averello/repomix-mirror
1
0
Fork 0
mirror of https://github.com/yamadashy/repomix.git synced 2026-04-27 12:26:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
perf/parallelize-git-operations
repomix-mirror/website/server/cloudbuild.yaml
T
Kazuki Yamada 3f5a4f5845 feat(server): Add Cloudflare origin guard middleware 
Block direct access to Cloud Run bypassing Cloudflare by validating
a shared secret header (x-origin-secret) against CLOUDFLARE_ORIGIN_SECRET
environment variable. Applied to /api/* routes only, so /health remains
accessible for Cloud Run health checks. Guard is skipped when the env var
is not set, allowing safe local development and migration.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 22:48:39 +09:00

84 lines
2.2 KiB
YAML
Raw Permalink Blame History

steps:
# Build the container image
- name: 'gcr.io/cloud-builders/docker'
id: 'build'
args:
- 'build'
- '-t'
- '$_REGION-docker.pkg.dev/$PROJECT_ID/repomix/server:$BUILD_ID'
- '--cache-from'
- '$_REGION-docker.pkg.dev/$PROJECT_ID/repomix/server:latest'
- '--build-arg'
- 'NODE_ENV=production'
- '-f'
- 'website/server/Dockerfile'
- 'website/server'
# Push the container image
- name: 'gcr.io/cloud-builders/docker'
id: 'push'
args:
- 'push'
- '$_REGION-docker.pkg.dev/$PROJECT_ID/repomix/server:$BUILD_ID'
# Deploy to Cloud Run
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
id: 'deploy'
entrypoint: 'gcloud'
args:
- 'run'
- 'deploy'
- '$_SERVICE_NAME'
- '--image'
- '$_REGION-docker.pkg.dev/$PROJECT_ID/repomix/server:$BUILD_ID'
- '--region'
- '$_REGION'
- '--platform'
- 'managed'
- '--port'
- '8080'
- '--memory'
- '1024Mi'
- '--cpu'
- '2'
- '--min-instances'
- '0'
- '--max-instances'
- '10'
- '--timeout'
- '35s'
- '--ingress'
- 'all'
- '--allow-unauthenticated'
- '--set-env-vars'
- 'NODE_ENV=production'
- '--set-secrets'
- 'UPSTASH_REDIS_REST_URL=upstash-redis-rest-url:latest,UPSTASH_REDIS_REST_TOKEN=upstash-redis-rest-token:latest,CLOUDFLARE_ORIGIN_SECRET=cloudflare-origin-secret:latest'
# Tag the image as latest
- name: 'gcr.io/cloud-builders/docker'
id: 'tag-latest'
args:
- 'tag'
- '$_REGION-docker.pkg.dev/$PROJECT_ID/repomix/server:$BUILD_ID'
- '$_REGION-docker.pkg.dev/$PROJECT_ID/repomix/server:latest'
# Push the latest tag
- name: 'gcr.io/cloud-builders/docker'
id: 'push-latest'
args:
- 'push'
- '$_REGION-docker.pkg.dev/$PROJECT_ID/repomix/server:latest'
substitutions:
_REGION: us-central1
_SERVICE_NAME: repomix-server-us
options:
logging: CLOUD_LOGGING_ONLY
dynamic_substitutions: true
images:
- '$_REGION-docker.pkg.dev/$PROJECT_ID/repomix/server:$BUILD_ID'
- '$_REGION-docker.pkg.dev/$PROJECT_ID/repomix/server:latest'
Reference in New Issue View Git Blame Copy Permalink