​

Sprint 14: Infrastructure Automation & The Autonomous Factory

​

🛠 Context & Required Rules for AI Agents

1. Infrastructure as Code (IaC): Deployments must be driven by cloudbuild.yaml. No manual Docker builds.
2. Zero-Trust Networking: The /tasks/ingest-news endpoint is secured by a SCHEDULER_SECRET. The Cloud Scheduler cron job must inject this as a Bearer token in the Authorization header.
3. IAM Least Privilege: The Cloud Run service account must possess roles/datastore.user to write to the Firestore news_registry collection.

​

🗺 Sprint 14 Roadmap

​

[x] Phase 1: CI/CD Pipeline Construction (Cloud Build)

• Objective: Automate the delivery of the Python FastAPI microservice.
• Tasks:
  • Verify and execute the existing cloudbuild.yaml pipeline.
  • Ensure the pipeline builds the OCI-compliant image, stages it in Google Cloud Artifact Registry (gcr.io), and executes a zero-downtime deployment to Cloud Run (pcmtg-content-factory).

​

[x] Phase 2: The Metronome (Cloud Scheduler)

• Objective: Provision the heartbeat of the Content Factory.
• Tasks:
  • Provision a Google Cloud Scheduler job named pcmtg-news-metronome.
  • Configure the cron schedule to 0 * * * * (hourly).
  • Target the live Cloud Run URL with a POST payload to /tasks/ingest-news.
  • Inject the SCHEDULER_SECRET into the Authorization: Bearer header.

​

[x] Phase 3: IAM & Secret Binding Validation

• Objective: Ensure the deployed container has database clearance and API keys.
• Tasks:
  • Bind roles/datastore.user to the Cloud Run service account.
  • Verify GEMINI_API_KEY and SCHEDULER_SECRET are securely bound from GCP Secret Manager to the Cloud Run environment.
  • Trigger a manual execution of the Metronome to verify End-to-End ingestion into Firestore.