctly
-
Enable Cloud Build to deploy to Cloud Run:
gcloud iam service-accounts add-iam-policy-binding \ [email protected] \ --member="serviceAccount:[email protected]" \ --role="roles/iam.serviceAccountUser" -
Run
terraform apply
Google Cloud Build is used for a various automatic actions triggered by pushes to the main Github branch:
- Run Terraform to build any new infrastructure
- Build Docker image for the Go code and deploy it to GCR
- Run database migrations