This document details how to setup, build, and deploy your very own octochat 🐱.
You'll need a GitHub App to identify users of your instance of Octochat.
- Create a new GitHub App from this template.
- Note that the only permission needed is Followers: Read
- Also note that the callback URL is
localhost
. This will be changed later.
- Generate a new Client Secret. Make note of it and the Client ID, which you'll store securely below.
Now that you have a GitHub App, set up a Google Cloud project and service account to be able to send and receive messages.
-
In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Cloud project.
-
Install and initialize the Cloud SDK.
-
Click to enable the Cloud Run, Firestore, Secret Manager, Container Registry APIs or use the
gcloud
CLI:
gcloud services enable \
run.googleapis.com \
secretmanager.googleapis.com \
firestore.googleapis.com \
containerregistry.googleapis.com
-
Create a Cloud Firestore database in the Firestore console by selecting
Native mode. -
Add your GitHub App credentials and session secret to Google Secret Manager as JSON with inputs,
client_id
andclient_secret
as the GitHub App values noted before andsession_store_secret
as a text string of your choosing,
{
"client_id": "abc",
"client_secret": "abc",
"session_store_secret": "test-pw-123"
}
via the Secret Manager console or CLI:
gcloud secrets create octochat-secret \
--replication-policy="automatic" \
--data-file=FILENAME.json
- Create a service account with the necessary roles.
gcloud iam service-accounts create octochat-identity
# Allow service account to access the created secret
gcloud secrets add-iam-policy-binding octochat-secret \
--member serviceAccount:octochat-identity@$PROJECT_ID.iam.gserviceaccount.com \
--role roles/secretmanager.secretAccessor
# Allow the service account to access Firestore
gcloud projects add-iam-policy-binding $PROJECT_ID \
--member serviceAccount:idp-sql-identity@$PROJECT_ID.iam.gserviceaccount.com \
--role roles/datastore.user
-
Build the container image
docker build -t gcr.io/$PROJECT_ID/$IMAGE:$TAG .
docker push gcr.io/$PROJECT_ID/$IMAGE:$TAG
- Deploy the container image to Cloud Run.
gcloud run deploy octochat \
--image gcr.io/$PROJECT_ID/$IMAGE:$TAG \
--platform managed \
--region us-central1 \
--allow-unauthenticated \
--service-account octochat@$PROJECT_ID.iam.gserviceaccount.com \
--update-env-vars SECRET=projects/$PROJECT_ID/secrets/octochat-secret/versions/latest