feat: remove legacy app engine deployment artifacts

This commit removes obsolete files and configurations related to the
previous App Engine deployment of the internal-launchpad service.
These artifacts are no longer needed since the service has been
migrated to Cloud Run.

The following changes were made:

- Deleted `fix-appengine-permissions-complete.sh`,
 `fix-project-level-permissions.sh`, and
 `create-missing-repository.sh` scripts.
- Removed the `app.yaml` file from `firebase/internal-launchpad/`.
- Updated `firebase.json` to remove the `launchpad` hosting target.
- Added `security` label to `labels.yml`

create-missing-repository.sh

@@ -1,57 +0,0 @@
-#!/bin/bash
-set -e
-
-PROJECT_ID="krow-workforce-dev"
-PROJECT_NUMBER="933560802882"
-
-echo "============================================"
-echo "Création du repository us.gcr.io manquant"
-echo "============================================"
-echo ""
-
-# 1. Créer le repository us.gcr.io qui n'existe pas
-echo "1. Création du repository us.gcr.io dans Artifact Registry..."
-gcloud artifacts repositories create us.gcr.io \
-    --repository-format=docker \
-    --location=us \
-    --description="GCR compatibility layer for App Engine" \
-    --project=${PROJECT_ID} || echo "Repository existe déjà"
-
-echo ""
-echo "2. Configuration des permissions sur us.gcr.io..."
-
-# Permissions pour Cloud Build Service Account
-gcloud artifacts repositories add-iam-policy-binding us.gcr.io \
-    --location=us \
-    --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \
-    --role="roles/artifactregistry.reader" \
-    --project=${PROJECT_ID}
-
-gcloud artifacts repositories add-iam-policy-binding us.gcr.io \
-    --location=us \
-    --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \
-    --role="roles/artifactregistry.writer" \
-    --project=${PROJECT_ID}
-
-# Permissions pour App Engine Service Account
-gcloud artifacts repositories add-iam-policy-binding us.gcr.io \
-    --location=us \
-    --member="serviceAccount:${PROJECT_ID}@appspot.gserviceaccount.com" \
-    --role="roles/artifactregistry.reader" \
-    --project=${PROJECT_ID}
-
-echo ""
-echo "3. Vérification des repositories existants..."
-gcloud artifacts repositories list \
-    --location=us \
-    --project=${PROJECT_ID} \
-    --format="table(name,format,location)"
-
-echo ""
-echo "============================================"
-echo "✅ Repository us.gcr.io créé et configuré!"
-echo "============================================"
-echo ""
-echo "Attends 1-2 minutes puis relance:"
-echo "  make deploy-launchpad"
-echo ""

fix-appengine-permissions-complete.sh

@@ -1,83 +0,0 @@
-#!/bin/bash
-set -e
-
-PROJECT_ID="krow-workforce-dev"
-PROJECT_NUMBER="933560802882"
-REGION="us-central1"
-
-echo "============================================"
-echo "Fix App Engine + Artifact Registry Issue"
-echo "============================================"
-echo ""
-
-# Le problème: App Engine essaie d'accéder à us.gcr.io qui pointe maintenant vers Artifact Registry
-# Mais les permissions ne sont pas correctement configurées sur TOUS les repositories nécessaires
-
-echo "1. Activation de l'API Container Registry (legacy GCR)..."
-gcloud services enable containerregistry.googleapis.com --project=${PROJECT_ID}
-
-echo ""
-echo "2. Configuration des permissions sur TOUS les repositories Artifact Registry..."
-
-# Liste de tous les repositories potentiels
-REPOS=("gcr.io" "app-engine-tmp" "gae-standard")
-
-for REPO in "${REPOS[@]}"; do
-    echo ""
-    echo "   → Repository: ${REPO}"
-    
-    # Vérifier si le repo existe
-    if gcloud artifacts repositories describe ${REPO} --location=us --project=${PROJECT_ID} &>/dev/null; then
-        echo "     ✓ Repository existe"
-        
-        # Ajouter les permissions pour Cloud Build SA
-        gcloud artifacts repositories add-iam-policy-binding ${REPO} \
-            --location=us \
-            --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \
-            --role="roles/artifactregistry.reader" \
-            --project=${PROJECT_ID} --quiet 2>/dev/null || true
-            
-        gcloud artifacts repositories add-iam-policy-binding ${REPO} \
-            --location=us \
-            --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \
-            --role="roles/artifactregistry.writer" \
-            --project=${PROJECT_ID} --quiet 2>/dev/null || true
-        
-        # Ajouter les permissions pour App Engine SA
-        gcloud artifacts repositories add-iam-policy-binding ${REPO} \
-            --location=us \
-            --member="serviceAccount:${PROJECT_ID}@appspot.gserviceaccount.com" \
-            --role="roles/artifactregistry.reader" \
-            --project=${PROJECT_ID} --quiet 2>/dev/null || true
-            
-        echo "     ✓ Permissions configurées"
-    else
-        echo "     ⚠ Repository n'existe pas (normal)"
-    fi
-done
-
-echo ""
-echo "3. Permissions Storage (pour les artefacts de build)..."
-gcloud projects add-iam-policy-binding ${PROJECT_ID} \
-    --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \
-    --role="roles/storage.objectAdmin" \
-    --condition=None --quiet
-
-echo ""
-echo "4. Permissions Cloud Build spécifiques..."
-gcloud projects add-iam-policy-binding ${PROJECT_ID} \
-    --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \
-    --role="roles/cloudbuild.builds.builder" \
-    --condition=None --quiet
-
-echo ""
-echo "============================================"
-echo "✅ Configuration terminée!"
-echo "============================================"
-echo ""
-echo "⏱  IMPORTANT: Attends 2-3 minutes pour la propagation des permissions IAM"
-echo ""
-echo "Puis lance:"
-echo "  cd firebase/internal-launchpad"
-echo "  gcloud app deploy app.yaml --project=${PROJECT_ID} --no-cache"
-echo ""

fix-project-level-permissions.sh

@@ -1,39 +0,0 @@
-#!/bin/bash
-set -e
-
-PROJECT_ID="krow-workforce-dev"
-PROJECT_NUMBER="933560802882"
-
-echo "============================================"
-echo "Permissions au niveau du PROJET"
-echo "============================================"
-echo ""
-
-echo "1. Artifact Registry Admin pour Cloud Build au niveau projet..."
-gcloud projects add-iam-policy-binding ${PROJECT_ID} \
-    --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \
-    --role="roles/artifactregistry.admin" \
-    --condition=None
-
-echo ""
-echo "2. Storage Admin pour Cloud Build (pour staging bucket)..."
-gcloud projects add-iam-policy-binding ${PROJECT_ID} \
-    --member="serviceAccount:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \
-    --role="roles/storage.admin" \
-    --condition=None
-
-echo ""
-echo "3. Vérification des rôles du service account Cloud Build:"
-gcloud projects get-iam-policy ${PROJECT_ID} \
-    --flatten="bindings[].members" \
-    --filter="bindings.members:${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com" \
-    --format="table(bindings.role)"
-
-echo ""
-echo "============================================"
-echo "✅ Permissions au niveau projet configurées!"
-echo "============================================"
-echo ""
-echo "Ces permissions sont plus larges mais devraient résoudre le problème."
-echo "Attends 2-3 minutes puis relance: make deploy-launchpad"
-echo ""

issues-to-create.md

@@ -1,36 +0,0 @@
-# Refactor: Clean up legacy App Engine deployment artifacts
-Labels: refactor, infra
-Milestone: Phase 1: Foundation & Dev Environment Setup
-
-## Context
-Now that the `internal-launchpad` service has been successfully migrated from App Engine to Cloud Run, a number of scripts, configurations, and files related to the old App Engine deployment method are obsolete.
-
-This technical debt should be removed to clean up the repository, reduce confusion for developers, and prevent the accidental use of outdated deployment logic.
-
-## Action Items
-
-1.  **Delete Obsolete Permission Scripts:**
-    The following shell scripts were created to fix permission issues specific to the App Engine deployment and are no longer needed. They should be deleted:
-    - `fix-appengine-permissions-complete.sh`
-    - `fix-project-level-permissions.sh`
-    - `create-missing-repository.sh`
-
-2.  **Remove App Engine Configuration:**
-    The `app.yaml` file within the `firebase/internal-launchpad/` directory was specific to the App Engine runtime and is now ignored. It should be deleted.
-
-3.  **Update Firebase Hosting Configuration:**
-    The `firebase.json` file still contains a hosting target named `launchpad` that points to the `firebase/internal-launchpad` directory. This configuration is no longer used since the launchpad is served by Cloud Run.
-    - Remove the `launchpad` target object from the `hosting` array in `firebase.json`.
-
-## Acceptance Criteria
-- The three shell scripts listed above are deleted from the repository.
-- The `firebase/internal-launchpad/app.yaml` file is deleted.
-- The `firebase.json` file no longer contains the `launchpad` hosting configuration.
-- The `make deploy-launchpad-full` command remains the sole method for deploying the launchpad.
-
----
-## SR&ED Justification
-
-**Eligibility:** Not Eligible.
-
-**Reasoning:** This task involves code and configuration cleanup, which is considered standard software engineering practice and maintenance. It does not involve systematic investigation to resolve a technological uncertainty, nor does it lead to a technological advancement. The outcome is an improved and cleaner codebase, not new technological knowledge.

labels.yml

@@ -20,6 +20,9 @@
 - name: "refactor"
   description: "Code changes that neither fix a bug nor add a feature"
   color: "f29513"
+- name: "security"
+  description: "Tasks related to security enhancements, audits, or fixes"
+  color: "000000" # Black for security, to make it stand out
 
 # By Platform
 - name: "platform:web"