Skip to content

Latest commit

 

History

History
99 lines (71 loc) · 3.98 KB

DEVELOPMENT.md

File metadata and controls

99 lines (71 loc) · 3.98 KB
Raw

Development

This document details how to setup, build, and deploy your very own octochat 🐱.

1. Create new GitHub App

You'll need a GitHub App to identify users of your instance of Octochat.

  1. Create a new GitHub App from this template.
  • Note that the only permission needed is Followers: Read
  • Also note that the callback URL is localhost. This will be changed later.
  1. Generate a new Client Secret. Make note of it and the Client ID, which you'll store securely below.

2. Set up Google Cloud project and authentication

Now that you have a GitHub App, set up a Google Cloud project and service account to be able to send and receive messages.

  1. In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

  2. Make sure that billing is enabled for your Cloud project.

  3. Install and initialize the Cloud SDK.

  4. Click to enable the Cloud Run, Firestore, Secret Manager, Container Registry APIs or use the gcloud CLI:

gcloud services enable \
run.googleapis.com \
secretmanager.googleapis.com \
firestore.googleapis.com \
containerregistry.googleapis.com

  1. Create a Cloud Firestore database in the Firestore console by selecting Native mode.

  2. Add your GitHub App credentials and session secret to Google Secret Manager as JSON with inputs, client_id and client_secret as the GitHub App values noted before and session_store_secret as a text string of your choosing,

{
  "client_id": "abc",
  "client_secret": "abc",
  "session_store_secret": "test-pw-123"
}

via the Secret Manager console or CLI:

gcloud secrets create octochat-secret \
    --replication-policy="automatic" \
    --data-file=FILENAME.json
  1. Create a service account with the necessary roles.
gcloud iam service-accounts create octochat-identity

# Allow service account to access the created secret
gcloud secrets add-iam-policy-binding octochat-secret \
  --member serviceAccount:octochat-identity@$PROJECT_ID.iam.gserviceaccount.com \
  --role roles/secretmanager.secretAccessor

# Allow the service account to access Firestore
gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member serviceAccount:idp-sql-identity@$PROJECT_ID.iam.gserviceaccount.com \
  --role roles/datastore.user

  1. Setup gcloud as a Docker credential helper.

  2. Build the container image

docker build -t gcr.io/$PROJECT_ID/$IMAGE:$TAG .
docker push gcr.io/$PROJECT_ID/$IMAGE:$TAG
  1. Deploy the container image to Cloud Run.
gcloud run deploy octochat \
  --image gcr.io/$PROJECT_ID/$IMAGE:$TAG \
  --platform managed \
  --region us-central1 \
  --allow-unauthenticated \
  --service-account octochat@$PROJECT_ID.iam.gserviceaccount.com \
  --update-env-vars SECRET=projects/$PROJECT_ID/secrets/octochat-secret/versions/latest

3. Hook up a GitHub Actions CI/CD pipeline