Latest Results
feat(hosting-cli): add reflex cloud gcp deploy for Cloud Run (#6450)
* feat(hosting-cli): add `reflex cloud gcp deploy` for Cloud Run
Fetches a Dockerfile and bash deploy script from flexgen
(`GET /api/v1/cli/gcp-cloud-run-manifest`), writes the Dockerfile into the
user's source directory, prints the script, and runs it via bash after the
user confirms. Pre-flights `bash`/`gcloud`/`docker` on PATH and an active
gcloud account, and surfaces a clear message on 403 (Enterprise tier
required). Deploy parameters (project, region, service name, AR repo,
version) are passed via env vars to the script.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix(hosting-cli): restrict gcp deploy env, add --no-interactive, extract constants
Address PR feedback:
- Restrict the deploy script's environment to an allowlist of host vars
(PATH, HOME, gcloud/docker config, proxy/TLS) plus the explicit deploy
overrides. Prevents a tampered or compromised flexgen manifest from
exfiltrating unrelated host secrets like AWS_*/GITHUB_TOKEN.
- Add --interactive/--no-interactive (default true) so the command works
in CI. In non-interactive mode the run prompt is skipped, and an
existing Dockerfile errors out unless --overwrite-dockerfile is set.
- Extract env-var keys and manifest field names into module-level
constants per project convention.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* refactor(hosting-cli): rename gcp deploy to `reflex cloud deploy --gcp`, add docs
Flatten the `gcp` group into a single `deploy` command with a `--gcp`
target flag so the surface can grow to other targets without nesting.
`--gcp-project` becomes optional at the Click level and is validated
in-function so the missing-target error fires first.
Add a hosting doc (with Enterprise-only callout) covering prerequisites,
options, what gets created in the GCP project, the env-allowlist
security model, CI usage, and troubleshooting. Wire it into the
sidebar's Self Hosting section and add `Gcp` -> `GCP` to the sidebar
acronym map.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* refactor(hosting-cli): use cloudbuild.yaml instead of symlinks for gcp deploy
The Dockerfile no longer touches disk anywhere near the user's source —
it's embedded (base64) as an inline `docker build` step inside a Cloud
Build config written to a tempfile, and the flexgen script's
`gcloud builds submit --tag X .` invocation is rewritten in-memory to
`--config="${REFLEX_CLOUDBUILD_YAML}" --substitutions=_IMAGE="${IMAGE}"`.
The script runs with cwd = the user's source dir, so the user's tree is
the Cloud Build upload context. No temp dir of symlinks, no source-tree
mutation. The cloudbuild.yaml tempfile is removed after the deploy.
If `gcloud builds submit` can't be located in the manifest's script
(format drift on flexgen's side), the rewrite errors out clearly so the
breakage surfaces immediately rather than half-running.
Verified end-to-end against a real GCP project: 1m53s Cloud Build, new
Cloud Run revision deployed and serving traffic, source Dockerfile
timestamp unchanged, tempfile cleaned up.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* update to not overwrite users dockerfile
* update docs
* pre commit
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Latest Branches
0%
0%
0%
© 2026 CodSpeed Technology