#!/usr/bin/env bash set -euo pipefail # ───────────────────────────────────────────────────────────── # CONFIG – adjust only these 4 if needed # ───────────────────────────────────────────────────────────── ENV=dev PROJECT=aptivaai-dev ROOT=/home/jcoakley/aptiva-dev1-app REG=us-central1-docker.pkg.dev/${PROJECT}/aptiva-repo ENV_FILE="${ROOT}/.env" SECRETS=( JWT_SECRET OPENAI_API_KEY ONET_USERNAME ONET_PASSWORD STRIPE_SECRET_KEY STRIPE_PUBLISHABLE_KEY STRIPE_WH_SECRET STRIPE_PRICE_PREMIUM_MONTH STRIPE_PRICE_PREMIUM_YEAR STRIPE_PRICE_PRO_MONTH STRIPE_PRICE_PRO_YEAR DB_HOST DB_PORT DB_USER DB_PASSWORD TWILIO_ACCOUNT_SID TWILIO_AUTH_TOKEN TWILIO_MESSAGING_SERVICE_SID ) cd "$ROOT" echo "🛠 Building front‑end bundle" npm ci --silent npm run build # ───────────────────────────────────────────────────────────── # 1. Build → Push → Stamp .env # ───────────────────────────────────────────────────────────── TAG=$(date -u +%Y%m%d%H%M) echo "🔨 Building & pushing containers (tag = ${TAG})" for svc in server1 server2 server3; do docker build -f Dockerfile."$svc" -t "${REG}/${svc}:${TAG}" . docker push "${REG}/${svc}:${TAG}" done if grep -q '^IMG_TAG=' "$ENV_FILE"; then sed -i "s/^IMG_TAG=.*/IMG_TAG=${TAG}/" "$ENV_FILE" else echo "IMG_TAG=${TAG}" >> "$ENV_FILE" fi echo "✅ .env updated with IMG_TAG=${TAG}" # ───────────────────────────────────────────────────────────── # 1a. Publish IMG_TAG to Secret Manager (single source of truth) # ───────────────────────────────────────────────────────────── printf "%s" "${TAG}" | gcloud secrets versions add IMG_TAG --data-file=- --project="$PROJECT" echo "📦 IMG_TAG pushed to Secret Manager (no suffix)" # ───────────────────────────────────────────────────────────── # 2. Pull secrets into runtime (never written to disk) # ───────────────────────────────────────────────────────────── echo "🔐 Pulling secrets from Secret Manager" for S in "${SECRETS[@]}"; do export "$S"="$(gcloud secrets versions access latest \ --secret="${S}_${ENV}" \ --project="$PROJECT")" done export FROM_SECRETS_MANAGER=true # ───────────────────────────────────────────────────────────── # 3. Re-create the container stack # ───────────────────────────────────────────────────────────── preserve=IMG_TAG,FROM_SECRETS_MANAGER,REACT_APP_API_URL,$(IFS=,; echo "${SECRETS[*]}") echo "🚀 docker compose up -d (env: $preserve)" sudo --preserve-env="$preserve" docker compose up -d --force-recreate 2> >(grep -v 'WARN \[0000\] ') echo "✅ Deployment finished"