bnc-cpt-* repositoriesmkdir -p /opt/bnc/bnc-cpt && cd /opt/bnc/bnc-cpt
for repo in bnc-cpt-api bnc-cpt-wui bnc-cpt-utl bnc-cpt-inf bnc-cpt-cnf tpl-gen; do
git clone git@github.com:csitea/$repo.git
done
cd /opt/bnc/bnc-cpt/bnc-cpt-api/src/python/cpt-api
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
Copy the example environment file and configure:
cp .env.example .env
Required variables:
| Variable | Description | Example |
|---|---|---|
| STRIPE_SECRET_KEY | Stripe API key | sk_test_... |
| STRIPE_WEBHOOK_SECRET | Stripe webhook signing secret | whsec_... |
| PAYPAL_CLIENT_ID | PayPal client ID | AW... |
| PAYPAL_CLIENT_SECRET | PayPal client secret | EK... |
| JWT_SECRET_KEY | JWT signing key (min 32 chars) | your-secret-key-min-32-characters |
| ADMIN_USERNAME | Admin login username | admin |
| ADMIN_PASSWORD | Admin login password (plaintext for local) | your-password |
python run.py
# API runs on http://localhost:8100
# Swagger UI: http://localhost:8100/docs
From the UTL module:
cd /opt/bnc/bnc-cpt/bnc-cpt-utl
export UID=$(id -u) GID=$(id -g)
make do-setup-api
This builds the API Docker container and starts it on port 8100.
For deployment and GCP operations, place service account keys at:
~/.gcp/.bnc/
├── key-bnc-cpt-inf.json
├── key-bnc-cpt-dev.json
├── key-bnc-cpt-tst.json
├── key-bnc-cpt-prd.json
└── key-bnc-cpt-all.json
Keys are created during GCP project setup (see bnc-cpt-inf/doc/bnc-cpt.ISG.md).
Set these in the GitHub repository settings (Settings > Secrets and variables > Actions > Variables):
| Variable | Value |
|---|---|
| ORG | bnc |
| APP | cpt |
| PROJ | bnc-cpt-api |
| GH_ORG | csitea |
Set these in Settings > Secrets and variables > Actions > Secrets:
| Secret | Description |
|---|---|
| ALL_CSI_GITHUB_TOKEN | Personal access token for cloning team repos |
| GCP_SA_KEY_INF | Content of key-bnc-cpt-inf.json |
| GCP_SA_KEY_DEV | Content of key-bnc-cpt-dev.json |
| GCP_SA_KEY_TST | Content of key-bnc-cpt-tst.json |
| GCP_SA_KEY_PRD | Content of key-bnc-cpt-prd.json |
These secrets are provisioned automatically via Terraform step 120-github-general-secrets.
ci.yaml)workflow_dispatchci.yaml)src/python/cpt-api/**), or manual workflow_dispatchworkflow_dispatch onlyprd environment.The CI/CD cloning step uses gh api orgs/{GH_ORG}/teams/team-{ORG}-{APP}-int/repos to discover all repos. Ensure:
team-bnc-cpt-int exists in the GitHub orgbnc-cpt-* repos are added to this teamALL_CSI_GITHUB_TOKEN has read:org and repo scopesBefore the API can be deployed, these Terraform steps must be provisioned (from bnc-cpt-utl/):
cd /opt/bnc/bnc-cpt/bnc-cpt-utl
# 1. Enable GCP APIs
make do-generate-config-for-step ENV=dev STEP=001-enable-gcp-services
make do-provision ENV=dev STEP=001-enable-gcp-services
# 2. Create Artifact Registry (Docker image repository)
make do-generate-config-for-step ENV=dev STEP=025-gcp-artifact-registry
make do-provision ENV=dev STEP=025-gcp-artifact-registry
# 3. Create GCP Secret containers
make do-generate-config-for-step ENV=dev STEP=029-create-gcp-secrets
make do-provision ENV=dev STEP=029-create-gcp-secrets
# 4. Populate secret values
make do-gcp-sync-secrets ENV=dev
# 5. Deploy Cloud Run (optional - CD workflow handles this)
make do-generate-config-for-step ENV=dev STEP=030-gcp-cloud-run
make do-provision ENV=dev STEP=030-gcp-cloud-run
Custom domains ({env}.api.carpulsetracker.com) require one-time verification:
carpulsetracker.com in Google Search ConsoleSee bnc-cpt-inf/doc/bnc-cpt.ISG.md for detailed domain verification steps.
After setup, verify the API is running:
# Local
curl http://localhost:8100/health | jq '.'
# Deployed
curl https://dev.api.carpulsetracker.com/health | jq '.'
curl https://dev.api.carpulsetracker.com/docs # Swagger UI in browser