| # Copyright 2024 The LUCI Authors. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| service: default |
| runtime: go122 |
| |
| instance_class: F4_1G |
| |
| automatic_scaling: |
| min_idle_instances: 10 |
| max_idle_instances: automatic # default value |
| min_pending_latency: 10ms |
| max_pending_latency: 30ms # default value |
| max_concurrent_requests: 8 # note: the default value is 10 |
| |
| # Keep app.yaml and service-api/service-api.yaml in sync. |
| |
| # luci_gae_vars is interpreted by gae.py, for apps deployed manually. |
| # It maps the app ID being deployed to values of vars used below. |
| luci_gae_vars: |
| luci-milo-dev: |
| AUTH_SERVICE_HOST: chrome-infra-auth-dev.appspot.com |
| CONFIG_SERVICE_HOST: config.luci.app |
| CRON_AUTHORIZED_CALLER: cloud-scheduler-jobs@luci-milo-dev.iam.gserviceaccount.com |
| MILO_HOST: VERSION.staging.milo.api.luci.app |
| TS_MON_ACCOUNT: app-engine-metric-publishers@prodx-mon-chrome-infra.google.com.iam.gserviceaccount.com |
| OAUTH_CLIENT_ID: 897369734084-d3t2c39aht2aqeop0f42pp48ejpr54up.apps.googleusercontent.com |
| OAUTH_CLIENT_SECRET: sm://oauth-client-secret |
| OAUTH_REDIRECT_URL: https://luci-milo-dev.appspot.com/auth/openid/callback |
| PUBSUB_AUTHORIZED_CALLER: cloud-pubsub-pusher@luci-milo-dev.iam.gserviceaccount.com |
| ROOT_SECRET: sm://root-secret |
| TINK_AEAD_KEY: sm://tink-aead-primary |
| REDIS_ADDR: 10.82.28.60:6379 |
| DS_CACHE: redis |
| VPC_CONNECTOR: projects/luci-milo-dev/locations/us-central1/connectors/connector |
| LOGIN_SESSIONS_ROOT_URL: https://luci-milo-dev.appspot.com |
| |
| vpc_access_connector: |
| name: ${VPC_CONNECTOR} |
| |
| handlers: |
| # Single robots.txt file, must be served under root. |
| - url: /robots.txt |
| static_files: static/robots.txt |
| upload: static/robots.txt |
| |
| # Static resources such as css and js files. |
| - url: /static |
| secure: always |
| static_dir: static |
| |
| # The rest is handled by Go code. |
| - url: /.* |
| script: auto |
| secure: always |
| |
| inbound_services: |
| - warmup |
| |
| entrypoint: > |
| main |
| -auth-service-host ${AUTH_SERVICE_HOST} |
| -config-service-host ${CONFIG_SERVICE_HOST} |
| -cron-authorized-caller ${CRON_AUTHORIZED_CALLER} |
| -milo-host ${MILO_HOST} |
| -ts-mon-account ${TS_MON_ACCOUNT} |
| -cloud-error-reporting |
| -root-secret ${ROOT_SECRET} |
| -primary-tink-aead-key ${TINK_AEAD_KEY} |
| -pubsub-authorized-caller ${PUBSUB_AUTHORIZED_CALLER} |
| -encrypted-cookies-client-id ${OAUTH_CLIENT_ID} |
| -encrypted-cookies-client-secret ${OAUTH_CLIENT_SECRET} |
| -encrypted-cookies-redirect-url ${OAUTH_REDIRECT_URL} |
| -encrypted-cookies-required-scopes https://www.googleapis.com/auth/gerritcodereview |
| -encrypted-cookies-optional-scopes https://www.googleapis.com/auth/buganizer |
| -encrypted-cookies-expose-state-endpoint |
| -redis-addr ${REDIS_ADDR} |
| -ds-cache ${DS_CACHE} |
| -login-sessions-root-url ${LOGIN_SESSIONS_ROOT_URL} |
