Merge pull request #862 from PolicyEngine/fix/resolve-deploy-error

Various fixes to Dockerfile and GCP

Author: anth-volk

.github/scripts/deploy-app-engine.sh

@@ -23,21 +23,25 @@ echo "Image: $IMAGE_NAME:$IMAGE_TAG"
 echo "Version: $IMAGE_TAG"
 echo "Service Account: $SERVICE_ACCOUNT"
 echo "App YAML: $APP_YAML_PATH"
-# Define environment variables to set
-declare -A ENV_VARS=(
-    ["AUTH0_ADDRESS_NO_DOMAIN"]="$AUTH0_ADDRESS_NO_DOMAIN"
-    ["AUTH0_AUDIENCE_NO_DOMAIN"]="$AUTH0_AUDIENCE_NO_DOMAIN"
-    ["USER_ANALYTICS_DB_USERNAME"]="$USER_ANALYTICS_DB_USERNAME"
-    ["USER_ANALYTICS_DB_PASSWORD"]="$USER_ANALYTICS_DB_PASSWORD"
-    ["USER_ANALYTICS_DB_CONNECTION_NAME"]="$USER_ANALYTICS_DB_CONNECTION_NAME"
-    ["ANTHROPIC_API_KEY"]="$ANTHROPIC_API_KEY"
-)
-
-# Deploy to App Engine using the pre-built image
-gcloud app deploy "$APP_YAML_PATH" \
+
+# Check that Auth0 environment variables are set
+if [ -z "$AUTH0_ADDRESS_NO_DOMAIN" ] || [ -z "$AUTH0_AUDIENCE_NO_DOMAIN" ]; then
+    echo "Error: Auth0 environment variables not set"
+    exit 1
+fi
+
+echo "Substituting environment variables in app.yaml..."
+TEMP_APP_YAML=$(mktemp)
+envsubst < "$APP_YAML_PATH" > "$TEMP_APP_YAML"
+
+# Deploy to App Engine using the substituted app.yaml
+gcloud app deploy "$TEMP_APP_YAML" \
     --image-url="$IMAGE_NAME:$IMAGE_TAG" \
     --version="$IMAGE_TAG" \
     --service-account="$SERVICE_ACCOUNT" \
     --quiet
 
-echo "App Engine deployment completed successfully"
+# Clean up
+rm "$TEMP_APP_YAML"
+
+echo "App Engine deployment completed successfully"

changelog_entry.yaml

@@ -0,0 +1,4 @@
+- bump: patch
+  changes:
+    changed:
+    - Made various fixes to Dockerfile and GCP deployment scripts.

gcp/policyengine_household_api/Dockerfile.production

@@ -1,48 +1,38 @@
 #----------------- Build stage -----------------
-# Stage used to compile code and install dependencies
-FROM python:3.12-slim AS builder
+FROM --platform=linux/amd64 python:3.12-slim AS builder
 WORKDIR /build
 COPY . .
-
+  
 # Install build dependencies
 RUN apt-get update && apt-get install -y build-essential
 RUN rm -rf /var/lib/apt/lists/*
-
+  
 # Create virtual environment
 RUN python -m venv /opt/venv
 ENV PATH="/opt/venv/bin:$PATH"
-
+  
 # Install Python dependencies
 RUN pip install --no-cache-dir --upgrade pip
 RUN pip install -e .
-
+  
 #----------------- Production stage -----------------
-# Stage used to run the application
-FROM python:3.12-slim AS production
+FROM --platform=linux/amd64 python:3.12-slim AS production
 WORKDIR /app
-
+  
 # Install runtime system dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends curl
 RUN rm -rf /var/lib/apt/lists/*
-
-# Create user and set permissions; don't run as root for security reasons
-RUN groupadd -r appuser && useradd -r -g appuser appuser
-
-# Copy only the necessary artifacts from the build stage
+  
+# Copy artifacts from build stage
 COPY --from=builder /opt/venv /opt/venv
 COPY --from=builder /build/policyengine_household_api /app/policyengine_household_api
-
-# Copy the startup script from the existing GCP configuration
+  
+# Copy startup script
 COPY ./gcp/policyengine_household_api/start.sh /app/start.sh
-
-# Make startup script executable and set ownership
 RUN chmod +x /app/start.sh
-RUN chown -R appuser:appuser /app
-USER appuser
-
-# Configure environment
+  
+# Configure environment (runs as root by default)
 ENV PATH="/opt/venv/bin:$PATH"
 EXPOSE 8080
-
-# Use the startup script from the existing GCP configuration
+  
 CMD ["/app/start.sh"]

gcp/policyengine_household_api/app.yaml

@@ -10,14 +10,18 @@ automatic_scaling:
   cool_down_period_sec: 180
   cpu_utilization:
     target_utilization: 0.8
+readiness_check:
+  app_start_timeout_sec: 1800  # Maximum allowed (30 minutes)
+  check_interval_sec: 30
+  timeout_sec: 10
+  failure_threshold: 5
+  success_threshold: 1
 liveness_check:
+  initial_delay_sec: 300  # Give app time to fully start
   check_interval_sec: 30
-  timeout_sec: 30
+  timeout_sec: 10
   failure_threshold: 5
-  success_threshold: 2
-readiness_check:
-  path: "/readiness-check"
-  app_start_timeout_sec: 600
+  success_threshold: 1
 env_variables:
   AUTH0_ADDRESS_NO_DOMAIN: ${AUTH0_ADDRESS_NO_DOMAIN}
   AUTH0_AUDIENCE_NO_DOMAIN: ${AUTH0_AUDIENCE_NO_DOMAIN}

gcp/policyengine_household_api/start.sh

@@ -1,2 +1,8 @@
+#!/bin/bash
+set -e
+
+# Set the port to use
+PORT=${PORT:-8080}
+
 # Start the API
-gunicorn -b :$PORT policyengine_household_api.api --timeout 300 --workers 2
+exec gunicorn -b :$PORT policyengine_household_api.api --timeout 300 --workers 2