|
| 1 | +#!/bin/bash |
| 2 | +set -euo pipefail |
| 3 | + |
| 4 | +# Schedule Invoke to Cloud Run for Cloud Scheduler |
| 5 | +export PROJECT_ID="advena-dev" |
| 6 | +export REGION="us-central1" |
| 7 | +export GRANT_CLOUD_RUN_SERVICE="backend-advena" |
| 8 | +export USER_SA_OF_SCHEDULER="schedule-invoke-cloud-run" |
| 9 | +export USER_SA_OF_SCHEDULER_EMAIL="${USER_SA_OF_SCHEDULER}@${PROJECT_ID}.iam.gserviceaccount.com" |
| 10 | + |
| 11 | +echo "=== Settings ===" |
| 12 | +echo "PROJECT_ID: $PROJECT_ID" |
| 13 | +echo "REGION: $REGION" |
| 14 | +echo "GRANT_CLOUD_RUN_SERVICE: $GRANT_CLOUD_RUN_SERVICE" |
| 15 | +echo "USER_SA_OF_SCHEDULER: $USER_SA_OF_SCHEDULER" |
| 16 | +echo "USER_SA_OF_SCHEDULER_EMAIL: $USER_SA_OF_SCHEDULER_EMAIL" |
| 17 | +echo "================" |
| 18 | + |
| 19 | +# Enable the Cloud Scheduler API |
| 20 | +gcloud services enable cloudscheduler.googleapis.com --project "${PROJECT_ID}" |
| 21 | + |
| 22 | +# サービスアカウントの存在チェックと作成 |
| 23 | +if ! gcloud iam service-accounts list \ |
| 24 | + --filter="email:${USER_SA_OF_SCHEDULER_EMAIL}" \ |
| 25 | + --format="value(email)" | grep -q "${USER_SA_OF_SCHEDULER_EMAIL}"; then |
| 26 | + echo "Creating service account: ${USER_SA_OF_SCHEDULER_EMAIL}" |
| 27 | + gcloud iam service-accounts create "${USER_SA_OF_SCHEDULER}" \ |
| 28 | + --project="${PROJECT_ID}" \ |
| 29 | + --description="Cloud Scheduler Service Account for Cloud Run Invoker" |
| 30 | +else |
| 31 | + echo "Service account ${USER_SA_OF_SCHEDULER_EMAIL} already exists. Skipping creation." |
| 32 | +fi |
| 33 | + |
| 34 | +# Grant role |
| 35 | +echo "Granting Cloud Run Invoker role to Service Account for Cloud Scheduler" |
| 36 | +gcloud run services add-iam-policy-binding "${GRANT_CLOUD_RUN_SERVICE}" \ |
| 37 | + --member="serviceAccount:${USER_SA_OF_SCHEDULER_EMAIL}" \ |
| 38 | + --role="roles/run.invoker" \ |
| 39 | + --region="${REGION}" \ |
| 40 | + --project="${PROJECT_ID}" |
| 41 | + |
| 42 | +echo "⭐️ All done!" |
0 commit comments