Switch from App Engine to Cloud Run for zosia site #4
Conversation
There was a problem hiding this comment.
Looks great 💪 With all this code, it should be much easier for future organizers to set up the Zosia website for future editions 🚀 However, I have a feeling we should improve the README file to make it more readable. Some testing (with other in our association) might be required.
| env { | ||
| name = "GOOGLE_CLOUD_PROJECT" | ||
| value = local.project_id | ||
| } | ||
|
|
||
| env { | ||
| name = "GCS_BUCKET_NAME" | ||
| value = google_storage_bucket.static_files_bucket.name | ||
| } | ||
|
|
||
| # TODO: Add domain mapping to zosia.org and www.zosia.org | ||
| env { | ||
| name = "HOSTS" | ||
| value = "zosia.org, www.zosia.org" | ||
| } |
There was a problem hiding this comment.
In general, I would consider configuring it as a locally defined map and using dynamic blocks with for_each. However, for three variables, it can remain as is :)
| } | ||
|
|
||
| resource "google_storage_bucket" "static_files_bucket" { | ||
| name = "${random_id.static_files_bucket_prefix.hex}-static-files-bucket" |
There was a problem hiding this comment.
I understand what you're trying to achieve, but you could have simply created a more readable prefix like "ksiuwr-" or "ksiuwr-infra-" ;)
| cors { | ||
| origin = ["*"] | ||
| method = ["GET"] | ||
| response_header = ["*"] | ||
| } |
There was a problem hiding this comment.
If this bucket is not set to act as a "website", then you don't need to define CORS.
| @@ -1,6 +1,7 @@ | |||
| locals { | |||
| project_id = "" | |||
| region = "europe-central2" | |||
| project_id = "" | |||
There was a problem hiding this comment.
You can get this from the project datasource, but it's better to provide it explicitly to ensure you're running it on the correct project. Therefore, I suggest adding a comment like "< update this >".
| project = local.project_id | ||
| service = "sql-component.googleapis.com" | ||
| } | ||
|
|
||
| resource "google_project_service" "artifactregistry_service" { | ||
| project = local.project_id | ||
| service = "artifactregistry.googleapis.com" | ||
| } | ||
|
|
||
| resource "google_project_service" "cloudrun_service" { | ||
| project = local.project_id | ||
| service = "run.googleapis.com" | ||
| } |
There was a problem hiding this comment.
You can change it to a single resource declaration with for_each and provide a list of services to activate.
| resource "google_service_account" "cloudrun_service_account" { | ||
| account_id = "cloudrun-service-account" |
There was a problem hiding this comment.
I would suggest renaming it to indicate that it is a service account for the Zosia website service (even though currently this is the only service you have in this infrastructure).
These changes were tested with zosia site code from that PR on my personal Google Cloud account. The website works correctly.
This PR contains:
migratejobcollectstaticjob with a public Google Cloud Storage bucket which contains all static files for production websitezosiaCloud Run Service which runs the website using docker image from Google Artifact Registry RepositoryTODO later:
zosiaservice, so that it can be accessed fromzosia.orgdomain