Added optional SQL instance connector

Author: st-matskevich

.github/workflows/main.yml

@@ -138,7 +138,7 @@ jobs:
       SERVICE_ACCOUNT: ${{ vars.GCP_SA_EMAIL }}
       MIGRATOR_SERVICE: ${{ vars.GCP_SERVICE_MIGRATOR_NAME }}
       API_IMAGE: ${{ vars.GCP_PROJECT_REGION }}-docker.pkg.dev/${{ vars.GCP_PROJECT_ID }}/${{ vars.GCP_ARTIFACT_REGISTRY }}/${{ vars.GCP_SERVICE_API_NAME }}:${{  github.sha }}
-      # SQL_INSTANCE_NAME: ${{ vars.GCP_SQL_INSTANCE_CONNECTION_NAME }}
+      SQL_INSTANCE_NAME: ${{ vars.GCP_SQL_INSTANCE_CONNECTION_NAME }}
       DB_URL_SECRET: ${{ vars.GCP_SECRET_DB_URL }}
     runs-on: ubuntu-latest
 
@@ -152,21 +152,25 @@ jobs:
         uses: google-github-actions/setup-gcloud@v1
 
       - name: Deploy migration job to Cloud Run
-        # re-add this for cloudsql integration
-        # --set-cloudsql-instances=${{ env.SQL_INSTANCE_NAME }}
         run: |-
-          gcloud --quiet run jobs deploy ${{ env.MIGRATOR_SERVICE }} \
-          --image=${{ env.API_IMAGE }} \
-          --region=${{ env.PROJECT_REGION }} \
-          --service-account=${{ env.SERVICE_ACCOUNT }} \
-          --network=default \
-          --subnet=default \
-          --vpc-egress=private-ranges-only \
-          --set-secrets=DB_CONNECTION_STRING=${{ env.DB_URL_SECRET }}:latest \
-          --args=--migrate \
-          --max-retries=3 \
-          --execute-now \
-          --wait
+          CMD="gcloud --quiet run jobs deploy ${{ env.MIGRATOR_SERVICE }} \
+            --image=${{ env.API_IMAGE }} \
+            --region=${{ env.PROJECT_REGION }} \
+            --service-account=${{ env.SERVICE_ACCOUNT }} \
+            --network=default \
+            --subnet=default \
+            --vpc-egress=private-ranges-only \
+            --set-secrets=DB_CONNECTION_STRING=${{ env.DB_URL_SECRET }}:latest \
+            --args=--migrate \
+            --max-retries=3 \
+            --execute-now \
+            --wait"
+
+          if [ -n "${{ env.SQL_INSTANCE_NAME }}" ]; then
+            CMD="$CMD --set-cloudsql-instances=${{ env.SQL_INSTANCE_NAME }}"
+          fi
+
+          eval "$CMD"
 
   deploy-services:
     needs: [deploy-migrator, push-ui-container]
@@ -181,7 +185,7 @@ jobs:
       UI_SERVICE: ${{ vars.GCP_SERVICE_UI_NAME }}
       UI_MAX_INSTANCES: ${{ vars.GCP_SERVICE_UI_MAX_INSTANCES }}
       UI_IMAGE: ${{ vars.GCP_PROJECT_REGION }}-docker.pkg.dev/${{ vars.GCP_PROJECT_ID }}/${{ vars.GCP_ARTIFACT_REGISTRY }}/${{ vars.GCP_SERVICE_UI_NAME }}:${{  github.sha }}
-      # SQL_INSTANCE_NAME: ${{ vars.GCP_SQL_INSTANCE_CONNECTION_NAME }}
+      SQL_INSTANCE_NAME: ${{ vars.GCP_SQL_INSTANCE_CONNECTION_NAME }}
       TG_TOKEN_SECRET: ${{ vars.GCP_SECRET_TG_BOT_TOKEN }}
       TG_PAYMENTS_SECRET: ${{ vars.GCP_SECRET_TG_PAYMENTS_TOKEN }}
       JWT_SECRET: ${{ vars.GCP_SECRET_JWT_SECRET }}
@@ -205,23 +209,27 @@ jobs:
         uses: google-github-actions/setup-gcloud@v1
 
       - name: Deploy API service to Cloud Run
-        # re-add this for cloudsql integration
-        # --set-cloudsql-instances=${{ env.SQL_INSTANCE_NAME }}
         run: |-
-          gcloud --quiet run deploy ${{ env.API_SERVICE }} \
-          --image=${{ env.API_IMAGE }} \
-          --region=${{ env.PROJECT_REGION }} \
-          --service-account=${{ env.SERVICE_ACCOUNT }} \
-          --network=default \
-          --subnet=default \
-          --vpc-egress=private-ranges-only \
-          --max-instances=${{ env.API_MAX_INSTANCES }} \
-          --set-secrets=TELEGRAM_BOT_TOKEN=${{ env.TG_TOKEN_SECRET }}:latest \
-          --set-secrets=TELEGRAM_PAYMENTS_TOKEN=${{ env.TG_PAYMENTS_SECRET }}:latest \
-          --set-secrets=JWT_SECRET=${{ env.JWT_SECRET }}:latest \
-          --set-secrets=DB_CONNECTION_STRING=${{ env.DB_URL_SECRET }}:latest \
-          --set-secrets=S3_CONNECTION_STRING=${{ env.S3_URL_SECRET }}:latest \
-          --allow-unauthenticated
+          CMD="gcloud --quiet run deploy ${{ env.API_SERVICE }} \
+              --image=${{ env.API_IMAGE }} \
+              --region=${{ env.PROJECT_REGION }} \
+              --service-account=${{ env.SERVICE_ACCOUNT }} \
+              --network=default \
+              --subnet=default \
+              --vpc-egress=private-ranges-only \
+              --max-instances=${{ env.API_MAX_INSTANCES }} \
+              --set-secrets=TELEGRAM_BOT_TOKEN=${{ env.TG_TOKEN_SECRET }}:latest \
+              --set-secrets=TELEGRAM_PAYMENTS_TOKEN=${{ env.TG_PAYMENTS_SECRET }}:latest \
+              --set-secrets=JWT_SECRET=${{ env.JWT_SECRET }}:latest \
+              --set-secrets=DB_CONNECTION_STRING=${{ env.DB_URL_SECRET }}:latest \
+              --set-secrets=S3_CONNECTION_STRING=${{ env.S3_URL_SECRET }}:latest \
+              --allow-unauthenticated"
+
+          if [ -n "${{ env.SQL_INSTANCE_NAME }}" ]; then
+            CMD="$CMD --set-cloudsql-instances=${{ env.SQL_INSTANCE_NAME }}"
+          fi
+
+          eval "$CMD"
 
       - name: Get API service URL
         run: echo "API_URL=$(gcloud --quiet run services describe ${{ env.API_SERVICE }} --platform managed --region ${{ env.PROJECT_REGION }} --format 'value(status.url)')" >> $GITHUB_ENV

README.md

@@ -122,6 +122,8 @@ Deployment setup:
 
 After successful deployment, obtain the bot API URL from either `deploy-services` job results or from [GCP Project Console](https://console.cloud.google.com) and proceed to [switching bot environment](#switching-bot-environment).
 
+Alternatively, to fit within the [GCP free tier](https://cloud.google.com/free/docs/free-cloud-features#free-tier), you can deploy PostgreSQL on an e2-micro Compute Engine VM and connect Cloud Run services using [Direct VPC](https://cloud.google.com/run/docs/configuring/vpc-direct-vpc). However, because a self-managed PostgreSQL instance requires additional configuration and operational oversight, this approach is not covered in this instruction.
+
 ## Switching bot environment
 After the bot is either [launched locally](#local-environment) or [deployed in GCP](#production-deployment), Telegram needs to be configured with a proper webhook URL. To set it, use:
 ```sh