From a42670784e857c08d5bd917ce3a85d286c761c85 Mon Sep 17 00:00:00 2001
From: Sigurd Meldgaard <sigurdm@google.com>
Date: Tue, 9 Dec 2025 11:15:02 +0000
Subject: [PATCH 1/2] Image proxy inherit configuration from existing
 deployment

---
 tool/build_image_proxy.yaml | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/tool/build_image_proxy.yaml b/tool/build_image_proxy.yaml
index 8ac2c5892..4ce053ed6 100644
--- a/tool/build_image_proxy.yaml
+++ b/tool/build_image_proxy.yaml
@@ -28,16 +28,24 @@ steps:
       - 'BRANCH_NAME=$BRANCH_NAME'
       - 'TAG_NAME=$TAG_NAME'
   - name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
+    # Deploy latest version to Cloud Run. Depends on an existing version having
+    # been configured in terraform. The terraform configuration should ignore
+    # changes to:
+    # - image URL
+    #
+    # It should set up and manage:
+    # - HMAC_KEY_ID environment variable
+    # - service account with permissions to access the secret manager.
+    # - appropriate CPU/Memory settings. And this new deployment will inherit
+    #   those settings.
+    #
+    # Be careful when changing this script, as modifying non-ignored settings
+    # will cause inconsistency in the terraform state.
     script: |
       #!/usr/bin/env bash
       set -x
       gcloud run deploy image-proxy-server \
         --image="us-central1-docker.pkg.dev/$PROJECT_ID/image-proxy/image-proxy:$TAG_NAME" \
-        --region="us-central1" \
-        --platform="managed" \
-        --quiet \
-        --set-env-vars HMAC_KEY_ID="projects/$PROJECT_ID/locations/us-central1/keyRings/image-proxy-key-ring/cryptoKeys/image-proxy-mac-key/cryptoKeyVersions/1" \
-        --service-account="image-proxy@$PROJECT_ID.iam.gserviceaccount.com"
     env:
       - 'PROJECT_ID=$PROJECT_ID'
       - 'TAG_NAME=$TAG_NAME'

From 1b538b3e611982e8baf11c9c30c5a917608eb8c7 Mon Sep 17 00:00:00 2001
From: Sigurd Meldgaard <sigurdm@google.com>
Date: Tue, 9 Dec 2025 11:26:39 +0000
Subject: [PATCH 2/2] Rename deployment

---
 tool/build_image_proxy.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tool/build_image_proxy.yaml b/tool/build_image_proxy.yaml
index 4ce053ed6..eb7032061 100644
--- a/tool/build_image_proxy.yaml
+++ b/tool/build_image_proxy.yaml
@@ -44,7 +44,7 @@ steps:
     script: |
       #!/usr/bin/env bash
       set -x
-      gcloud run deploy image-proxy-server \
+      gcloud run deploy image_proxy_server \
         --image="us-central1-docker.pkg.dev/$PROJECT_ID/image-proxy/image-proxy:$TAG_NAME" \
     env:
       - 'PROJECT_ID=$PROJECT_ID'