diff --git a/create-missing-repository.sh b/create-missing-repository.sh deleted file mode 100755 index 5aa775f6..00000000 --- a/create-missing-repository.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash -set -e - -PROJECT_ID="krow-workforce-dev" -PROJECT_NUMBER="933560802882" - -echo "============================================" -echo "Création du repository us.gcr.io manquant" -echo "============================================" -echo "" - -# 1. Créer le repository us.gcr.io qui n'existe pas -echo "1. Création du repository us.gcr.io dans Artifact Registry..." -gcloud artifacts repositories create us.gcr.io \ - --repository-format=docker \ - --location=us \ - --description="GCR compatibility layer for App Engine" \ - --project=${PROJECT_ID} || echo "Repository existe déjà" - -echo "" -echo "2. Configuration des permissions sur us.gcr.io..." - -# Permissions pour Cloud Build Service Account -gcloud artifacts repositories add-iam-policy-binding us.gcr.io \ - --location=us \ - --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \ - --role="roles/artifactregistry.reader" \ - --project=${PROJECT_ID} - -gcloud artifacts repositories add-iam-policy-binding us.gcr.io \ - --location=us \ - --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \ - --role="roles/artifactregistry.writer" \ - --project=${PROJECT_ID} - -# Permissions pour App Engine Service Account -gcloud artifacts repositories add-iam-policy-binding us.gcr.io \ - --location=us \ - --member="serviceAccount:${PROJECT_ID}@appspot.gserviceaccount.com" \ - --role="roles/artifactregistry.reader" \ - --project=${PROJECT_ID} - -echo "" -echo "3. Vérification des repositories existants..." -gcloud artifacts repositories list \ - --location=us \ - --project=${PROJECT_ID} \ - --format="table(name,format,location)" - -echo "" -echo "============================================" -echo "✅ Repository us.gcr.io créé et configuré!" -echo "============================================" -echo "" -echo "Attends 1-2 minutes puis relance:" -echo " make deploy-launchpad" -echo "" \ No newline at end of file diff --git a/fix-appengine-permissions-complete.sh b/fix-appengine-permissions-complete.sh deleted file mode 100755 index 71f5b215..00000000 --- a/fix-appengine-permissions-complete.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash -set -e - -PROJECT_ID="krow-workforce-dev" -PROJECT_NUMBER="933560802882" -REGION="us-central1" - -echo "============================================" -echo "Fix App Engine + Artifact Registry Issue" -echo "============================================" -echo "" - -# Le problème: App Engine essaie d'accéder à us.gcr.io qui pointe maintenant vers Artifact Registry -# Mais les permissions ne sont pas correctement configurées sur TOUS les repositories nécessaires - -echo "1. Activation de l'API Container Registry (legacy GCR)..." -gcloud services enable containerregistry.googleapis.com --project=${PROJECT_ID} - -echo "" -echo "2. Configuration des permissions sur TOUS les repositories Artifact Registry..." - -# Liste de tous les repositories potentiels -REPOS=("gcr.io" "app-engine-tmp" "gae-standard") - -for REPO in "${REPOS[@]}"; do - echo "" - echo " → Repository: ${REPO}" - - # Vérifier si le repo existe - if gcloud artifacts repositories describe ${REPO} --location=us --project=${PROJECT_ID} &>/dev/null; then - echo " ✓ Repository existe" - - # Ajouter les permissions pour Cloud Build SA - gcloud artifacts repositories add-iam-policy-binding ${REPO} \ - --location=us \ - --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \ - --role="roles/artifactregistry.reader" \ - --project=${PROJECT_ID} --quiet 2>/dev/null || true - - gcloud artifacts repositories add-iam-policy-binding ${REPO} \ - --location=us \ - --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \ - --role="roles/artifactregistry.writer" \ - --project=${PROJECT_ID} --quiet 2>/dev/null || true - - # Ajouter les permissions pour App Engine SA - gcloud artifacts repositories add-iam-policy-binding ${REPO} \ - --location=us \ - --member="serviceAccount:${PROJECT_ID}@appspot.gserviceaccount.com" \ - --role="roles/artifactregistry.reader" \ - --project=${PROJECT_ID} --quiet 2>/dev/null || true - - echo " ✓ Permissions configurées" - else - echo " ⚠ Repository n'existe pas (normal)" - fi -done - -echo "" -echo "3. Permissions Storage (pour les artefacts de build)..." -gcloud projects add-iam-policy-binding ${PROJECT_ID} \ - --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \ - --role="roles/storage.objectAdmin" \ - --condition=None --quiet - -echo "" -echo "4. Permissions Cloud Build spécifiques..." -gcloud projects add-iam-policy-binding ${PROJECT_ID} \ - --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \ - --role="roles/cloudbuild.builds.builder" \ - --condition=None --quiet - -echo "" -echo "============================================" -echo "✅ Configuration terminée!" -echo "============================================" -echo "" -echo "⏱ IMPORTANT: Attends 2-3 minutes pour la propagation des permissions IAM" -echo "" -echo "Puis lance:" -echo " cd firebase/internal-launchpad" -echo " gcloud app deploy app.yaml --project=${PROJECT_ID} --no-cache" -echo "" \ No newline at end of file diff --git a/fix-project-level-permissions.sh b/fix-project-level-permissions.sh deleted file mode 100755 index 9be1b940..00000000 --- a/fix-project-level-permissions.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -set -e - -PROJECT_ID="krow-workforce-dev" -PROJECT_NUMBER="933560802882" - -echo "============================================" -echo "Permissions au niveau du PROJET" -echo "============================================" -echo "" - -echo "1. Artifact Registry Admin pour Cloud Build au niveau projet..." -gcloud projects add-iam-policy-binding ${PROJECT_ID} \ - --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \ - --role="roles/artifactregistry.admin" \ - --condition=None - -echo "" -echo "2. Storage Admin pour Cloud Build (pour staging bucket)..." -gcloud projects add-iam-policy-binding ${PROJECT_ID} \ - --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \ - --role="roles/storage.admin" \ - --condition=None - -echo "" -echo "3. Vérification des rôles du service account Cloud Build:" -gcloud projects get-iam-policy ${PROJECT_ID} \ - --flatten="bindings[].members" \ - --filter="bindings.members:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \ - --format="table(bindings.role)" - -echo "" -echo "============================================" -echo "✅ Permissions au niveau projet configurées!" -echo "============================================" -echo "" -echo "Ces permissions sont plus larges mais devraient résoudre le problème." -echo "Attends 2-3 minutes puis relance: make deploy-launchpad" -echo "" \ No newline at end of file diff --git a/issues-to-create.md b/issues-to-create.md index 831fdc83..e69de29b 100644 --- a/issues-to-create.md +++ b/issues-to-create.md @@ -1,36 +0,0 @@ -# Refactor: Clean up legacy App Engine deployment artifacts -Labels: refactor, infra -Milestone: Phase 1: Foundation & Dev Environment Setup - -## Context -Now that the `internal-launchpad` service has been successfully migrated from App Engine to Cloud Run, a number of scripts, configurations, and files related to the old App Engine deployment method are obsolete. - -This technical debt should be removed to clean up the repository, reduce confusion for developers, and prevent the accidental use of outdated deployment logic. - -## Action Items - -1. **Delete Obsolete Permission Scripts:** - The following shell scripts were created to fix permission issues specific to the App Engine deployment and are no longer needed. They should be deleted: - - `fix-appengine-permissions-complete.sh` - - `fix-project-level-permissions.sh` - - `create-missing-repository.sh` - -2. **Remove App Engine Configuration:** - The `app.yaml` file within the `firebase/internal-launchpad/` directory was specific to the App Engine runtime and is now ignored. It should be deleted. - -3. **Update Firebase Hosting Configuration:** - The `firebase.json` file still contains a hosting target named `launchpad` that points to the `firebase/internal-launchpad` directory. This configuration is no longer used since the launchpad is served by Cloud Run. - - Remove the `launchpad` target object from the `hosting` array in `firebase.json`. - -## Acceptance Criteria -- The three shell scripts listed above are deleted from the repository. -- The `firebase/internal-launchpad/app.yaml` file is deleted. -- The `firebase.json` file no longer contains the `launchpad` hosting configuration. -- The `make deploy-launchpad-full` command remains the sole method for deploying the launchpad. - ---- -## SR&ED Justification - -**Eligibility:** Not Eligible. - -**Reasoning:** This task involves code and configuration cleanup, which is considered standard software engineering practice and maintenance. It does not involve systematic investigation to resolve a technological uncertainty, nor does it lead to a technological advancement. The outcome is an improved and cleaner codebase, not new technological knowledge. \ No newline at end of file diff --git a/labels.yml b/labels.yml index 2a1b656f..0237a924 100644 --- a/labels.yml +++ b/labels.yml @@ -20,6 +20,9 @@ - name: "refactor" description: "Code changes that neither fix a bug nor add a feature" color: "f29513" +- name: "security" + description: "Tasks related to security enhancements, audits, or fixes" + color: "000000" # Black for security, to make it stand out # By Platform - name: "platform:web"