76 lines
3.8 KiB
Bash
Executable File
76 lines
3.8 KiB
Bash
Executable File
#!/usr/bin/env bash
|
||
set -euo pipefail
|
||
|
||
# ─────────────────────────────────────────────────────────────
|
||
# CONFIG – adjust only these 4 if needed
|
||
# ─────────────────────────────────────────────────────────────
|
||
ENV=dev
|
||
PROJECT=aptivaai-dev
|
||
ROOT=/home/jcoakley/aptiva-dev1-app
|
||
REG=us-central1-docker.pkg.dev/${PROJECT}/aptiva-repo
|
||
|
||
ENV_FILE="${ROOT}/.env"
|
||
SECRETS=(
|
||
JWT_SECRET OPENAI_API_KEY ONET_USERNAME ONET_PASSWORD
|
||
STRIPE_SECRET_KEY STRIPE_PUBLISHABLE_KEY STRIPE_WH_SECRET STRIPE_PRICE_PREMIUM_MONTH STRIPE_PRICE_PREMIUM_YEAR STRIPE_PRICE_PRO_MONTH STRIPE_PRICE_PRO_YEAR
|
||
DB_HOST DB_PORT DB_USER DB_PASSWORD
|
||
DB_SSL_CERT DB_SSL_KEY DB_SSL_CA
|
||
TWILIO_ACCOUNT_SID TWILIO_AUTH_TOKEN TWILIO_MESSAGING_SERVICE_SID
|
||
)
|
||
|
||
cd "$ROOT"
|
||
echo "🛠 Building front‑end bundle"
|
||
npm ci --silent
|
||
npm run build
|
||
|
||
# ─────────────────────────────────────────────────────────────
|
||
# 1. Build → Push → Stamp .env
|
||
# ─────────────────────────────────────────────────────────────
|
||
TAG="$(git rev-parse --short HEAD)-$(date -u +%Y%m%d%H%M)"
|
||
echo "🔨 Building & pushing containers (tag = ${TAG})"
|
||
|
||
for svc in server1 server2 server3 nginx; do
|
||
docker build -f Dockerfile."$svc" -t "${REG}/${svc}:${TAG}" .
|
||
docker push "${REG}/${svc}:${TAG}"
|
||
done
|
||
|
||
if grep -q '^IMG_TAG=' "$ENV_FILE"; then
|
||
sed -i "s/^IMG_TAG=.*/IMG_TAG=${TAG}/" "$ENV_FILE"
|
||
else
|
||
echo "IMG_TAG=${TAG}" >> "$ENV_FILE"
|
||
fi
|
||
echo "✅ .env updated with IMG_TAG=${TAG}"
|
||
|
||
# ─────────────────────────────────────────────────────────────
|
||
# 1a. Publish IMG_TAG to Secret Manager (single source of truth)
|
||
# ─────────────────────────────────────────────────────────────
|
||
printf "%s" "${TAG}" | gcloud secrets versions add IMG_TAG --data-file=- --project="$PROJECT"
|
||
|
||
echo "📦 IMG_TAG pushed to Secret Manager (no suffix)"
|
||
|
||
# ─────────────────────────────────────────────────────────────
|
||
# 2. Pull secrets into runtime (never written to disk)
|
||
# ─────────────────────────────────────────────────────────────
|
||
echo "🔐 Pulling secrets from Secret Manager"
|
||
for S in "${SECRETS[@]}"; do
|
||
export "$S"="$(gcloud secrets versions access latest \
|
||
--secret="${S}_${ENV}" \
|
||
--project="$PROJECT")"
|
||
done
|
||
|
||
export FROM_SECRETS_MANAGER=true
|
||
|
||
# ─────────────────────────────────────────────────────────────
|
||
# 3. Re-create the container stack
|
||
# ─────────────────────────────────────────────────────────────
|
||
preserve=IMG_TAG,FROM_SECRETS_MANAGER,REACT_APP_API_URL,$(IFS=,; echo "${SECRETS[*]}")
|
||
|
||
echo "🚀 docker compose up -d (env: $preserve)"
|
||
sudo --preserve-env="$preserve" docker compose up -d --force-recreate 2> >(grep -v 'WARN
|
||
|
||
\[0000\]
|
||
|
||
')
|
||
|
||
echo "✅ Deployment finished"
|