Skip to content

ci: Add Cloud Run deployment workflow#1

Merged
5queezer merged 1 commit into
mainfrom
ci/cloud-run-deploy
Mar 19, 2026
Merged

ci: Add Cloud Run deployment workflow#1
5queezer merged 1 commit into
mainfrom
ci/cloud-run-deploy

Conversation

@5queezer

Copy link
Copy Markdown
Owner

Summary

  • Automate Cloud Run deployment on every push to main via Workload Identity Federation, Artifact Registry, and gcloud run deploy
  • Adapted from the job-tracker project's deploy pattern, tuned for this server (port 8000, 2Gi memory for Chromium, single instance for in-memory state)

Changes

  • New .github/workflows/deploy.yml with SHA-pinned actions matching repo convention
  • Configures env vars (TRANSPORT, HOST, PORT, LOG_LEVEL, HEADLESS) and GCP Secret Manager secrets (OAUTH_PASSWORD, OAUTH_BASE_URL, AUTH)

Prerequisites (manual, before first deploy succeeds)

  • Add GCP_WORKLOAD_IDENTITY_PROVIDER and GCP_SERVICE_ACCOUNT secrets to this repo
  • Add stickerdaniel/linkedin-mcp-server to WIF pool attribute condition
  • Create Artifact Registry repo: gcloud artifacts repositories create linkedin-mcp-server --repository-format=docker --location=europe-west1 --project=job-tracker-vasudev
  • Ensure OAUTH_PASSWORD, OAUTH_BASE_URL, AUTH secrets exist in GCP Secret Manager

Test plan

  • Merge to main and verify GitHub Actions deploy job succeeds
  • gcloud run services describe linkedin-mcp-server --region europe-west1 --project job-tracker-vasudev
  • curl https://<service-url>/.well-known/oauth-authorization-server

Generated with Claude Opus 4.6

Prompt: Implement the following plan: Deploy to Cloud Run on PR Merge

Automate deployment to Cloud Run on every push to main via WIF auth,
Artifact Registry, and gcloud run deploy.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8757b3d8f2

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +55 to +56
--set-env-vars "TRANSPORT=streamable-http,HOST=0.0.0.0,PORT=8000,LOG_LEVEL=WARNING,HEADLESS=true" \
--set-secrets "OAUTH_PASSWORD=OAUTH_PASSWORD:latest,OAUTH_BASE_URL=OAUTH_BASE_URL:latest,AUTH=AUTH:latest"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Provision a LinkedIn profile before starting Cloud Run

This revision will never become ready on a fresh Cloud Run instance because the deploy only injects OAuth secrets; it never provides the required LinkedIn source session under ~/.linkedin-mcp/ (profile/, cookies.json, and source-state.json). The container entrypoint starts linkedin_mcp_server immediately (Dockerfile:35-36), and startup hard-fails in ensure_authentication_ready() / auth_lifespan when get_authentication_source() cannot find those files (linkedin_mcp_server/authentication.py:24-56, linkedin_mcp_server/server.py:41-46). The README’s Docker instructions also require mounting that profile (README.md:190-210), so a Cloud Run deploy without a volume/secret/bootstrap step will crash-loop instead of serving requests.

Useful? React with 👍 / 👎.

@5queezer 5queezer merged commit aae3f72 into main Mar 19, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant