forked from aerele/proctor
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.deploy.example
More file actions
106 lines (91 loc) · 4.33 KB
/
Copy path.env.deploy.example
File metadata and controls
106 lines (91 loc) · 4.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# Aerele Proctor deployment template
#
# Copy this file to a local ignored file before filling real values:
#
# cp .env.deploy.example .env.deploy.local
#
# Then edit .env.deploy.local. Do not commit .env.deploy.local.
#
# A developer can fill most values from gcloud after authentication:
#
# gcloud auth login
# gcloud projects list
# gcloud config set project YOUR_PROJECT_ID
# gcloud config get-value project
#
# This app uses Google Cloud Run, Google Cloud Storage, Firestore, Cloud Build,
# and Artifact Registry. The deploy scripts create missing buckets, Artifact
# Registry repositories, and Cloud Run services where possible.
# Required. Your Google Cloud project ID, not the project display name.
# Find it with:
# gcloud projects list
# gcloud config get-value project
PROJECT_ID=your-gcp-project-id
# Required. Google Cloud region for Cloud Run, Firestore, buckets, and images.
# Pick one region and keep all resources together to avoid latency and surprise
# cross-region costs. Examples: asia-south1, asia-south2, us-central1.
# List available Cloud Run regions with:
# gcloud run regions list
REGION=your-gcp-region
# Required. Artifact Registry Docker repository name.
# The deploy scripts create it if it does not exist.
# Keep it lowercase and simple.
REPOSITORY=proctor
# Required. Admin password for /admin.
# This is used by the backend and also embedded into the frontend build only so
# the admin screen can hide everything before unlock. Use a long unique value.
# Generate one locally with:
# openssl rand -base64 24
ADMIN_PASSWORD=replace-with-a-long-random-admin-password
# Required. Shared secret for the alerts-ingestion API (POST /api/alerts).
# Producers (the proctor recorder and the contest-eval pipeline) send this in
# the x-api-key header; the backend rejects every ingest request when it is
# unset (closed-by-default). Use a long unique value and keep it secret.
# Generate one locally with:
# openssl rand -base64 32
ALERTS_INGEST_API_KEY=replace-with-a-long-random-ingest-api-key
# Required for the daily evidence-retention sweep (S-H). Closed-by-default:
# unset => the /api/admin/retention-sweep endpoint rejects every x-api-key call
# (the admin password still triggers a manual sweep). The daily Cloud Scheduler
# job sends this value as the x-api-key header. Generate with:
# openssl rand -base64 32
RETENTION_SWEEP_API_KEY=replace-with-a-long-random-sweep-api-key
# Optional. Firestore collection that stores ingested alerts.
# Defaults to proctor_alerts when unset.
ALERTS_COLLECTION=proctor_alerts
# Optional. CORS origin accepted by the backend.
# For first deployment you can keep *. After the frontend is deployed, set this
# to the exact frontend Cloud Run URL and redeploy the backend if you want a
# tighter production configuration.
PUBLIC_APP_ORIGIN=*
# Required for evidence uploads. The backend deploy script creates this bucket
# if missing and applies the lifecycle/CORS config from backend/.
# Bucket names are globally unique across Google Cloud, so prefix with your
# organization or project slug.
EVIDENCE_BUCKET=your-globally-unique-proctor-evidence-bucket
# Required for video merge/review worker. Usually the same as EVIDENCE_BUCKET.
SOURCE_BUCKET=your-globally-unique-proctor-evidence-bucket
# Required for merged/final review videos. The video worker deploy script
# creates this bucket if missing and applies the 3-day lifecycle policy.
DEST_BUCKET=your-globally-unique-proctor-review-video-bucket
# Required. Cloud Run service names. These are not URLs; they are service IDs
# shown by:
# gcloud run services list --region "$REGION"
BACKEND_SERVICE_NAME=proctor-api
FRONTEND_SERVICE_NAME=proctor-web
VIDEO_WORKER_SERVICE_NAME=proctor-video-worker
# Required after backend deployment, before frontend deployment.
# Fill this with the backend Cloud Run URL printed by backend/deploy-gcp.sh, or:
# gcloud run services describe "$BACKEND_SERVICE_NAME" \
# --region "$REGION" \
# --format="value(status.url)"
API_URL=https://your-backend-cloud-run-url
# Required only when deploying the optional video merge worker.
# This protects the /merge endpoint. Generate with:
# openssl rand -base64 32
WORKER_TOKEN=replace-with-a-long-random-worker-token
# Optional local helper for the merge script.
# Example:
# source .env.deploy.local
# node scripts/merge-gcs-videos.mjs username1 username2
MAX_USERNAMES_PER_REQUEST=25