3bd2dfc002
This commit removes legacy App Engine deployment artifacts and updates the Makefile to reflect the successful migration of the `internal-launchpad` service to Cloud Run. The following changes were made: - Deleted obsolete permission scripts: - `fix-appengine-permissions-complete.sh` - `fix-project-level-permissions.sh` - `create-missing-repository.sh` - Removed the `firebase/internal-launchpad/app.yaml` file. - Updated `firebase.json` to remove the `launchpad` hosting configuration. These changes streamline the repository, reduce developer confusion, and prevent the accidental use of outdated deployment logic.
247 lines
10 KiB
Makefile
247 lines
10 KiB
Makefile
# KROW Workforce Project Makefile
|
|
# -------------------------------
|
|
# This Makefile provides a central place for common project commands.
|
|
# It is designed to be the main entry point for developers.
|
|
|
|
# Use .PHONY to declare targets that are not files, to avoid conflicts.
|
|
.PHONY: help install dev build integrate-export prepare-export deploy-launchpad deploy-launchpad-full deploy-app admin-install admin-dev admin-build admin-deploy-dev admin-deploy-staging configure-iap-launchpad list-iap-users remove-iap-user setup-labels export-issues create-issues-from-file install-git-hooks
|
|
|
|
# The default command to run if no target is specified (e.g., just 'make').
|
|
.DEFAULT_GOAL := help
|
|
|
|
# --- Firebase & GCP Configuration ---
|
|
GCP_DEV_PROJECT_ID := krow-workforce-dev
|
|
GCP_STAGING_PROJECT_ID := krow-workforce-staging
|
|
IAP_SERVICE_ACCOUNT := service-933560802882@gcp-sa-iap.iam.gserviceaccount.com
|
|
|
|
# --- Cloud Run Configuration ---
|
|
CR_LAUNCHPAD_SERVICE_NAME := internal-launchpad
|
|
CR_LAUNCHPAD_REGION := us-central1
|
|
CR_LAUNCHPAD_IMAGE_URI := us-docker.pkg.dev/$(GCP_DEV_PROJECT_ID)/gcr-io/$(CR_LAUNCHPAD_SERVICE_NAME)
|
|
|
|
# --- Environment Detection ---
|
|
ENV ?= dev
|
|
|
|
# --- Conditional Variables by Environment ---
|
|
ifeq ($(ENV),staging)
|
|
GCP_PROJECT_ID := $(GCP_STAGING_PROJECT_ID)
|
|
FIREBASE_ALIAS := staging
|
|
HOSTING_TARGET := app-staging
|
|
else
|
|
GCP_PROJECT_ID := $(GCP_DEV_PROJECT_ID)
|
|
FIREBASE_ALIAS := dev
|
|
HOSTING_TARGET := app-dev
|
|
endif
|
|
|
|
# Shows this help message.
|
|
help:
|
|
@echo "--------------------------------------------------"
|
|
@echo " KROW Workforce - Available Makefile Commands"
|
|
@echo "--------------------------------------------------"
|
|
@echo ""
|
|
@echo " --- CORE DEVELOPMENT ---"
|
|
@echo " make install - Installs web frontend dependencies."
|
|
@echo " make dev - Starts the local web frontend server."
|
|
@echo " make build - Builds the web frontend for production."
|
|
@echo ""
|
|
@echo " --- DEPLOYMENT ---"
|
|
@echo " make deploy-launchpad - Deploys the internal launchpad to Cloud Run."
|
|
@echo " make deploy-launchpad-full - Deploys launchpad to Cloud Run & configures IAP."
|
|
@echo " make deploy-app [ENV=staging] - Builds and deploys the main web app (default: dev)."
|
|
@echo " make admin-deploy-dev - Builds and deploys the admin web app to the DEV environment (App Engine)."
|
|
@echo " make admin-deploy-staging - Builds and deploys the admin web app to the STAGING environment (App Engine)."
|
|
@echo ""
|
|
@echo " --- CLOUD IAP (for Cloud Run Launchpad) ---"
|
|
@echo " make configure-iap-launchpad - Adds users from iap-users.txt as IAP-secured Web App Users and grants IAP Service Account Cloud Run Invoker role."
|
|
@echo " make list-iap-users - Lists all users with IAP-secured Web App User role."
|
|
@echo " make remove-iap-user USER=user:email@example.com - Removes the IAP-secured Web App User role from a user."
|
|
@echo ""
|
|
@echo " --- PROJECT MANAGEMENT & TOOLS ---"
|
|
@echo " make setup-labels - Creates/updates GitHub labels from labels.yml."
|
|
@echo " make export-issues - Exports SR&ED-eligible issues to a markdown file."
|
|
@echo " make create-issues-from-file - Bulk creates GitHub issues from a markdown file."
|
|
@echo " make install-git-hooks - Installs git pre-push hook to protect main/dev branches."
|
|
@echo ""
|
|
@echo " --- BASE44 EXPORT WORKFLOW ---"
|
|
@echo " make integrate-export - Integrates a new Base44 export from '../krow-workforce-export-latest'."
|
|
@echo " make prepare-export - Prepares a fresh Base44 export for local use."
|
|
@echo ""
|
|
@echo " make help - Shows this help message."
|
|
@echo "--------------------------------------------------"
|
|
|
|
# --- Core Development ---
|
|
install:
|
|
@echo "--> Installing web frontend dependencies..."
|
|
@cd frontend-web && npm install
|
|
|
|
dev:
|
|
@echo "--> Ensuring web frontend dependencies are installed..."
|
|
@cd frontend-web && npm install
|
|
@echo "--> Starting web frontend development server on http://localhost:5173 ..."
|
|
@cd frontend-web && npm run dev
|
|
|
|
build:
|
|
@echo "--> Building web frontend for production..."
|
|
@cd frontend-web && VITE_APP_ENV=$(ENV) npm run build
|
|
|
|
# --- Deployment ---
|
|
deploy-launchpad:
|
|
@echo "--> Building and deploying Internal Launchpad to Cloud Run..."
|
|
@echo " - Step 1: Building container image..."
|
|
@cd firebase/internal-launchpad && gcloud builds submit \
|
|
--tag $(CR_LAUNCHPAD_IMAGE_URI) \
|
|
--project=$(GCP_DEV_PROJECT_ID)
|
|
@echo " - Step 2: Deploying to Cloud Run..."
|
|
@gcloud run deploy $(CR_LAUNCHPAD_SERVICE_NAME) \
|
|
--image $(CR_LAUNCHPAD_IMAGE_URI) \
|
|
--platform managed \
|
|
--region $(CR_LAUNCHPAD_REGION) \
|
|
--no-allow-unauthenticated \
|
|
--project=$(GCP_DEV_PROJECT_ID)
|
|
@echo " - Step 3: Enabling IAP on the service..."
|
|
@gcloud beta run services update $(CR_LAUNCHPAD_SERVICE_NAME) \
|
|
--region=$(CR_LAUNCHPAD_REGION) \
|
|
--project=$(GCP_DEV_PROJECT_ID) \
|
|
--iap
|
|
@echo "--> ✅ Deployment to Cloud Run successful."
|
|
|
|
deploy-launchpad-full: deploy-launchpad configure-iap-launchpad
|
|
@echo "✅ Launchpad deployed and IAP configured successfully!"
|
|
|
|
deploy-app: build
|
|
@echo "--> Deploying Frontend Web App to [$(ENV)] environment..."
|
|
@firebase deploy --only hosting:$(HOSTING_TARGET) --project=$(FIREBASE_ALIAS)
|
|
|
|
# --- Admin Console ---
|
|
admin-install:
|
|
@echo "--> Installing admin console dependencies..."
|
|
@cd admin-web && npm install
|
|
|
|
admin-dev:
|
|
@echo "--> Starting admin console development server on http://localhost:5174 ..."
|
|
@cd admin-web && npm run dev -- --port 5174
|
|
|
|
admin-build:
|
|
@echo "--> Building admin console for production..."
|
|
@cd admin-web && VITE_APP_ENV=$(ENV) npm run build
|
|
|
|
admin-deploy-dev: admin-build
|
|
@echo "--> Deploying Admin Web App to DEV environment (App Engine)..."
|
|
@cd admin-web && gcloud app deploy app.dev.yaml --project=$(GCP_DEV_PROJECT_ID)
|
|
|
|
admin-deploy-staging: admin-build
|
|
@echo "--> Deploying Admin Web App to STAGING environment (App Engine)..."
|
|
@cd admin-web && gcloud app deploy app.staging.yaml --project=$(GCP_STAGING_PROJECT_ID)
|
|
|
|
# --- Cloud IAP Configuration ---
|
|
# NOTE: These commands use the 'gcloud beta iap web' command set, which is the correct
|
|
# method for managing user access to an IAP-protected Cloud Run service.
|
|
configure-iap-launchpad:
|
|
@echo "--> Configuring IAP users for Cloud Run service [$(CR_LAUNCHPAD_SERVICE_NAME)]..."
|
|
@echo " - Granting Cloud Run Invoker role to IAP Service Account..."
|
|
@gcloud run services add-iam-policy-binding $(CR_LAUNCHPAD_SERVICE_NAME) \
|
|
--region=$(CR_LAUNCHPAD_REGION) \
|
|
--project=$(GCP_DEV_PROJECT_ID) \
|
|
--member="serviceAccount:$(IAP_SERVICE_ACCOUNT)" \
|
|
--role='roles/run.invoker' \
|
|
--quiet
|
|
@echo " - Adding users from iap-users.txt..."
|
|
@cd firebase/internal-launchpad && \
|
|
grep -v '^#' iap-users.txt | grep -v '^$$' | while read -r member; do \
|
|
echo " Adding $$member as IAP-secured Web App User..."; \
|
|
gcloud beta iap web add-iam-policy-binding \
|
|
--project=$(GCP_DEV_PROJECT_ID) \
|
|
--resource-type=cloud-run \
|
|
--service=$(CR_LAUNCHPAD_SERVICE_NAME) \
|
|
--region=$(CR_LAUNCHPAD_REGION) \
|
|
--member="$$member" \
|
|
--role='roles/iap.httpsResourceAccessor' \
|
|
--quiet; \
|
|
done
|
|
@echo "✅ IAP user configuration complete."
|
|
|
|
list-iap-users:
|
|
@echo "--> Current IAP users for Cloud Run service [$(CR_LAUNCHPAD_SERVICE_NAME)]:"
|
|
@gcloud beta iap web get-iam-policy \
|
|
--project=$(GCP_DEV_PROJECT_ID) \
|
|
--resource-type=cloud-run \
|
|
--service=$(CR_LAUNCHPAD_SERVICE_NAME) \
|
|
--region=$(CR_LAUNCHPAD_REGION)
|
|
|
|
remove-iap-user:
|
|
@if [ -z "$(USER)" ]; then \
|
|
echo "❌ Error: Please specify USER=user:email@example.com"; \
|
|
exit 1; \
|
|
fi
|
|
@echo "--> Removing IAP access for $(USER) from Cloud Run service [$(CR_LAUNCHPAD_SERVICE_NAME)]..."
|
|
@gcloud beta iap web remove-iam-policy-binding \
|
|
--project=$(GCP_DEV_PROJECT_ID) \
|
|
--resource-type=cloud-run \
|
|
--service=$(CR_LAUNCHPAD_SERVICE_NAME) \
|
|
--region=$(CR_LAUNCHPAD_REGION) \
|
|
--member="$(USER)" \
|
|
--role='roles/iap.httpsResourceAccessor' \
|
|
--quiet
|
|
@echo "✅ User removed from IAP."
|
|
|
|
disable-iap-launchpad:
|
|
@echo "--> Disabling IAP and making Cloud Run service [$(CR_LAUNCHPAD_SERVICE_NAME)] public..."
|
|
@gcloud beta run services update $(CR_LAUNCHPAD_SERVICE_NAME) \
|
|
--region=$(CR_LAUNCHPAD_REGION) \
|
|
--project=$(GCP_DEV_PROJECT_ID) \
|
|
--no-iap --quiet
|
|
@gcloud run services add-iam-policy-binding $(CR_LAUNCHPAD_SERVICE_NAME) \
|
|
--region=$(CR_LAUNCHPAD_REGION) \
|
|
--project=$(GCP_DEV_PROJECT_ID) \
|
|
--member="allUsers" \
|
|
--role='roles/run.invoker' \
|
|
--quiet
|
|
@echo "✅ IAP disabled. The service is now public."
|
|
|
|
# --- Project Management ---
|
|
setup-labels:
|
|
@echo "--> Setting up GitHub labels..."
|
|
@./scripts/setup-github-labels.sh
|
|
|
|
export-issues:
|
|
@echo "--> Exporting GitHub issues to documentation..."
|
|
@./scripts/export_issues.sh
|
|
|
|
create-issues-from-file:
|
|
@echo "--> Creating GitHub issues from file..."
|
|
@./scripts/create_issues.py
|
|
|
|
# --- Development Tools ---
|
|
install-git-hooks:
|
|
@echo "--> Installing Git hooks..."
|
|
@ln -sf ../../scripts/git-hooks/pre-push .git/hooks/pre-push
|
|
@echo "✅ pre-push hook installed successfully. Direct pushes to 'main' and 'dev' are now blocked."
|
|
|
|
# --- Base44 Export Workflow ---
|
|
integrate-export:
|
|
@echo "--> Integrating new Base44 export into frontend-web/..."
|
|
@if [ ! -d "../krow-workforce-export-latest" ]; then \
|
|
echo "❌ Error: Export directory '../krow-workforce-export-latest' not found."; \
|
|
exit 1; \
|
|
fi
|
|
@echo " - Removing old src directory..."
|
|
@rm -rf frontend-web/src
|
|
@echo " - Copying new src directory..."
|
|
@cp -R ../krow-workforce-export-latest/src ./frontend-web/src
|
|
@echo " - Copying new index.html..."
|
|
@cp ../krow-workforce-export-latest/index.html ./frontend-web/index.html
|
|
@echo " - Patching base44Client.js for local development..."
|
|
@node scripts/patch-base44-client.js
|
|
@echo " - Patching queryKey in Layout.jsx for local development..."
|
|
@node scripts/patch-layout-query-key.js
|
|
@echo " - Patching Dashboard.jsx for environment label..."
|
|
@node scripts/patch-dashboard-for-env-label.js
|
|
@echo " - Patching index.html for title..."
|
|
@node scripts/patch-index-html.js
|
|
@echo "--> Integration complete. Next step: 'make prepare-export'."
|
|
|
|
prepare-export:
|
|
@echo "--> Preparing fresh Base44 export for local development..."
|
|
@node scripts/prepare-export.js
|
|
@echo "--> Preparation complete. You can now run 'make dev'."
|