Spaces:
Running
Running
gcloud setting
Browse files- Dockerfile +26 -0
- Makefile +75 -0
- local_config_example.json +2 -0
- upload_secrets.sh +65 -0
Dockerfile
ADDED
|
@@ -0,0 +1,26 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
FROM python:3.11-slim
|
| 2 |
+
|
| 3 |
+
WORKDIR /app
|
| 4 |
+
|
| 5 |
+
# 安裝系統依賴
|
| 6 |
+
RUN apt-get update && apt-get install -y \
|
| 7 |
+
ffmpeg \
|
| 8 |
+
&& rm -rf /var/lib/apt/lists/*
|
| 9 |
+
|
| 10 |
+
# 複製應用程式檔案
|
| 11 |
+
COPY requirements.txt .
|
| 12 |
+
COPY *.py .
|
| 13 |
+
COPY *.json ./
|
| 14 |
+
|
| 15 |
+
# 安裝 Python 依賴
|
| 16 |
+
RUN pip install --no-cache-dir -r requirements.txt
|
| 17 |
+
|
| 18 |
+
# 設定環境變數
|
| 19 |
+
ENV PORT=8080
|
| 20 |
+
ENV IS_ENV_LOCAL=false
|
| 21 |
+
|
| 22 |
+
# 暴露連接埠
|
| 23 |
+
EXPOSE 8080
|
| 24 |
+
|
| 25 |
+
# 啟動應用程式
|
| 26 |
+
CMD exec python app.py
|
Makefile
ADDED
|
@@ -0,0 +1,75 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# 從 local_config.json 讀取配置
|
| 2 |
+
PROJECT_ID := $(shell jq -r '.PROJECT_ID // "ai-square-463013"' local_config.json)
|
| 3 |
+
SERVICE_NAME := $(shell jq -r '.SERVICE_NAME // "vaitor2"' local_config.json)
|
| 4 |
+
|
| 5 |
+
# 檢查必要的環境變數
|
| 6 |
+
check-config:
|
| 7 |
+
@test -f local_config.json || (echo "錯誤:需要 local_config.json 文件" && exit 1)
|
| 8 |
+
|
| 9 |
+
# 專案相關變數
|
| 10 |
+
REGION := asia-east1
|
| 11 |
+
IMAGE_NAME := gcr.io/$(PROJECT_ID)/$(SERVICE_NAME)
|
| 12 |
+
|
| 13 |
+
# 確保有登入 gcloud
|
| 14 |
+
.PHONY: auth
|
| 15 |
+
auth: check-config
|
| 16 |
+
gcloud auth login
|
| 17 |
+
gcloud config set project $(PROJECT_ID)
|
| 18 |
+
gcloud auth configure-docker
|
| 19 |
+
|
| 20 |
+
# 上傳 secrets 到 Secret Manager
|
| 21 |
+
.PHONY: secrets
|
| 22 |
+
secrets: check-config
|
| 23 |
+
gcloud services enable secretmanager.googleapis.com
|
| 24 |
+
./upload_secrets.sh
|
| 25 |
+
|
| 26 |
+
# 建立並推送 Docker image
|
| 27 |
+
.PHONY: docker
|
| 28 |
+
docker: check-config
|
| 29 |
+
docker build -t $(IMAGE_NAME) .
|
| 30 |
+
docker push $(IMAGE_NAME)
|
| 31 |
+
|
| 32 |
+
# 部署到 Cloud Run
|
| 33 |
+
.PHONY: deploy
|
| 34 |
+
deploy: check-config
|
| 35 |
+
gcloud run deploy $(SERVICE_NAME) \
|
| 36 |
+
--image $(IMAGE_NAME) \
|
| 37 |
+
--platform managed \
|
| 38 |
+
--region $(REGION) \
|
| 39 |
+
--allow-unauthenticated \
|
| 40 |
+
--memory 2Gi \
|
| 41 |
+
--cpu 2 \
|
| 42 |
+
--port=8080 \
|
| 43 |
+
--set-secrets="\
|
| 44 |
+
PASSWORD=$(SERVICE_NAME)-PASSWORD:latest,\
|
| 45 |
+
OPEN_AI_KEY=$(SERVICE_NAME)-OPEN_AI_KEY:latest,\
|
| 46 |
+
OPEN_AI_ASSISTANT_ID_GPT4_BOT1=$(SERVICE_NAME)-OPEN_AI_ASSISTANT_ID_GPT4_BOT1:latest,\
|
| 47 |
+
OPEN_AI_ASSISTANT_ID_GPT3_BOT1=$(SERVICE_NAME)-OPEN_AI_ASSISTANT_ID_GPT3_BOT1:latest,\
|
| 48 |
+
OPEN_AI_MODERATION_BOT1=$(SERVICE_NAME)-OPEN_AI_MODERATION_BOT1:latest,\
|
| 49 |
+
GROQ_API_KEY=$(SERVICE_NAME)-GROQ_API_KEY:latest,\
|
| 50 |
+
JUTOR_CHAT_KEY=$(SERVICE_NAME)-JUTOR_CHAT_KEY:latest,\
|
| 51 |
+
PERPLEXITY_API_KEY=$(SERVICE_NAME)-PERPLEXITY_API_KEY:latest,\
|
| 52 |
+
GOOGLE_APPLICATION_CREDENTIALS_JSON=$(SERVICE_NAME)-GOOGLE_APPLICATION_CREDENTIALS_JSON:latest"
|
| 53 |
+
|
| 54 |
+
# 一次執行所有步驟
|
| 55 |
+
.PHONY: all
|
| 56 |
+
all: auth secrets docker deploy
|
| 57 |
+
|
| 58 |
+
# 只更新 Docker image 和部署(不處理 secrets)
|
| 59 |
+
.PHONY: update
|
| 60 |
+
update: docker deploy
|
| 61 |
+
|
| 62 |
+
# 顯示說明
|
| 63 |
+
.PHONY: help
|
| 64 |
+
help:
|
| 65 |
+
@echo "可用的指令:"
|
| 66 |
+
@echo " make auth - 登入 Google Cloud"
|
| 67 |
+
@echo " make secrets - 上傳 secrets 到 Secret Manager"
|
| 68 |
+
@echo " make docker - 建立並推送 Docker image"
|
| 69 |
+
@echo " make deploy - 部署到 Cloud Run"
|
| 70 |
+
@echo " make all - 執行所有步驟(auth + secrets + docker + deploy)"
|
| 71 |
+
@echo " make update - 只更新 Docker image 和部署"
|
| 72 |
+
@echo ""
|
| 73 |
+
@echo "注意:請確保 local_config.json 中有以下設定:"
|
| 74 |
+
@echo " PROJECT_ID: \"$(PROJECT_ID)\""
|
| 75 |
+
@echo " SERVICE_NAME: \"$(SERVICE_NAME)\""
|
local_config_example.json
CHANGED
|
@@ -1,4 +1,6 @@
|
|
| 1 |
{
|
|
|
|
|
|
|
| 2 |
"OUTPUT_PATH": "/Users/young/Downloads",
|
| 3 |
"TRANSCRIPTS": [],
|
| 4 |
"CURRENT_INDEX": 0,
|
|
|
|
| 1 |
{
|
| 2 |
+
"PROJECT_ID": "xx-xxxx-xxx",
|
| 3 |
+
"SERVICE_NAME": "xxx",
|
| 4 |
"OUTPUT_PATH": "/Users/young/Downloads",
|
| 5 |
"TRANSCRIPTS": [],
|
| 6 |
"CURRENT_INDEX": 0,
|
upload_secrets.sh
ADDED
|
@@ -0,0 +1,65 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
#!/bin/bash
|
| 2 |
+
|
| 3 |
+
# 1. 讀取 local_config.json
|
| 4 |
+
CONFIG_FILE="local_config.json"
|
| 5 |
+
PREFIX="vaitor2"
|
| 6 |
+
|
| 7 |
+
# 不使用 TMP_DIR,直接在專案根目錄產生暫存檔
|
| 8 |
+
|
| 9 |
+
echo "開始處理 secrets 上傳..."
|
| 10 |
+
|
| 11 |
+
# 2. 需要處理的 key
|
| 12 |
+
KEYS=(
|
| 13 |
+
PASSWORD
|
| 14 |
+
OPEN_AI_KEY
|
| 15 |
+
OPEN_AI_ASSISTANT_ID_GPT4_BOT1
|
| 16 |
+
OPEN_AI_ASSISTANT_ID_GPT3_BOT1
|
| 17 |
+
OPEN_AI_MODERATION_BOT1
|
| 18 |
+
GROQ_API_KEY
|
| 19 |
+
JUTOR_CHAT_KEY
|
| 20 |
+
PERPLEXITY_API_KEY
|
| 21 |
+
GOOGLE_APPLICATION_CREDENTIALS_JSON
|
| 22 |
+
)
|
| 23 |
+
|
| 24 |
+
# 3. 逐一處理每個 key
|
| 25 |
+
for KEY in "${KEYS[@]}"; do
|
| 26 |
+
echo "\n==== 處理 $KEY ===="
|
| 27 |
+
FILENAME="${KEY}.txt"
|
| 28 |
+
VALUE=$(jq -c --raw-output ".${KEY}" "$CONFIG_FILE")
|
| 29 |
+
|
| 30 |
+
# 如果是 null 就跳過
|
| 31 |
+
if [[ "$VALUE" == "null" ]]; then
|
| 32 |
+
echo "Skip $KEY (null)"
|
| 33 |
+
continue
|
| 34 |
+
fi
|
| 35 |
+
|
| 36 |
+
# 如果是物件(GOOGLE_APPLICATION_CREDENTIALS_JSON),直接存成 JSON
|
| 37 |
+
if [[ "$KEY" == "GOOGLE_APPLICATION_CREDENTIALS_JSON" ]]; then
|
| 38 |
+
echo "$VALUE" > "$FILENAME"
|
| 39 |
+
echo "已將 $KEY 內容存成 JSON 檔 $FILENAME"
|
| 40 |
+
else
|
| 41 |
+
echo -n "$VALUE" > "$FILENAME"
|
| 42 |
+
echo "已將 $KEY 內容存成文字檔 $FILENAME"
|
| 43 |
+
fi
|
| 44 |
+
|
| 45 |
+
set -x
|
| 46 |
+
# 建立 secret(如果已存在會失敗,請自行決定是否要先刪除舊的)
|
| 47 |
+
echo "嘗試建立 secret: ${PREFIX}-${KEY}..."
|
| 48 |
+
gcloud secrets create "${PREFIX}-${KEY}" --data-file="$FILENAME" 2>/dev/null
|
| 49 |
+
|
| 50 |
+
# 如果已存在就更新
|
| 51 |
+
if [[ $? -ne 0 ]]; then
|
| 52 |
+
echo "Secret ${PREFIX}-${KEY} 已存在,改為 add new version..."
|
| 53 |
+
gcloud secrets versions add "${PREFIX}-${KEY}" --data-file="$FILENAME"
|
| 54 |
+
echo "已為 ${PREFIX}-${KEY} 新增版本"
|
| 55 |
+
else
|
| 56 |
+
echo "Secret ${PREFIX}-${KEY} 已建立"
|
| 57 |
+
fi
|
| 58 |
+
set +x
|
| 59 |
+
|
| 60 |
+
# 刪除暫存檔
|
| 61 |
+
rm "$FILENAME"
|
| 62 |
+
echo "$FILENAME 已刪除"
|
| 63 |
+
done
|
| 64 |
+
|
| 65 |
+
echo "\n所有 secrets 已處理完畢!"
|