Environments & Infrastructure

Reference for all GCP infrastructure, environment configuration, and service details used across staging and production deployments.

GCP Projects

Setting	Staging	Production
GCP Project ID	`barto-dev`	`barto-prod`
Region	`us-central1`	`us-central1`
GitHub Environment	`staging`	`production`
NODE_ENV	`staging`	`production`

Artifact Registry Repositories

All Docker images are stored in GCP Artifact Registry under us-central1-docker.pkg.dev.

Repository	Image	Dockerfile
`flowpos-backend`	`backend:<commit-sha>`	`deploy/gcp/backend.Dockerfile`
`flowpos-web-app`	`web-app:<commit-sha>`	`deploy/gcp/web-app.Dockerfile`
`flowpos-landing`	`landing-page:<commit-sha>`	`deploy/gcp/landing-page.Dockerfile`
`flowpos-frontend-pwa`	`frontend-pwa:<commit-sha>`	`deploy/gcp/frontend-pwa.Dockerfile`
`flowpos-docs`	`docs:<commit-sha>`	`deploy/gcp/docs.Dockerfile`

Full image URL pattern:

us-central1-docker.pkg.dev/<PROJECT_ID>/<REPOSITORY>/<IMAGE>:<COMMIT_SHA>

Example:

us-central1-docker.pkg.dev/barto-prod/flowpos-backend/backend:9f2fb9b95e1c

Creating a New Artifact Registry Repository

If a repository doesn't exist yet (e.g., for a new service), create it in both projects:

# Staging
gcloud artifacts repositories create <REPO_NAME> \
  --repository-format=docker \
  --location=us-central1 \
  --project=barto-dev \
  --description="<description>"

# Production
gcloud artifacts repositories create <REPO_NAME> \
  --repository-format=docker \
  --location=us-central1 \
  --project=barto-prod \
  --description="<description>"

Cloud Run Services

Service Name	Source App	Port
`flowpos-backend`	`apps/backend/`	4000
`flowpos-web-app`	`apps/web-app/`	3000
`flowpos-landing-page`	`apps/landing-page/`	3001
`flowpos-frontend-pwa`	`apps/frontend-pwa/`	5173
`flowpos-docs`	`apps/docs/`	3003
`flowpos-metabase-<env>`	Metabase	3002

Database (Cloud SQL)

Setting	Local	Staging	Production
PostgreSQL version	17	17	17
Port	5435	5433	5434
Cloud SQL Instance	—	`metabase-db-staging`	`metabase-db-production`

Supporting Services

Service	Local Port	Description
Redis	6379	BullMQ queues + caching
pgAdmin	8080	Database admin UI
Metabase	3002	Analytics dashboards

Change Detection

The CI/CD pipeline uses dorny/paths-filter to detect which services changed and only deploy those:

Filter	Paths
`backend_changed`	`apps/backend/`, `packages/backend/database/`, `packages/global/**`, `deploy/gcp/backend.Dockerfile`
`web_app_changed`	`apps/web-app/`, `packages/global/`, `deploy/gcp/web-app.Dockerfile`
`landing_page_changed`	`apps/landing-page/**`, `deploy/gcp/landing-page.Dockerfile`
`frontend_pwa_changed`	`apps/frontend-pwa/`, `packages/global/`, `deploy/gcp/frontend-pwa.Dockerfile`
`docs_changed`	`apps/docs/**`, `deploy/gcp/docs.Dockerfile`

tip

Use the deploy_all option in the production workflow to force-deploy all services regardless of changes.

GitHub Secrets

Secrets are configured per GitHub Environment (staging / production).

GCP & Infrastructure

Secret	Description
`GCP_PROJECT_ID`	GCP project ID (`barto-dev` or `barto-prod`)
`GCP_REGION`	GCP region (`us-central1`)
`GCP_WORKLOAD_IDENTITY_PROVIDER`	WIF provider for authentication
`GCP_SERVICE_ACCOUNT_EMAIL`	Service account for deployments
`DATABASE_URL`	PostgreSQL connection string
`ENCRYPTION_KEY`	32-byte hex encryption key
`PNPM_VERSION`	pnpm version (defaults to `10.30.0`)

Firebase

Secret	Description
`FIREBASE_PROJECT_ID`	Firebase project identifier
`FIREBASE_CLIENT_EMAIL`	Firebase service account email
`FIREBASE_PRIVATE_KEY`	Firebase private key (or `FIREBASE_PRIVATE_KEY_B64` for base64)

External Services

Secret	Description
`SENDGRID_API_KEY`	SendGrid email API key
`SENDGRID_FROM_EMAIL`	Sender email address
`SENDGRID_FROM_NAME`	Sender display name
`TWILIO_ACCOUNT_SID`	Twilio account SID
`TWILIO_AUTH_TOKEN`	Twilio auth token
`TWILIO_PHONE_NUMBER`	Twilio SMS number
`TWILIO_WHATSAPP_NUMBER`	Twilio WhatsApp number
`SENTRY_DSN`	Sentry DSN (backend)
`SENTRY_AUTH_TOKEN`	Sentry auth token
`SENTRY_ORG`	Sentry organization
`SENTRY_PROJECT`	Sentry project

Application URLs

Secret	Description
`API_URL`	Backend API URL
`FRONTEND_URL`	Frontend application URL

Redis

Secret	Description
`REDIS_HOST`	Redis host
`REDIS_PORT`	Redis port
`REDIS_PASSWORD`	Redis password

Workflow Files

Workflow	File	Trigger
Pre-merge Validation	`.github/workflows/premerge-validate.yml`	PR opened/updated
Deploy to Staging	`.github/workflows/deploy-staging-from-main.yml`	PR merged to `main`
Deploy to Production	`.github/workflows/deploy-production.yml`	Manual (`workflow_dispatch`)
Deploy Metabase	`.github/workflows/deploy-metabase.yml`	Manual

Local Cloud Deploy

Deploy from your local machine without GitHub Actions:

export GCP_PROJECT_ID=barto-dev
DB_POOL_MAX=6 ./scripts/deploy-backend-local.sh staging

Last updated: 2026-03-26

GCP Projects​

Artifact Registry Repositories​

Creating a New Artifact Registry Repository​

Cloud Run Services​

Database (Cloud SQL)​

Supporting Services​

Change Detection​

GitHub Secrets​

GCP & Infrastructure​

Firebase​

External Services​

Application URLs​

Redis​

Workflow Files​

Local Cloud Deploy​