Deployment
Overview
| Target | Trigger | Pipeline |
|---|---|---|
| Cloud Run (staging) | Push to main | .github/workflows/deploy.yml |
| Cloud Run (production) | Manual dispatch with release tag | .github/workflows/deploy.yml |
| Cloudflare Pages | Push to main | .github/workflows/cloudflare-pages.yml |
| Kotlin SDK (Maven) | GitHub release | .github/workflows/sdk-publish.yml |
| TypeScript SDK (npm) | GitHub release | .github/workflows/sdk-npm-publish.yml |
Cloud Run Deployment Flow
- Build: Bazel builds OCI images for all 6 services
- Push: Images pushed to Artifact Registry (
us-east1-docker.pkg.dev/pinpoint-gateway/gateway/{service}:{tag}) - Deploy:
gcloud run deployto Cloud Run with appropriate env vars and secrets
Image Tagging
| Environment | Tag | Example |
|---|---|---|
| Staging | dev | gateway-processing:dev |
| Production | Release tag | gateway-processing:v0.0.3 |
CRITICAL: Production must use a pinned immutable release tag. Never use latest or dev for production.
Cloud Run Services
| Service | Staging | Production |
|---|---|---|
| auth | gateway-auth-staging | gateway-auth |
| processing | gateway-processing-staging | gateway-processing |
| management | gateway-management-staging | gateway-management |
| online-txn | gateway-online-txn-staging | gateway-online-txn |
| merchant-onboarding | gateway-merchant-onboarding-staging | gateway-merchant-onboarding |
| status | gateway-status-staging | gateway-status |
Region: us-east1
Scaling Configuration
| Setting | Staging | Production |
|---|---|---|
| Min instances | 0 | 1 |
| Max instances | 5 | 10 |
| CPU | 1 | 2 |
| Memory | 512Mi | 1Gi |
Checking Deployment Status
# List Cloud Run revisions
gcloud run revisions list --service=gateway-processing-staging --region=us-east1 --project=pinpoint-gateway
# View logs
gcloud logging read 'resource.labels.service_name="gateway-processing-staging"' --project=pinpoint-gateway --limit=20 --format='value(jsonPayload.message)'
# Check health
curl https://staging-api.peakgateway.co/processing/health
Website Deployment
Websites deploy to Cloudflare Pages automatically on push to main:
| Website | Production URL | Staging URL |
|---|---|---|
| Portal | support.peakgateway.co | staging-support.peakgateway.co |
| Checkout | checkout.peakgateway.co | staging-checkout.peakgateway.co |
| Merchant Portal | merchant.peakgateway.co | staging-merchant.peakgateway.co |
| Marketing | peakgateway.co | staging.peakgateway.co |
| Docs | docs.peakgateway.co | N/A |
| Support Docs | support-docs.peakgateway.co | N/A |
Infrastructure Changes
Terraform manages all GCP infrastructure:
cd infra/terraform
terraform plan # Review changes
terraform apply # Apply (requires approval)
State is stored in Terraform Cloud (org: peaksystems, workspace: gateway).
Maintenance
Cleaning old Cloud Run revisions
# Dry run (default)
./infra/scripts/cleanup-cloud-run-revisions.sh \
--project pinpoint-gateway \
--region us-east1 \
--all-services \
--keep 3
# Apply
./infra/scripts/cleanup-cloud-run-revisions.sh \
--project pinpoint-gateway \
--region us-east1 \
--all-services \
--keep 3 \
--apply
This runs automatically hourly via .github/workflows/infra-maintenance.yml.
CI/CD Pipelines
| Workflow | Trigger | Purpose |
|---|---|---|
ci.yml | PR, push to main | Build + test all services/libs |
deploy.yml | Push to main, release, manual | Build, push, deploy to Cloud Run |
cloudflare-pages.yml | Push to main | Build + deploy all websites |
pre-commit.yml | PR | Linting, formatting checks |
iac-security.yml | infra/** changes | Checkov + Terraform validation |
infra-maintenance.yml | Hourly | Clean old revisions + artifacts |
sdk-publish.yml | GitHub release | Publish Kotlin SDK to Maven |
sdk-npm-publish.yml | GitHub release | Publish TypeScript SDK to npm |