File tree Expand file tree Collapse file tree 2 files changed +33
-4
lines changed
quests/develop-apis-apigee/rest-backend Expand file tree Collapse file tree 2 files changed +33
-4
lines changed Original file line number Diff line number Diff line change @@ -18,8 +18,13 @@ export SVCACCT_EMAIL="${SVCACCT_NAME}@${GOOGLE_PROJECT_ID}.iam.gserviceaccount.c
1818
1919# deploy service
2020# NOTE: in a production environment, you would not use max-instances=1
21- echo " *** deploy ${SERVICE_NAME} service to ${CLOUDRUN_REGION} with service account ${SVCACCT_EMAIL} ***"
22- gcloud run deploy ${SERVICE_NAME} \
21+ echo " *** deploy ${SERVICE_NAME} service to ${CLOUDRUN_REGION} with service account ${SVCACCT_EMAIL} (with retries) ***"
22+
23+ retries=5
24+ delay=15
25+ count=0
26+
27+ until gcloud run deploy ${SERVICE_NAME} \
2328 --platform=managed \
2429 --max-instances=1 \
2530 --region=${CLOUDRUN_REGION} \
@@ -29,3 +34,13 @@ gcloud run deploy ${SERVICE_NAME} \
2934 --project=${GOOGLE_PROJECT_ID} \
3035 --quiet \
3136 --source .
37+ do
38+ count=$(( count+ 1 ))
39+ if [[ ${count} -ge ${retries} ]]; then
40+ echo " Deployment failed after ${retries} attempts."
41+ exit 1
42+ fi
43+ echo " Deployment failed, likely due to IAM propagation delay. Retrying in ${delay} s... (${count} /${retries} )"
44+ sleep ${delay}
45+ done
46+
Original file line number Diff line number Diff line change @@ -20,11 +20,25 @@ gcloud iam service-accounts create ${SVCACCT_NAME} \
2020
2121# add permission to access Firestore
2222echo " *** adding role ${SVCACCT_ROLE} for Firestore access ***"
23- gcloud projects add-iam-policy-binding ${GOOGLE_PROJECT_ID} \
23+
24+ retries=5
25+ delay=15
26+ count=0
27+
28+ until gcloud projects add-iam-policy-binding ${GOOGLE_PROJECT_ID} \
2429 --member=" serviceAccount:${SVCACCT_EMAIL} "
2530 --role=${SVCACCT_ROLE}
31+ do
32+ count=$(( count+ 1 ))
33+ if [[ ${count} -ge ${retries} ]]; then
34+ echo " Policy binding failed after ${retries} attempts."
35+ exit 1
36+ fi
37+ echo " Policy binding failed, likely due to IAM propagation delay. Retrying in ${delay} s... (${count} /${retries} )"
38+ sleep ${delay}
39+ done
2640
27- # add permission to access Cloud Run
41+ # add permission to access Cloud Run, second binding should work the first time
2842echo " *** adding role ${SVCACCT_ROLE2} for Cloud Run access ***"
2943gcloud projects add-iam-policy-binding ${GOOGLE_PROJECT_ID} \
3044 --member=" serviceAccount:${SVCACCT_EMAIL} "
You can’t perform that action at this time.
0 commit comments