Infra

[chrisaddy]

This pull request introduces a new infrastructure module for managing cloud resources using Pulumi and updates project configurations to integrate the new module. The key changes include the addition of Pulumi infrastructure code, configuration updates for dependencies, and workspace adjustments.

Infrastructure Module Setup:

• Added Pulumi configuration and dependencies in infrastructure/Pulumi.yaml and infrastructure/pyproject.toml to define the project, runtime, and required libraries. [1] [2]
• Implemented cloud_run.py to manage a Cloud Run service, Pub/Sub subscription, and Cloud Scheduler job, including secure handling of API keys via Pulumi secrets.
• Added project.py to enable required GCP services and configure IAM roles for the service account.
• Created topics.py to define a Pub/Sub topic for communication between services.

Project Configuration Updates:

• Updated pyproject.toml to include the new datamanager dependency and register the infrastructure module as part of the workspace.
• Adjusted .flox/env/manifest.toml to clean up unused sections and ensure proper configuration.

Summary by CodeRabbit

• New Features

  • Introduced infrastructure setup for Google Cloud using Pulumi, including project configuration, service account creation, and enabling required cloud services.
  • Added automated deployment and scheduling for a Cloud Run service with secure environment variable handling and scheduled invocations via Pub/Sub and Cloud Scheduler.
  • Added configuration files for managing infrastructure dependencies and Pulumi project metadata.

• Chores

  • Expanded the .gitignore file to cover a wider range of Python, environment, and editor files.
  • Updated project dependencies and workspace configuration to include the new infrastructure module.

• Refactor

  • Cleaned up and reorganized configuration files by removing unused sections and reordering entries for clarity.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This update introduces a new Pulumi-based infrastructure-as-code setup for Google Cloud Platform, including service accounts, Pub/Sub topics, Cloud Run services, and Cloud Scheduler jobs. It also expands the .gitignore, updates project dependencies and workspace configuration, and cleans up the environment manifest by removing empty sections and reordering entries.

Changes

Files/Paths	Change Summary
.gitignore	Expanded to ignore a comprehensive set of Python, environment, build, editor, and system files.
.flox/env/manifest.toml	Reordered [install] section, moved uv.pkg-path entry, and removed empty [vars], [hook], [profile], and [services] sections.
pyproject.toml	Added "datamanager" to dependencies, included "infrastructure" in workspace members and sources.
infrastructure/pyproject.toml	New file specifying project metadata and dependencies (pulumi, pulumi-gcp), Python version requirement.
infrastructure/Pulumi.yaml	New Pulumi project configuration file with project name, runtime, and description.
infrastructure/__main__.py	New entry point importing project and cloud_run modules.
infrastructure/cloud_run.py	New Pulumi module defining a Cloud Run service, service account, Pub/Sub subscription, and Cloud Scheduler job, with secure secret handling and resource interconnections.
infrastructure/project.py	New Pulumi module enabling GCP services, creating a service account, and assigning IAM roles for Pub/Sub subscription access.
infrastructure/topics.py	New Pulumi module defining a Pub/Sub topic resource as a global variable.

Sequence Diagram(s)

sequenceDiagram
    participant Scheduler as Cloud Scheduler Job
    participant PubSub as Pub/Sub Topic (platform-ping)
    participant Subscription as Pub/Sub Subscription
    participant CloudRun as Cloud Run Service (datamanager)
    participant ServiceAccount as Service Account

    Scheduler->>PubSub: Publishes message (every hour)
    PubSub->>Subscription: Delivers message
    Subscription->>CloudRun: Pushes message (OIDC Auth with ServiceAccount)
    CloudRun->>CloudRun: Runs container with secrets as env vars

Loading

Possibly related PRs

• Rebuild full application #485: Removes infrastructure files including cloud_run.py and related Pulumi resources, directly affecting the same files and configurations as this PR, but in the opposite direction (removal vs addition).

Suggested labels

application

Poem

A rabbit hopped through cloud and code,
Pulumi scripts in its digital abode.
Topics and jobs now dance in the sky,
Scheduler ticks as the hours go by.
Secrets are safe, the services run,
Infrastructure magic—oh what fun!
🐇✨

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This pull request adds a new infrastructure module for cloud resource management using Pulumi and updates project configurations to integrate the module.

• Introduces Pulumi configuration files (Pulumi.yaml, infrastructure/pyproject.toml) and related cloud resource management scripts (cloud_run.py, project.py, topics.py).
• Updates the workspace and dependency configuration in pyproject.toml and cleans up the environment manifest.

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
pyproject.toml	Updated to add "datamanager" dependency and include new workspace members.
infrastructure/topics.py	Adds a Pub/Sub topic definition for platform communication.
infrastructure/pyproject.toml	Establishes project configuration for the infrastructure module.
infrastructure/project.py	Configures required GCP services and sets up IAM roles.
infrastructure/cloud_run.py	Implements a Cloud Run service, Pub/Sub subscription, and Cloud Scheduler job.
infrastructure/main.py	Bootstraps the infrastructure module by importing necessary scripts.
infrastructure/Pulumi.yaml	Defines the Pulumi project configuration for managing cloud resources.
.flox/env/manifest.toml	Cleans up manifest configuration, removing unused sections.

Comments suppressed due to low confidence (1)

infrastructure/cloud_run.py:12

• [nitpick] The service account resource identifier in cloud_run.py uses a slightly different naming convention compared to the one in project.py. Consider unifying the naming (e.g., using consistent hyphenation) to reduce potential confusion.

service_account = serviceaccount.Account(
    "platform-service_account",
    account_id="platform-service-account",
    display_name="platform cloud run service account",
)

[coderabbitai]

Actionable comments posted: 4

🔭 Outside diff range comments (1)

infrastructure/pyproject.toml (1)

1-9: ⚠️ Potential issue

Fix the TOML syntax error causing pipeline failure.

The pipeline is failing due to invalid TOML syntax. Line 9 contains just the number 9 without any context, which is not valid TOML. This is likely related to the reported error about invalid array syntax and missing closing bracket.

Fix this by removing line 9 or ensuring it's properly formatted:

[project]
name = "infrastructure"
version = "0.1.0"
requires-python = ">=3.12"
dependencies = [
    "pulumi>=3.162.0",
    "pulumi-gcp>=8.25.1",
]
-9

🧰 Tools

🪛 GitHub Actions: Test and coverage check

[error] Failed to parse pyproject.toml due to invalid array syntax, causing task failure with exit code 2.

🧹 Nitpick comments (2)

infrastructure/topics.py (1)

1-3: Consider adding configuration options and documentation.

While the Pub/Sub topic creation is functional, consider enhancing it with:

1. Additional configuration parameters (e.g., labels, message retention)
2. Comments explaining the topic's purpose and integration with other services
3. Explicit project ID specification if this will be deployed across multiple projects

from pulumi_gcp.pubsub import Topic

-platform_ping = Topic("platform-ping")
+# Topic for platform ping messages - triggers the Cloud Run service via Pub/Sub subscription
+platform_ping = Topic("platform-ping", 
+    labels={
+        "environment": "production",
+        "service": "platform"
+    },
+    # Uncomment to specify message retention duration if needed
+    # message_retention_duration="86600s", # 24 hours
+)

infrastructure/project.py (1)

13-17: Consider a more specific service account name.

The service account has a generic name "platform" which could potentially conflict with other service accounts in a larger organization. Consider adding a prefix or suffix that's more specific to this particular use case.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9324487 and 2192027.

📒 Files selected for processing (9)

• .flox/env/manifest.toml (1 hunks)
• .gitignore (1 hunks)
• infrastructure/Pulumi.yaml (1 hunks)
• infrastructure/__main__.py (1 hunks)
• infrastructure/cloud_run.py (1 hunks)
• infrastructure/project.py (1 hunks)
• infrastructure/pyproject.toml (1 hunks)
• infrastructure/topics.py (1 hunks)
• pyproject.toml (1 hunks)

🧰 Additional context used

🪛 Ruff (0.8.2)

infrastructure/__main__.py

1-1: project imported but unused

Remove unused import: project

(F401)

🪛 GitHub Actions: Test and coverage check

infrastructure/pyproject.toml

[error] 16-16: TOML parse error: invalid array syntax at line 16, column 3. Expected closing bracket ']' for array.

---

[error] Failed to parse pyproject.toml due to invalid array syntax, causing task failure with exit code 2.

pyproject.toml

[error] 16-16: TOML parse error: invalid array syntax at line 16, column 3. Expected closing bracket ']' for array.

---

[error] Failed to parse pyproject.toml due to invalid array syntax, causing task failure with exit code 2.

🪛 GitHub Actions: Code quality check

infrastructure/pyproject.toml

[error] 16-16: TOML parse error at line 16, column 3: invalid array, expected ].

pyproject.toml

[error] 16-16: TOML parse error at line 16, column 3: invalid array, expected ].

🔇 Additional comments (12)

infrastructure/Pulumi.yaml (1)

1-3: LGTM: Well-structured Pulumi configuration.

The configuration correctly defines the project name, runtime, and description needed for a Pulumi project.

.flox/env/manifest.toml (1)

3-7: LGTM: Clean reorganization of the install section.

The reordering of entries doesn't impact functionality and improves the file organization.

pyproject.toml (2)

10-10: LGTM: Added datamanager dependency.

The addition of the datamanager dependency aligns with the infrastructure requirements.

🧰 Tools

🪛 GitHub Actions: Test and coverage check

[error] Failed to parse pyproject.toml due to invalid array syntax, causing task failure with exit code 2.

---

21-21: LGTM: Added infrastructure to workspace sources.

This change correctly integrates the new infrastructure module with the project workspace.

🧰 Tools

🪛 GitHub Actions: Test and coverage check

[error] Failed to parse pyproject.toml due to invalid array syntax, causing task failure with exit code 2.

.gitignore (1)

7-31: The gitignore additions look good.

The added patterns cover all standard Python development artifacts and environment files, which is appropriate for a project with a new Python infrastructure module.

infrastructure/project.py (3)

5-6: LGTM: Proper configuration retrieval.

The code correctly retrieves required GCP project ID and region from Pulumi configuration.

---

8-11: LGTM: GCP services enabled appropriately.

The code enables all the necessary GCP services (Cloud Run, Eventarc, Secret Manager, and Pub/Sub) that will be required by the infrastructure.

---

19-24: LGTM: IAM role assignment is correct.

The code properly assigns the Pub/Sub subscriber role to the service account, allowing it to receive messages from Pub/Sub topics. The use of apply() to format the member string is the correct approach.

infrastructure/cloud_run.py (4)

28-35: LGTM: Secure handling of API keys.

The code correctly uses Pulumi secrets for handling the Alpaca API credentials, which is a good security practice.

---

42-51: LGTM: Pub/Sub subscription configuration.

The subscription is properly configured to push messages to the Cloud Run service using OIDC authentication with the service account.

---

53-61: LGTM: Cloud Scheduler job configuration.

The Cloud Scheduler job is properly configured to publish messages to the Pub/Sub topic on an hourly schedule.

---

4-4:

Details

✅ Verification successful

Verify the 'topics' module import.

The code imports a topics module which is assumed to contain a platform_ping resource. Ensure this module is properly defined in the codebase.

---

🏁 Script executed:

#!/bin/bash
# Check if the topics module exists and contains the platform_ping resource
fd --type f "topics.py" --exec grep -l "platform_ping" {} \;

Length of output: 88

---

Import verified: topics module defines platform_ping
The file infrastructure/topics.py exists and contains a platform_ping resource, so the import topics in infrastructure/cloud_run.py is valid.

[coderabbitai]

⚠️ Potential issue

Add noqa: F401 to the project import.

The project import is flagged as unused by the static analyzer, but it's likely needed for Pulumi's infrastructure code execution via side effects. Add the same noqa comment that you used for the cloud_run import.

-import project
+import project  # noqa: F401
import cloud_run  # noqa: F401

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	import project
	import cloud_run # noqa: F401
	import project # noqa: F401
	import cloud_run # noqa: F401

🧰 Tools

🪛 Ruff (0.8.2)

1-1: project imported but unused

Remove unused import: project

(F401)

[coderabbitai]

⚠️ Potential issue

Fix the syntax error in the workspace members array.

There's a missing comma after the "infrastructure" element in the array, causing pipeline failures. TOML arrays require commas between elements.

members = [
-  "infrastructure"
+  "infrastructure",
  "application/datamanager",
]

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	members = [
	"infrastructure"
	"application/datamanager",
	]
	members = [
	"infrastructure",
	"application/datamanager",
	]

🧰 Tools

🪛 GitHub Actions: Test and coverage check

[error] 16-16: TOML parse error: invalid array syntax at line 16, column 3. Expected closing bracket ']' for array.

---

[error] Failed to parse pyproject.toml due to invalid array syntax, causing task failure with exit code 2.

🪛 GitHub Actions: Code quality check

[error] 16-16: TOML parse error at line 16, column 3: invalid array, expected ].

[coderabbitai]

🛠️ Refactor suggestion

Fix service account resource naming inconsistency.

There's an inconsistency in the resource naming convention. The resource name uses an underscore (platform-service_account) while the account_id uses a hyphen (platform-service-account). This could lead to confusion.

service_account = serviceaccount.Account(
-    "platform-service_account",
+    "platform-service-account",
    account_id="platform-service-account",
    display_name="platform cloud run service account",
)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	service_account = serviceaccount.Account(
	"platform-service_account",
	account_id="platform-service-account",
	display_name="platform cloud run service account",
	)
	service_account = serviceaccount.Account(
	"platform-service-account",
	account_id="platform-service-account",
	display_name="platform cloud run service account",
	)

[coderabbitai]

🛠️ Refactor suggestion

Avoid using 'latest' tag in container images.

Using the 'latest' tag for container images in production is not recommended as it's not immutable and can lead to inconsistent deployments. Consider using specific version tags or SHA digests instead.

cloudrun.ServiceTemplateSpecContainerArgs(
-    image="pocketsizefund/datamanager:latest",
+    image="pocketsizefund/datamanager:v1.0.0", # Replace with an appropriate version
    args=["--period=1"],

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	cloudrun.ServiceTemplateSpecContainerArgs(
	image="pocketsizefund/datamanager:latest",
	args=["--period=1"],
	cloudrun.ServiceTemplateSpecContainerArgs(
	image="pocketsizefund/datamanager:v1.0.0", # Replace with an appropriate version
	args=["--period=1"],