python-docs-samples/run/django/e2e_test_setup.yaml at e6a69f20798360667df748d389748ad29b248121 · GoogleCloudPlatform/python-docs-samples · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

steps:
  - id: "Create a dedicated database"
    name: "gcr.io/google.com/cloudsdktool/cloud-sdk"
    entrypoint: "/bin/bash"
    args:
      - "-c"
      - |
        WAIT=120 ./retry.sh "gcloud sql databases create ${_DB_NAME} \
          --instance ${_DB_INSTANCE} \
          --project ${PROJECT_ID}"

  - id: "Create a dedicated database user"
    name: "gcr.io/google.com/cloudsdktool/cloud-sdk"
    entrypoint: "/bin/bash"
    args:
      - "-c"
      - |
        echo -n "${_DB_PASS}" > db_password
        WAIT=120 ./retry.sh "gcloud sql users create ${_DB_USER} \
          --password $(cat db_password) \
          --instance ${_DB_INSTANCE} \
          --project ${PROJECT_ID}"
        rm db_password

  - id: "Create a dedicated storage bucket"
    name: "gcr.io/google.com/cloudsdktool/cloud-sdk"
    entrypoint: "/bin/bash"
    args:
      - "-c"
      - |
        ./retry.sh "gcloud storage buckets create gs://${_STORAGE_BUCKET} \
          --location ${_REGION} \
          --project ${PROJECT_ID}"

  - id: "IAM and Secrets"
    name: "gcr.io/google.com/cloudsdktool/cloud-sdk"
    entrypoint: "/bin/bash"
    args:
      - "-c"
      - |
        echo "DATABASE_URL=postgres://${_DB_USER}:${_DB_PASS}@//cloudsql/${_CLOUD_SQL_CONNECTION_NAME}/${_DB_NAME}
        GS_BUCKET_NAME=${_STORAGE_BUCKET}
        SECRET_KEY=$(cat /dev/urandom | LC_ALL=C tr -dc '[:alpha:]' | fold -w 30 | head -n1)" > ${_SECRET_SETTINGS_NAME}

        sa_email=$(gcloud projects list --filter "name=${PROJECT_ID}" --format "value(projectNumber)")-compute@developer.gserviceaccount.com

        ./retry.sh "gcloud secrets create ${_SECRET_SETTINGS_NAME} \
          --project $PROJECT_ID \
          --data-file=${_SECRET_SETTINGS_NAME}"

        ./retry.sh "gcloud secrets add-iam-policy-binding ${_SECRET_SETTINGS_NAME} \
        --member serviceAccount:${sa_email} \
        --role roles/secretmanager.secretAccessor \
        --project ${PROJECT_ID}"

  - id: "Build Container Image"
    name: buildpacksio/pack
    args: ["build", "${_IMAGE_NAME}", "--builder=gcr.io/buildpacks/builder",
      "--env", "GOOGLE_PYTHON_VERSION=${_PYTHON_VERSION}"]

  - id: "Push Container Image"
    name: "gcr.io/cloud-builders/docker"
    entrypoint: "/bin/bash"
    args:
      - "-c"
      - |
        ./retry.sh "docker push  ${_IMAGE_NAME}"

  - id: "Migrate database"
    name: "gcr.io/google.com/cloudsdktool/cloud-sdk"
    entrypoint: /bin/bash
    args:
      - "-c"
      - |
        ./retry.sh "gcloud run jobs create migrate-${_VERSION} \
          --region ${_REGION} \
          --image ${_IMAGE_NAME} \
          --set-cloudsql-instances ${_CLOUD_SQL_CONNECTION_NAME} \
          --set-env-vars SETTINGS_NAME=${_SECRET_SETTINGS_NAME} \
          --command migrate \
          --execute-now --wait"

  - id: "Create Superuser"
    name: "gcr.io/google.com/cloudsdktool/cloud-sdk"
    entrypoint: /bin/bash
    args:
      - "-c"
      - |
        ./retry.sh "gcloud run jobs create superuser-${_VERSION} \
          --region ${_REGION} \
          --image ${_IMAGE_NAME} \
          --command createsuperuser \
          --set-cloudsql-instances ${_CLOUD_SQL_CONNECTION_NAME} \
          --set-env-vars SETTINGS_NAME=${_SECRET_SETTINGS_NAME} \
          --set-env-vars DJANGO_SUPERUSER_PASSWORD=${_ADMIN_PASSWORD} \
          --set-env-vars DJANGO_SUPERUSER_EMAIL=${_ADMIN_EMAIL} \
          --execute-now --wait"

  - id: "Deploy to Cloud Run"
    name: "gcr.io/google.com/cloudsdktool/cloud-sdk:latest"
    entrypoint: /bin/bash
    args:
      - "-c"
      - |
        ./retry.sh "gcloud run deploy ${_SERVICE} \
          --project $PROJECT_ID \
          --image ${_IMAGE_NAME} \
          --no-allow-unauthenticated \
          --region ${_REGION} \
          --set-cloudsql-instances ${_CLOUD_SQL_CONNECTION_NAME} \
          --set-env-vars SETTINGS_NAME=${_SECRET_SETTINGS_NAME}"

images:
  - ${_IMAGE_NAME}

options:
  dynamicSubstitutions: true
  logging: CLOUD_LOGGING_ONLY

substitutions:
  _SERVICE: django
  _VERSION: manual
  _PYTHON_VERSION: "3.12"
  _REGION: us-central1
  _ARTIFACT_REGISTRY: cloud-run-source-deploy
  _IMAGE_NAME: ${_REGION}-docker.pkg.dev/${PROJECT_ID}/${_ARTIFACT_REGISTRY}/django-${_VERSION}
  _STORAGE_BUCKET: django-static-${PROJECT_ID}-${_VERSION}
  _DB_USER: django-${_VERSION}
  _DB_NAME: django-${_VERSION}
  _DB_INSTANCE: django-instance
  _SECRET_SETTINGS_NAME: django_settings-${_VERSION}
  _CLOUD_SQL_CONNECTION_NAME: ${PROJECT_ID}:${_REGION}:${_DB_INSTANCE}
  _DB_PASS: password1234
  _ADMIN_PASSWORD: superpass
  _ADMIN_EMAIL: example@noop.com