Remove add-iam-policy-binding to roles/artifactregistry.reader post API deploy

MartinBraquet · MartinBraquet · commit 569db46a8b5d · 2025-12-04T21:44:55.000+01:00
May not be needed
diff --git a/backend/api/README.md b/backend/api/README.md
@@ -70,8 +70,22 @@ gcloud compute backend-services update api-backend \
 ```shell
 gcloud iam service-accounts create ci-deployer \
   --display-name="CI Deployer"
-gcloud projects add-iam-policy-binding compass-130ba --member="serviceAccount:ci-deployer@compass-130ba.iam.gserviceaccount.com" --role="roles/artifactregistry.writer"
-gcloud projects add-iam-policy-binding compass-130ba --member="serviceAccount:ci-deployer@compass-130ba.iam.gserviceaccount.com" --role="roles/storage.objectAdmin"
+gcloud projects add-iam-policy-binding compass-130ba \
+  --member="serviceAccount:ci-deployer@compass-130ba.iam.gserviceaccount.com" \
+  --role="roles/artifactregistry.writer"
+gcloud projects add-iam-policy-binding compass-130ba \
+  --member="serviceAccount:ci-deployer@compass-130ba.iam.gserviceaccount.com" \
+  --role="roles/storage.objectAdmin"
+gcloud projects add-iam-policy-binding compass-130ba \
+  --member="serviceAccount:ci-deployer@compass-130ba.iam.gserviceaccount.com" \
+  --role="roles/storage.admin"
+gcloud projects add-iam-policy-binding compass-130ba \
+  --member="serviceAccount:ci-deployer@compass-130ba.iam.gserviceaccount.com" \
+  --role="roles/compute.admin"
+gcloud iam service-accounts add-iam-policy-binding \
+  253367029065-compute@developer.gserviceaccount.com \
+  --member="serviceAccount:ci-deployer@compass-130ba.iam.gserviceaccount.com" \
+  --role="roles/iam.serviceAccountUser"
 gcloud iam service-accounts keys create keyfile.json --iam-account=ci-deployer@compass-130ba.iam.gserviceaccount.com
 ```
 
diff --git a/backend/api/deploy-api.sh b/backend/api/deploy-api.sh
@@ -54,16 +54,16 @@ export TF_VAR_image_url=$IMAGE_URL
 export TF_VAR_env=$ENV
 tofu apply -auto-approve
 
-INSTANCE_NAME=$(gcloud compute instances list \
-  --filter="zone:(us-west1-c)" \
-  --sort-by="~creationTimestamp" \
-  --format="value(name)" \
-  --limit=1)
-SERVICE_ACCOUNT_EMAIL=$(gcloud compute instances describe ${INSTANCE_NAME} \
-  --zone us-west1-c \
-  --format="value(serviceAccounts.email)")
-gcloud projects add-iam-policy-binding ${PROJECT} \
-  --member="serviceAccount:$SERVICE_ACCOUNT_EMAIL" \
-  --role="roles/artifactregistry.reader"
+#INSTANCE_NAME=$(gcloud compute instances list \
+#  --filter="zone:(us-west1-c)" \
+#  --sort-by="~creationTimestamp" \
+#  --format="value(name)" \
+#  --limit=1)
+#SERVICE_ACCOUNT_EMAIL=$(gcloud compute instances describe ${INSTANCE_NAME} \
+#  --zone us-west1-c \
+#  --format="value(serviceAccounts.email)")
+#gcloud projects add-iam-policy-binding ${PROJECT} \
+#  --member="serviceAccount:$SERVICE_ACCOUNT_EMAIL" \
+#  --role="roles/artifactregistry.reader"
 
 echo "✅ Deployment complete! Image: ${IMAGE_URL}"
diff --git a/backend/api/package.json b/backend/api/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@compass/api",
   "description": "Backend API endpoints",
-  "version": "1.0.8",
+  "version": "1.0.9",
   "private": true,
   "scripts": {
     "watch:serve": "tsx watch src/serve.ts",

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@compass/api",`
`3`	`3`	`"description": "Backend API endpoints",`
`4`		`- "version": "1.0.8",`
	`4`	`+ "version": "1.0.9",`
`5`	`5`	`"private": true,`
`6`	`6`	`"scripts": {`
`7`	`7`	`"watch:serve": "tsx watch src/serve.ts",`