mirror/Compass
1
0
Fork 0
mirror of https://github.com/CompassConnections/Compass.git synced 2025-12-23 22:18:43 -05:00
Code Issues Packages Projects Releases Wiki Activity

Remove add-iam-policy-binding to roles/artifactregistry.reader post API deploy

Browse Source 
May not be needed
This commit is contained in:
MartinBraquet
2025-12-04 21:44:55 +01:00
parent 9493ee65cf
commit 569db46a8b
3 changed files with 28 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
backend/api/README.md
View File

@@ -70,8 +70,22 @@ gcloud compute backend-services update api-backend \
```shell
gcloud iam service-accounts create ci-deployer \
--display-name="CI Deployer"
gcloud projects add-iam-policy-binding compass-130ba --member="serviceAccount:ci-deployer@compass-130ba.iam.gserviceaccount.com" --role="roles/artifactregistry.writer"
gcloud projects add-iam-policy-binding compass-130ba --member="serviceAccount:ci-deployer@compass-130ba.iam.gserviceaccount.com" --role="roles/storage.objectAdmin"
gcloud projects add-iam-policy-binding compass-130ba \
--member="serviceAccount:ci-deployer@compass-130ba.iam.gserviceaccount.com" \
--role="roles/artifactregistry.writer"
gcloud projects add-iam-policy-binding compass-130ba \
--member="serviceAccount:ci-deployer@compass-130ba.iam.gserviceaccount.com" \
--role="roles/storage.objectAdmin"
gcloud projects add-iam-policy-binding compass-130ba \
--member="serviceAccount:ci-deployer@compass-130ba.iam.gserviceaccount.com" \
--role="roles/storage.admin"
gcloud projects add-iam-policy-binding compass-130ba \
--member="serviceAccount:ci-deployer@compass-130ba.iam.gserviceaccount.com" \
--role="roles/compute.admin"
gcloud iam service-accounts add-iam-policy-binding \
253367029065-compute@developer.gserviceaccount.com \
--member="serviceAccount:ci-deployer@compass-130ba.iam.gserviceaccount.com" \
--role="roles/iam.serviceAccountUser"
gcloud iam service-accounts keys create keyfile.json --iam-account=ci-deployer@compass-130ba.iam.gserviceaccount.com
```

22
backend/api/deploy-api.sh
View File

@@ -54,16 +54,16 @@ export TF_VAR_image_url=$IMAGE_URL
export TF_VAR_env=$ENV
tofu apply -auto-approve
INSTANCE_NAME=$(gcloud compute instances list \
--filter="zone:(us-west1-c)" \
--sort-by="~creationTimestamp" \
--format="value(name)" \
--limit=1)
SERVICE_ACCOUNT_EMAIL=$(gcloud compute instances describe ${INSTANCE_NAME} \
--zone us-west1-c \
--format="value(serviceAccounts.email)")
gcloud projects add-iam-policy-binding ${PROJECT} \
--member="serviceAccount:$SERVICE_ACCOUNT_EMAIL" \
--role="roles/artifactregistry.reader"
#INSTANCE_NAME=$(gcloud compute instances list \
# --filter="zone:(us-west1-c)" \
# --sort-by="~creationTimestamp" \
# --format="value(name)" \
# --limit=1)
#SERVICE_ACCOUNT_EMAIL=$(gcloud compute instances describe ${INSTANCE_NAME} \
# --zone us-west1-c \
# --format="value(serviceAccounts.email)")
#gcloud projects add-iam-policy-binding ${PROJECT} \
# --member="serviceAccount:$SERVICE_ACCOUNT_EMAIL" \
# --role="roles/artifactregistry.reader"
echo "✅ Deployment complete! Image: ${IMAGE_URL}"

2
backend/api/package.json
View File

@@ -1,7 +1,7 @@
{
"name": "@compass/api",
"description": "Backend API endpoints",
"version": "1.0.8",
"version": "1.0.9",
"private": true,
"scripts": {
"watch:serve": "tsx watch src/serve.ts",