docs for GCP quickstart (#2275)

breardon2011 · web-flow · commit 56160da22d17 · 2025-09-30T19:59:04.000-07:00
diff --git a/docs/ce/state-management/gcp-quickstart.mdx b/docs/ce/state-management/gcp-quickstart.mdx
@@ -0,0 +1,128 @@
+---
+title: " GCP Quickstart"
+---
+
+
+
+
+
+
+
+## Prerequisites
+
+Before starting, ensure you have the following:
+
+### 1. Google Cloud Setup
+- **gcloud CLI installed**: [Install the gcloud CLI](https://cloud.google.com/sdk/docs/install)
+- **Authenticated with Google Cloud**: Run `gcloud auth login` to authenticate
+- **Project ID configured**: Set your project with `gcloud config set project YOUR_PROJECT_ID`
+- **Billing enabled**: Ensure billing is enabled for your GCP project
+
+### 2. Docker
+- **Docker daemon running**: Ensure Docker is installed and running on your machine
+- **Docker authenticated**: You'll need to authenticate with both Docker Hub and Google Artifact Registry
+
+### 3. AWS Resources
+- **S3 bucket created**: Create an S3 bucket for storing Terraform state and artifacts
+- **AWS credentials**: Have your AWS Access Key ID and Secret Access Key ready
+- **IAM permissions**: Ensure your AWS credentials have permissions to read/write to the S3 bucket
+
+### 4. Auth0 Setup
+- **Auth0 application**: Create an Auth0 application and note your domain, client ID, and client secret. You should follow the guide in [Configure SSO](./sso), you won't have the server url until the server is up but you don't need to set that right away.
+
+
+## Configuration
+
+For GCP, you'll need to set up environment variables and then deploy to Cloud Run.
+
+First, create a `cloud-run.env.yaml` file with your configuration:
+
+```yaml
+# S3 Storage Configuration
+OPENTACO_S3_BUCKET: "your-s3-bucket-name"
+OPENTACO_S3_REGION: "us-east-1"
+OPENTACO_S3_PREFIX: "your-prefix"
+
+# Auth0 Authentication Configuration
+OPENTACO_AUTH_ISSUER: "https://your-auth0-domain.auth0.com/"
+OPENTACO_AUTH_CLIENT_ID: "your_auth0_client_id"
+OPENTACO_AUTH_CLIENT_SECRET: "your_auth0_client_secret"
+OPENTACO_AUTH_AUTH_URL: "https://your-auth0-domain.auth0.com/authorize"
+OPENTACO_AUTH_TOKEN_URL: "https://your-auth0-domain.auth0.com/oauth/token"
+
+# AWS Credentials
+AWS_ACCESS_KEY_ID: "your_aws_access_key_id"
+AWS_SECRET_ACCESS_KEY: "your_aws_secret_access_key"
+AWS_REGION: "us-east-1"
+
+# Additional Statesman Configuration
+OPENTACO_PORT: "8080"
+OPENTACO_STORAGE: "s3"
+OPENTACO_AUTH_DISABLE: "false"
+```
+
+Then, use the following script to set up Artifact Registry and deploy to Cloud Run from the same directory as your cloud-run.env.yaml
+
+```bash
+#!/bin/bash
+set -e
+
+# Set your project ID
+PROJECT_ID="YOUR_GCP_REPO"
+GCP_REPO_NAME="STATESMAN_ARTEFACT_NAME"
+GCP_REGION="us-central1"
+
+echo "Setting up Artifact Registry for Statesman..."
+
+# Enable all required APIs
+echo "Enabling required GCP APIs..."
+gcloud services enable artifactregistry.googleapis.com
+gcloud services enable run.googleapis.com
+gcloud services enable cloudbuild.googleapis.com
+gcloud services enable containerregistry.googleapis.com
+
+# Check if repository exists, create if it doesn't
+if ! gcloud artifacts repositories describe $GCP_REPO_NAME --location=$GCP_REGION >/dev/null 2>&1; then
+  echo "Creating repository..."
+  gcloud artifacts repositories create $GCP_REPO_NAME \
+    --repository-format=docker \
+    --location=$GCP_REGION \
+    --description="Repository for OpenTaco Statesman images"
+else
+  echo "Repository already exists $GCP_REPO_NAME, skipping creation..."
+fi
+
+# Configure Docker auth
+gcloud auth configure-docker $GCP_REGION-docker.pkg.dev
+
+# Pull, tag, and push image
+docker pull --platform linux/amd64 ghcr.io/diggerhq/digger/taco-statesman:latest
+docker tag ghcr.io/diggerhq/digger/taco-statesman:latest \
+  $GCP_REGION-docker.pkg.dev/$PROJECT_ID/$GCP_REPO_NAME/taco-statesman:latest
+docker push $GCP_REGION-docker.pkg.dev/$PROJECT_ID/$GCP_REPO_NAME/taco-statesman:latest
+
+echo "Deploying to Cloud Run..."
+gcloud run deploy statesman \
+  --image $GCP_REGION-docker.pkg.dev/$PROJECT_ID/$GCP_REPO_NAME/taco-statesman:latest \
+  --region $GCP_REGION \
+  --platform managed \
+  --allow-unauthenticated \
+  --env-vars-file cloud-run.env.yaml
+
+echo "Artifact Registry and Cloud Run setup complete!"
+echo "Your image is now at: $GCP_REGION-docker.pkg.dev/$PROJECT_ID/$GCP_REPO_NAME/taco-statesman:latest"
+SERVICE_URL=$(gcloud run services describe statesman --region $GCP_REGION --format="value(status.url)")
+echo "Service URL: $SERVICE_URL"
+echo "Health check: $SERVICE_URL/readyz"
+```
+
+
+Once this service is up you can configure Auth0 with its cloud run url. Go to your application, and add the GCP url like so: `[GCP URL]/oauth/oidc-callback`. 
+
+Mine looks like this: https://statesman-1234567890.us-central1.run.app/oauth/oidc-callback
+
+![Allowed Callbacks](/images/state-management/allowed_callbacks.png)
+
+Then run `taco login`. If you have not setup taco before it will prompt you for a server url. If you have run taco login before, you can do `taco setup` to configure the server url. In either case you would set the cloud run url as the server url. 
+
+When the CLI asked me to enter my OpenTaco server url I pasted in: https://statesman-1234567890.us-central1.run.app
diff --git a/docs/ce/state-management/quickstart.mdx b/docs/ce/state-management/quickstart.mdx
@@ -197,8 +197,7 @@ for all users and systems requiring access to state.
 
 # Configure Taco CLI
 
-<Steps >
-    <Step title="Install Cli">
+
         <Tabs>
             <Tab title="Linux">
                 The first thing you'll want to do is visit our releases page [here](https://github.com/diggerhq/digger/releases?q=taco%2Fcli&expanded=true) and check the latest taco/cli release. Right now it is v0.1.7
@@ -325,60 +324,7 @@ for all users and systems requiring access to state.
             </Tab>
         </Tabs>
 
-    </Step>
-    <Step title="Configure CLI Environment Variables">
-        For the best experience in your shell you can configure the following environment vars for the CLI:
 
-        <Tabs>
-            <Tab title="Linux">
-            #### On macOS/Linux:
-            ```bash
-            export OPENTACO_SERVER=https://my-opentaco.company.com
-            export OPENTACO_AUTH_ISSUER=https://[[auth0 domain]]/
-            export OPENTACO_AUTH_CLIENT_ID=[[auth0 client id]]
-            ```
-            </Tab>
-            <Tab title="MacOS">
-            #### On macOS/Linux:
-            ```bash
-            export OPENTACO_SERVER=https://my-opentaco.company.com
-            export OPENTACO_AUTH_ISSUER=https://[[auth0 domain]]/
-            export OPENTACO_AUTH_CLIENT_ID=my-client-id
-            ```
-            </Tab>
-            <Tab title="Windows (PowerShell)">
-            #### On Windows PowerShell:
-            ```powershell
-            $env:OPENTACO_SERVER="https://my-opentaco.company.com"
-            $env:OPENTACO_AUTH_ISSUER="https://[[auth0 domain]]/"
-            $env:OPENTACO_AUTH_CLIENT_ID="my-client-id"
-
-            # To make permanent (optional):
-            [Environment]::SetEnvironmentVariable("OPENTACO_SERVER", "https://my-opentaco.company.com", "User")
-            [Environment]::SetEnvironmentVariable("OPENTACO_AUTH_ISSUER", "https://[[auth0 domain]]/", "User")
-            [Environment]::SetEnvironmentVariable("OPENTACO_AUTH_CLIENT_ID", "my-client-id", "User")
-            ```
-            </Tab>
-            <Tab title="Windows (Command Prompt)">
-            #### On Windows Command Prompt:
-            ```cmd
-            set OPENTACO_SERVER=https://my-opentaco.company.com
-            set OPENTACO_AUTH_ISSUER="https://[[auth0 domain]]/"
-            set OPENTACO_AUTH_CLIENT_ID=my-client-id
-
-            # To make permanent (optional):
-            setx OPENTACO_SERVER "https://my-opentaco.company.com"
-            setx OPENTACO_AUTH_ISSUER "https://[[auth0 domain]]/"
-            setx OPENTACO_AUTH_CLIENT_ID "my-client-id"
-            ```
-            </Tab>
-        </Tabs>
-
-        The env variable `OPENTACO_SERVER`  is the address of your server which we'll get to setting up later.
-
-    </Step>
-
-</Steps>
 
 
 # Create Your First Unit
@@ -389,7 +335,7 @@ Now that you have OpenTaco running and authentication configured, let's walk thr
 
 <Steps>
     <Step title="Authenticate Both Systems">
-    First, complete both authentication flows:
+    First, complete both authentication flows. When you do taco login for the first time, it will ask for the server url. By default it is set to `http://localhost:8080`, which won't really work for authentication features. You'll want to host through a proxy at least. More likely, you will have a hosted system on a TLS endpoint. You'll want to place that endpoint here. You can reconfigure at any time by calling `taco setup`.
 
     ```bash
     # Authenticate taco CLI (for unit management)
diff --git a/docs/images/state-management/allowed_callbacks.png b/docs/images/state-management/allowed_callbacks.png
diff --git a/docs/mint.json b/docs/mint.json
@@ -59,7 +59,8 @@
         "ce/state-management/digger-integration",
         "ce/state-management/development",
         "ce/state-management/analytics",
-        "ce/state-management/versioning"
+        "ce/state-management/versioning",
+        "ce/state-management/gcp-quickstart"
       ]
     },
     {

Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,8 @@`
`59`	`59`	`"ce/state-management/digger-integration",`
`60`	`60`	`"ce/state-management/development",`
`61`	`61`	`"ce/state-management/analytics",`
`62`		`- "ce/state-management/versioning"`
	`62`	`+ "ce/state-management/versioning",`
	`63`	`+ "ce/state-management/gcp-quickstart"`
`63`	`64`	`]`
`64`	`65`	`},`
`65`	`66`	`{`