81 lines
4.2 KiB
Bash
Executable File
81 lines
4.2 KiB
Bash
Executable File
#!/usr/bin/env bash
|
||
set -euo pipefail
|
||
|
||
# ─────────────────────────────────────────────────────────────
|
||
# CONFIG – adjust only the 4 lines below if you change projects
|
||
# ─────────────────────────────────────────────────────────────
|
||
ENV=dev # secret suffix, e.g. JWT_SECRET_staging
|
||
PROJECT=aptivaai-dev
|
||
ROOT=/home/jcoakley/aptiva-dev1-app
|
||
REG=us-central1-docker.pkg.dev/${PROJECT}/aptiva-repo
|
||
|
||
ENV_FILE="${ROOT}/.env" # ← holds NON‑sensitive values only
|
||
SECRETS=(
|
||
JWT_SECRET OPENAI_API_KEY ONET_USERNAME ONET_PASSWORD
|
||
STRIPE_SECRET_KEY STRIPE_PUBLISHABLE_KEY STRIPE_WH_SECRET STRIPE_PRICE_PREMIUM_MONTH STRIPE_PRICE_PREMIUM_YEAR STRIPE_PRICE_PRO_MONTH STRIPE_PRICE_PRO_YEAR
|
||
DB_HOST DB_PORT DB_USER DB_PASSWORD
|
||
TWILIO_ACCOUNT_SID TWILIO_AUTH_TOKEN TWILIO_MESSAGING_SERVICE_SID
|
||
)
|
||
|
||
cd "$ROOT"
|
||
echo "🛠 Building front‑end bundle"
|
||
npm ci --silent # installs if node_modules is missing/old
|
||
npm run build
|
||
|
||
# ─────────────────────────────────────────────────────────────
|
||
# 1. Build ➔ Push ➔ Bump IMG_TAG in .env
|
||
# ─────────────────────────────────────────────────────────────
|
||
TAG=$(date -u +%Y%m%d%H%M)
|
||
echo "🔨 Building & pushing containers (tag = ${TAG})"
|
||
|
||
for svc in server1 server2 server3; do
|
||
docker build -f Dockerfile."$svc" -t "${REG}/${svc}:${TAG}" .
|
||
docker push "${REG}/${svc}:${TAG}"
|
||
done
|
||
|
||
# keep .env for static, non‑sensitive keys (ports, API_BASE…)
|
||
if grep -q '^IMG_TAG=' "$ENV_FILE"; then
|
||
sed -i "s/^IMG_TAG=.*/IMG_TAG=${TAG}/" "$ENV_FILE"
|
||
else
|
||
echo "IMG_TAG=${TAG}" >> "$ENV_FILE"
|
||
fi
|
||
echo "✅ .env updated with IMG_TAG=${TAG}"
|
||
|
||
# ─────────────────────────────────────────────────────────────
|
||
# 1a. Publish IMG_TAG to GCP Secret Manager (canonical source)
|
||
# ─────────────────────────────────────────────────────────────
|
||
echo "${TAG}" | gcloud secrets versions add IMG_TAG_DEV1 \
|
||
--data-file=- \
|
||
--project="$PROJECT"
|
||
|
||
echo "📦 IMG_TAG pushed to Secret Manager as IMG_TAG_DEV1"
|
||
|
||
# ─────────────────────────────────────────────────────────────
|
||
# 2. Export secrets straight from Secret Manager
|
||
# (they live only in this shell, never on disk)
|
||
# ─────────────────────────────────────────────────────────────
|
||
echo "🔐 Pulling ${ENV} secrets from Secret Manager"
|
||
for S in "${SECRETS[@]}"; do
|
||
export "$S"="$(gcloud secrets versions access latest \
|
||
--secret="${S}_${ENV}" \
|
||
--project="$PROJECT")"
|
||
done
|
||
|
||
# A flag so we can see in the container env where they came from
|
||
export FROM_SECRETS_MANAGER=true
|
||
|
||
# ─────────────────────────────────────────────────────────────
|
||
# 3. Re‑create the stack
|
||
# ─────────────────────────────────────────────────────────────
|
||
# Preserve only the variables docker‑compose needs for expansion
|
||
preserve=IMG_TAG,FROM_SECRETS_MANAGER,REACT_APP_API_URL,$(IFS=,; echo "${SECRETS[*]}")
|
||
|
||
echo "🚀 docker compose up -d (with preserved env: $preserve)"
|
||
sudo --preserve-env="$preserve" docker compose up -d --force-recreate 2> >(grep -v 'WARN
|
||
|
||
\[0000\]
|
||
|
||
')
|
||
|
||
echo "✅ Deployment finished"
|