How to set up GCP for Pill Reminder.
- Go to console.cloud.google.com
- Click project dropdown > "New Project"
- Name it (e.g.,
pill-reminder) - Note the Project ID (you'll need this)
- Go to Billing
- Link a billing account to your project
- You get $300 free credits for new accounts
Run this command or enable manually in Console:
gcloud services enable \
cloudfunctions.googleapis.com \
cloudscheduler.googleapis.com \
cloudtasks.googleapis.com \
secretmanager.googleapis.com \
storage.googleapis.com \
cloudbuild.googleapis.comOr manually:
- Go to APIs & Services > Library
- Search and enable each:
- Cloud Functions API
- Cloud Scheduler API
- Cloud Tasks API
- Secret Manager API
- Cloud Storage API
- Cloud Build API
brew install google-cloud-sdkDownload from cloud.google.com/sdk/docs/install
curl https://sdk.cloud.google.com | bash
exec -l $SHELLgcloud init
gcloud auth login
gcloud config set project YOUR_PROJECT_IDIf you want Google Sheets logging:
# Create account
gcloud iam service-accounts create sheets-writer \
--display-name="Sheets Writer"
# Get email
SA_EMAIL=$(gcloud iam service-accounts list \
--filter="displayName:Sheets Writer" \
--format='value(email)')
echo "Service account: $SA_EMAIL"gcloud iam service-accounts keys create service-account.json \
--iam-account=$SA_EMAILgcloud secrets create google-sheets-creds \
--data-file=service-account.json
# Delete local file
rm service-account.json# Get the default compute service account
COMPUTE_SA=$(gcloud iam service-accounts list \
--filter="displayName:Default compute service account" \
--format='value(email)')
# Grant secret access
gcloud secrets add-iam-policy-binding google-sheets-creds \
--member="serviceAccount:$COMPUTE_SA" \
--role="roles/secretmanager.secretAccessor"gcloud tasks queues create pill-retries --location=us-central1# Add to .env
GCP_PROJECT_ID=your-project-id
GCP_REGION=us-central1GCP has a generous free tier:
| Service | Free Tier | Pill Reminder Usage |
|---|---|---|
| Cloud Functions | 2M invocations/month | ~200/month |
| Cloud Scheduler | 3 jobs | 4 jobs ($0.30 extra) |
| Cloud Tasks | 1M operations/month | ~100/month |
| Cloud Storage | 5 GB | <1 MB |
| Secret Manager | 6 active versions | 1 |
Expected cost: ~$0.10-0.40/month (mostly Cloud Scheduler)
Functions only need specific permissions:
storage.objects.get- Read audio filescloudtasks.tasks.create- Schedule retriessecretmanager.versions.access- Read Sheets credentials
Never hardcode secrets. Use:
- Environment variables (set in deploy.sh)
- Secret Manager for credentials
All Cloud Functions automatically use HTTPS.
Enable Cloud Audit Logs to track who does what:
- Go to IAM & Admin > Audit Logs
- Enable for Cloud Functions
# Check current project
gcloud config list project
# Check authentication
gcloud auth list
# Re-authenticate if needed
gcloud auth login- Check Cloud Build API is enabled
- Check you have Editor role on project
- View build logs in Cloud Console
- Verify timezone is correct
- Check job is not paused
- View execution logs in Cloud Console
# Grant access to function's service account
gcloud secrets add-iam-policy-binding google-sheets-creds \
--member="serviceAccount:YOUR_PROJECT_ID@appspot.gserviceaccount.com" \
--role="roles/secretmanager.secretAccessor"If you want to stop all charges:
# Delete entire project (WARNING: irreversible)
gcloud projects delete YOUR_PROJECT_ID
# Or delete individual resources (see SETUP.md > Uninstalling)