FedMCP - Federal Parliamentary Information

#!/bin/bash # Deploy FedMCP HTTP API to Cloud Run # # This service provides a REST API wrapper for the FedMCP MCP tools # with API key authentication, rate limiting, and usage logging. # # Secrets are fetched from Google Cloud Secret Manager: # - supabase-url # - supabase-service-role-key # - canlii-api-key (optional) set -e # Configuration PROJECT_ID="canada-gpt-ca" REGION="us-central1" SERVICE_NAME="fedmcp-api" IMAGE="us-central1-docker.pkg.dev/${PROJECT_ID}/canadagpt/fedmcp-api:latest" echo "=========================================" echo "Deploying FedMCP HTTP API to Cloud Run" echo "=========================================" echo "" echo "Service: $SERVICE_NAME" echo "Image: $IMAGE" echo "Region: $REGION" echo "" # Step 1: Verify secrets exist in Secret Manager echo "Step 1/4: Verifying secrets in Secret Manager..." REQUIRED_SECRETS=("supabase-url" "supabase-service-role-key") OPTIONAL_SECRETS=("canlii-api-key") for secret in "${REQUIRED_SECRETS[@]}"; do if ! gcloud secrets describe ${secret} --project=${PROJECT_ID} &>/dev/null; then echo "Secret '${secret}' not found in Secret Manager" echo " Create it with: echo -n 'your-value' | gcloud secrets create ${secret} --data-file=-" exit 1 fi done echo "All required secrets exist" # Check optional secrets OPTIONAL_SECRET_FLAGS="" for secret in "${OPTIONAL_SECRETS[@]}"; do if gcloud secrets describe ${secret} --project=${PROJECT_ID} &>/dev/null; then echo " Found optional secret: ${secret}" # Map to env var name case ${secret} in "canlii-api-key") OPTIONAL_SECRET_FLAGS="${OPTIONAL_SECRET_FLAGS},CANLII_API_KEY=${secret}:latest" ;; esac fi done echo "" # Step 2: Build and push Docker image echo "Step 2/4: Building Docker image..." docker buildx build --platform linux/amd64 --no-cache \ -t $IMAGE \ -f Dockerfile.fedmcp-api \ --push . echo "" # Step 3: Deploy to Cloud Run echo "Step 3/4: Deploying to Cloud Run..." SECRET_FLAGS="SUPABASE_URL=supabase-url:latest,SUPABASE_SERVICE_ROLE_KEY=supabase-service-role-key:latest${OPTIONAL_SECRET_FLAGS}" gcloud run deploy $SERVICE_NAME \ --image=$IMAGE \ --platform=managed \ --region=$REGION \ --project=$PROJECT_ID \ --allow-unauthenticated \ --port=8080 \ --memory=1Gi \ --cpu=1 \ --min-instances=0 \ --max-instances=10 \ --timeout=300 \ --set-env-vars="PORT=8080,HOST=0.0.0.0" \ --set-secrets="${SECRET_FLAGS}" \ --service-account=canadagpt-graph-api-sa@canada-gpt-ca.iam.gserviceaccount.com echo "" echo "=========================================" echo "Deployment Complete!" echo "=========================================" # Get the service URL SERVICE_URL=$(gcloud run services describe $SERVICE_NAME --region=$REGION --project=$PROJECT_ID --format="value(status.url)") echo "" echo "FedMCP API URL: $SERVICE_URL" echo "Documentation: $SERVICE_URL/docs" echo "" # Step 4: Run smoke test echo "Step 4/4: Running smoke test..." if curl -s "$SERVICE_URL/health" | grep -q '"status":"healthy"'; then echo "Health check passed" else echo "Warning: Health check failed. Verify the deployment manually." exit 1 fi # Test listing tools (public endpoint) TOOLS_RESPONSE=$(curl -s "$SERVICE_URL/tools") TOOL_COUNT=$(echo "$TOOLS_RESPONSE" | python3 -c "import sys,json; print(len(json.load(sys.stdin).get('tools',[])))" 2>/dev/null || echo "0") if [ "$TOOL_COUNT" -gt "0" ]; then echo "Tools endpoint verified: $TOOL_COUNT tools available" else echo "Warning: Could not verify tools endpoint" fi echo "" echo "=========================================" echo "Deployment successful!" echo "=========================================" echo "" echo "Next steps:" echo "1. Create secrets in Supabase if not done already" echo "2. Apply the migration: supabase/migrations/20260114000000_fedmcp_api_keys.sql" echo "3. Create API keys through the frontend or API" echo ""