Lcaggio/df cx #1768
Lcaggio/df cx #1768
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| # When deploying to Google App Engine, a webserver process such as | ||
| # Gunicorn will serve the app. This can be configured by adding an | ||
| # `entrypoint` to app.yaml. | ||
| app.run(host='127.0.0.1', port=8080, debug=True) |
Check failure
Code scanning / CodeQL
Flask app is run in debug mode High
There was a problem hiding this comment.
Lately I'm leaning against PRs that add code in other languages because their original author usually merges and never looks back to make sure everything works.
This warning is one more reason to avoid this kind of assets.
There was a problem hiding this comment.
@lcaggio every blueprint we merge represents an additional maintenance burden on the repo maintainers. Please understand that we need to balance whether a new blueprint is a meaningful addition to the repository against the limited maintenance resources we have.
I know this WIP but I'm struggling to see the value of this blueprint. I'd really love to have more ML-focused blueprints but I have to question if there's anything novel in this PR.
| --region=${var.region} \ | ||
| --project=${module.project.project_id} \ | ||
| --tag ${var.region}-docker.pkg.dev/${module.project.project_id}/${google_artifact_registry_repository.repo.name}/webhook:v1 \ | ||
| ./cr |
There was a problem hiding this comment.
This is a big no. We never shell out to run random commands. Our only dependency is the GCP provider and nothing else
| # When deploying to Google App Engine, a webserver process such as | ||
| # Gunicorn will serve the app. This can be configured by adding an | ||
| # `entrypoint` to app.yaml. | ||
| app.run(host='127.0.0.1', port=8080, debug=True) |
There was a problem hiding this comment.
Lately I'm leaning against PRs that add code in other languages because their original author usually merges and never looks back to make sure everything works.
This warning is one more reason to avoid this kind of assets.
|
|
||
| # tfdoc:file:description Cloud Run resources. | ||
|
|
||
| module "service_account_cr" { |
There was a problem hiding this comment.
we use dashes in module names
| @@ -0,0 +1,14 @@ | |||
| # GCP ML/AI Services blueprints | |||
|
|
|||
| The blueprints in this folder implement **typical ML/AI service topologies** and **end-to-end scenarios**, that allow testing specific features. | |||
There was a problem hiding this comment.
that allow testing specific features this is not the purpose of blueprints
| provisioner "local-exec" { | ||
| working_dir = path.module | ||
| command = "openssl x509 -in server_tf.crt -out server_tf.der -outform DER" | ||
| } |
There was a problem hiding this comment.
Same as before. This will never be merged as it stands.
|
Hey Lore, I agree 100% on what Julio wrote. I am closing this, let's figure out together if it makes sense to bring this further, and how to avoid contradicting several of our design principles. :) |
Create a Dialgoflow CX agent with private connectivity to a Cloud Run instance acting as webhook.
I applicable, I acknowledge that I have:
terraform fmton all modified filestools/tfdoc.py