33# Exit immediately if a command exits with a non-zero status.
44set -e
55
6+ # --- Argument Parsing ---
7+ PRINT_COMMAND=false
8+ if [[ " $1 " == " -v" || " $1 " == " --verbose" ; then
9+ PRINT_COMMAND=true
10+ fi
11+
612# --- Source Environment Variables ---
7- # Check if a .env file exists and source it if it does.
813if [ -f .env ]; then
9- echo " --> Sourcing variables from .env file ..."
14+ echo " --> Sourcing variables from .env..."
1015 set -a # Automatically export all variables defined in the sourced file
1116 source .env
1217 set +a # Stop automatically exporting
2328: " ${GCP__SERVICE_ACCOUNT:? Please set GCP__SERVICE_ACCOUNT} "
2429: " ${GCP__IMAGE:? Please set GCP__IMAGE} "
2530: " ${GCP__CONFIDENTIAL_COMPUTE_TYPE:? Please set GCP__CONFIDENTIAL_COMPUTE_TYPE} "
31+ : " ${GCP__SCOPES:? Please set GCP__SCOPES} "
32+ : " ${GCP__TAGS:? Please set GCP__TAGS} "
33+ : " ${GCP__TEE_CONTAINER_LOG_REDIRECT:? Please set GCP__TEE_CONTAINER_LOG_REDIRECT} "
2634
2735echo " --> Creating instance '$GCP__INSTANCE_NAME ' in project '$GCP__PROJECT ' with the following settings:"
28- echo " Zone: $GCP__ZONE "
29- echo " Machine Type: $GCP__MACHINE_TYPE "
30- echo " Service Account: $GCP__SERVICE_ACCOUNT "
31- echo " Image: $GCP__IMAGE "
32- echo " TEE Image Reference: $GCP__TEE_IMAGE_REFERENCE "
33- echo " Confidential Compute Type: $GCP__CONFIDENTIAL_COMPUTE_TYPE "
34-
35- # --- Command ---
36- gcloud compute instances create " $GCP__INSTANCE_NAME "
37- --project=" $GCP__PROJECT "
38- --zone=" $GCP__ZONE "
39- --machine-type=" $GCP__MACHINE_TYPE "
40- --network-interface=network-tier=PREMIUM,nic-type=GVNIC,stack-type=IPV4_ONLY,subnet=default \
41- --metadata=tee-image-reference=" $GCP__TEE_IMAGE_REFERENCE "
42- --maintenance-policy=TERMINATE \
43- --provisioning-model=STANDARD \
44- --service-account=" $GCP__SERVICE_ACCOUNT "
45- --scopes=https://www.googleapis.com/auth/cloud-platform \
46- --tags=flare-ai,http-server,https-server \
47- --create-disk=auto-delete=yes,\
48- boot=yes,\
49- device-name=" $GCP__INSTANCE_NAME "
50- image=projects/confidential-space-images/global/images/" $GCP__IMAGE "
51- mode=rw,\
52- size=11,\
53- type=pd-balanced \
54- --shielded-secure-boot \
55- --shielded-vtpm \
56- --shielded-integrity-monitoring \
57- --reservation-affinity=any \
36+ echo " - Zone: $GCP__ZONE "
37+ echo " - Machine Type: $GCP__MACHINE_TYPE "
38+ echo " - Service Account: $GCP__SERVICE_ACCOUNT "
39+ echo " - Image: $GCP__IMAGE "
40+ echo " - TEE Image Reference: $GCP__TEE_IMAGE_REFERENCE "
41+ echo " - Confidential Compute Type: $GCP__CONFIDENTIAL_COMPUTE_TYPE "
42+ echo " - Scopes: $GCP__SCOPES "
43+ echo " - Tags: $GCP__TAGS "
44+ echo " - TEE Log Redirect: $GCP__TEE_CONTAINER_LOG_REDIRECT "
45+
46+ # --- Build TEE Environment Metadata ---
47+ echo " --> Preparing TEE environment metadata from .env variables..."
48+ PREFIX_PATTERN=" ^(AGENT__|ECOSYSTEM__|VECTOR_DB__|GRAPH_DB__|SOCIAL__|TEE__|INGESTION__)"
49+ VAR_NAMES=$( printenv | grep -E " $PREFIX_PATTERN " | cut -d' =' )
50+ METADATA_VARS=" "
51+ if [ -n " $VAR_NAMES " ; then
52+ echo " Found the following variables for TEE:"
53+ for VAR_NAME in $VAR_NAMES ; do
54+ # Indirect expansion: Get the VALUE of the variable whose NAME is in VAR_NAME.
55+ VAR_VALUE=" ${! VAR_NAME} "
56+ METADATA_VARS=" ${METADATA_VARS} ,tee-env-${VAR_NAME} =${VAR_VALUE} "
57+
58+ # Display the variable being passed, but hide secrets.
59+ if [[ " $VAR_NAME " == * SECRET* || " $VAR_NAME " == * KEY* || " $VAR_NAME " == * TOKEN* ]]; then
60+ echo " - ${VAR_NAME} =******"
61+ else
62+ echo " - ${VAR_NAME} =${VAR_VALUE} "
63+ fi
64+ done
65+ fi
66+
67+ # --- Build Command Array ---
68+ COMMAND=(
69+ gcloud compute instances create " $GCP__INSTANCE_NAME "
70+ --project=" $GCP__PROJECT "
71+ --zone=" $GCP__ZONE "
72+ --machine-type=" $GCP__MACHINE_TYPE "
73+ --network-interface=network-tier=PREMIUM,nic-type=GVNIC,stack-type=IPV4_ONLY,subnet=default
74+ --metadata=" tee-image-reference=$GCP__TEE_IMAGE_REFERENCE ,tee-container-log-redirect=$GCP__TEE_CONTAINER_LOG_REDIRECT ${METADATA_VARS} "
75+ --maintenance-policy=TERMINATE
76+ --provisioning-model=STANDARD
77+ --service-account=" $GCP__SERVICE_ACCOUNT "
78+ --scopes=" $GCP__SCOPES "
79+ --tags=" $GCP__TAGS "
80+ --create-disk=auto-delete=yes,boot=yes,device-name=" $GCP__INSTANCE_NAME " " $GCP__IMAGE "
81+ --shielded-secure-boot
82+ --shielded-vtpm
83+ --shielded-integrity-monitoring
84+ --reservation-affinity=any
5885 --confidential-compute-type=" $GCP__CONFIDENTIAL_COMPUTE_TYPE "
86+ )
87+
88+ # --- Confirmation ---
89+
90+ # Print the command in a readable multi-line format.
91+ if [ " $PRINT_COMMAND " = true ]; then
92+ echo
93+ echo " The following command will be executed:"
94+ echo " ----------------------------------------"
95+ printf " %s" " ${COMMAND[0]} " # Print 'gcloud'
96+ for (( i= 1 ; i< ${# COMMAND[@]} ; i++ )) ; do
97+ PART=" ${COMMAND[$i]} "
98+ if [[ " $PART " == --* ]]; then
99+ printf ' \\\n' # Print continuation and a literal newline.
100+ printf ' %s' " $PART " # Print indentation and the flag.
101+ else
102+ printf ' %s' " $PART "
103+ fi
104+ done
105+ printf ' \n' # Print the final newline.
106+ echo " ----------------------------------------"
107+ fi
108+
109+ read -p " Do you want to continue? (y/N) "
110+ echo # Move to a new line
111+
112+ if [[ ! $REPLY =~ ^[Yy]$ ]]; then
113+ echo " Deployment cancelled by user."
114+ exit 1
115+ fi
116+
117+ # --- Execute Command ---
118+ echo " --> Proceeding with deployment..."
119+ " ${COMMAND[@]} "
59120
60- echo " --> ✨ Instance '$GCP__INSTANCE_NAME ' created successfully."
121+ echo " --> ✨ Instance '$GCP__INSTANCE_NAME ' created successfully."
0 commit comments