This repository contains the Partner Tools API written in Rust and deployed to Google Cloud Run. It connects to Azure Postgres databases (Commons + Exiobase), provides REST endpoints, and integrates with AI services (Gemini, Claude).
Dockerfile– Multi-stage build (Rust → minimal Debian runtime)docker/start.sh– Startup wrapper for Cloud Run.env– Local environment config (ignored in CI/CD; values synced via secrets/variables).github/workflows/deploy-team-cloudrun.yml– CI/CD workflow for GitHub Actionsscripts/load_env.sh– Utility to source.envlocally into your shellscripts/01_gcp_bootstrap.sh– One-time GCP bootstrap (project, billing, Artifact Registry, SAs, APIs)scripts/02_gcp_github_oidc.sh– One-time OIDC setup (GitHub ↔︎ GCP Workload Identity Federation)scripts/03_secrets_and_first_deploy.sh– Upserts secrets, builds, and deploys first Cloud Run revisionscripts/04_sync_github_env.sh– Syncs.envvalues into GitHub Variables + Secrets viagh
- Rust toolchain (
cargo) - Docker
- Google Cloud SDK (
gcloud) - GitHub CLI (
gh) → required for script 4
git clone https://github.com/AbhinavSivanandhan/team.git
cd team
cp .env.example .env # edit with real valuesDirectly:
cargo runWith Docker:
docker build -t partner-tools-api .
docker run --env-file .env -p 8080:8080 partner-tools-apiBefore running any scripts, make them executable:
chmod +x scripts/load_env.sh
chmod +x scripts/01_gcp_bootstrap.sh
chmod +x scripts/02_gcp_github_oidc.sh
chmod +x scripts/03_secrets_and_first_deploy.sh
chmod +x scripts/04_sync_github_env.shAlways load the .env first, then run the scripts in order:
-
Load environment
./scripts/load_env.sh
-
Bootstrap GCP project + services
./scripts/01_gcp_bootstrap.sh
-
Configure GitHub OIDC provider
./scripts/02_gcp_github_oidc.sh
-
Secrets + first deploy
./scripts/03_secrets_and_first_deploy.sh
- Pushes secrets from
.envinto Secret Manager - Grants access to deploy + runtime service accounts
- Builds & pushes image with Cloud Build
- Deploys Cloud Run service
partner-tools-api
(URL is shown in script output and also in GitHub Actions “Show URL” step)
- Pushes secrets from
-
Sync
.env→ GitHub (needed for CI/CD)Script
04_sync_github_env.shmanages synchronization of environment variables and secrets into your GitHub repository.Install the GitHub CLI via Homebrew (macOS):
brew install gh gh auth login
Run:
./scripts/04_sync_github_env.sh
Populates GitHub Variables (non-secrets) and Secrets (passwords, API keys, OIDC provider, SA email).
Note: Scripts load_env.sh, 01_gcp_bootstrap.sh, 02_gcp_github_oidc.sh, and 03_secrets_and_first_deploy.sh are one-time setup. Script 04_sync_github_env.sh should also be run whenever you update your .env to sync GitHub Variables + Secrets for the CI/CD pipeline.
- Database config:
COMMONS_*,EXIOBASE_* - API keys:
GEMINI_API_KEY,CLAUDE_API_KEY - Project + billing IDs:
GOOGLE_PROJECT_ID,GOOGLE_BILLING_ID - GitHub repo identifiers:
GITHUB_OWNER,GITHUB_REPO - Optional OAuth keys (Google, GitHub, LinkedIn, etc.)
DUMMY_SECRET(for testing/debugging pipeline)
GOOGLE_PROJECT_NUMBERGOOGLE_SA_EMAILGOOGLE_WORKLOAD_IDENTITY_PROVIDER
- Workflow:
.github/workflows/deploy-team-cloudrun.yml - Trigger: push to
main
- Authenticate to GCP with OIDC (no JSON key files)
- Build Docker image with Cloud Build
- Push to Artifact Registry
- Deploy to Cloud Run
- Inject secrets + env vars
After bootstrap, you just push to main → GitHub Actions deploys automatically.
After deploy, test with curl:
URL="$(gcloud run services describe partner-tools-api --region us-central1 --format='value(status.url)')"
curl -s ${URL}/api/health | jq .Expected:
{
"database_connected": true,
"status": "healthy"
}curl -s ${URL}/api/tablescurl -s ${URL}/api/projectscurl -s -X POST ${URL}/api/recommendations \
-H "Content-Type: application/json" \
-d '{"preferences":["Healthcare Access","Digital Inclusion"]}' | head✅ With this setup: push → GitHub Actions → Cloud Run deploys automatically.
Scripts (load_env → 01 → 02 → 03 → 04) cover everything from bootstrap → OIDC → secrets → sync.