diff --git a/servers/gcp/cloud-run-stage.tf b/servers/gcp/cloud-run-stage.tf index e4acaab..671d077 100644 --- a/servers/gcp/cloud-run-stage.tf +++ b/servers/gcp/cloud-run-stage.tf @@ -81,7 +81,7 @@ resource "google_cloud_run_v2_service" "stage_us" { } env { name = "NEURON_LLM_0_MODEL" - value = "claude-haiku-4-5" + value = "claude-sonnet-4-5" } env { name = "NEURON_LLM_0_URL" diff --git a/servers/gcp/cloud-run.tf b/servers/gcp/cloud-run.tf index 950486b..93141b6 100644 --- a/servers/gcp/cloud-run.tf +++ b/servers/gcp/cloud-run.tf @@ -69,7 +69,7 @@ resource "google_cloud_run_v2_service" "prod_us" { } env { name = "NEURON_LLM_0_MODEL" - value = "claude-haiku-4-5" + value = "claude-sonnet-4-5" } env { name = "NEURON_LLM_0_URL" @@ -253,7 +253,7 @@ resource "google_cloud_run_v2_service" "prod_eu" { } env { name = "NEURON_LLM_0_MODEL" - value = "claude-haiku-4-5" + value = "claude-sonnet-4-5" } env { name = "NEURON_LLM_0_URL" @@ -436,7 +436,7 @@ resource "google_cloud_run_v2_service" "prod_apac" { } env { name = "NEURON_LLM_0_MODEL" - value = "claude-haiku-4-5" + value = "claude-sonnet-4-5" } env { name = "NEURON_LLM_0_URL" diff --git a/servers/gcp/runners/startup.sh b/servers/gcp/runners/startup.sh index 8a4f525..b8a2bfe 100644 --- a/servers/gcp/runners/startup.sh +++ b/servers/gcp/runners/startup.sh @@ -15,7 +15,9 @@ set -euxo pipefail exec > >(tee /var/log/runner-bootstrap.log) 2>&1 apt-get update -apt-get install -y curl ca-certificates docker.io git jq +# nodejs/npm needed for JavaScript actions like actions/checkout and +# google-github-actions/auth. python3 is for our inline label-rewrite below. +apt-get install -y curl ca-certificates docker.io git jq nodejs npm python3 # Make docker usable by the unprivileged runner user systemctl enable --now docker @@ -81,6 +83,13 @@ Requires=docker.service Type=simple User=runner WorkingDirectory=/opt/runner +# Wipe the act cache on each daemon start. Without this, host-mode +# execution leaves stale action source trees with .git/objects/pack/*.idx +# files whose permissions trip the next run's `cp -a` step +# ("open ...idx: permission denied"). The cache is not load-bearing +# (act re-downloads actions on demand), so a clean start each restart +# is the simplest fix. +ExecStartPre=/bin/sh -c "rm -rf /home/runner/.cache/act/* /home/runner/.cache/act/.* 2>/dev/null || true" ExecStart=/usr/local/bin/act_runner daemon --config /opt/runner/config.yaml Restart=always RestartSec=5 diff --git a/servers/gcp/stripe-billing.tf b/servers/gcp/stripe-billing.tf index 80e010a..afb2263 100644 --- a/servers/gcp/stripe-billing.tf +++ b/servers/gcp/stripe-billing.tf @@ -14,7 +14,9 @@ resource "google_secret_manager_secret" "stripe_secret_key" { secret_id = "stripe-secret-key" project = var.project_id - replication { auto {} } + replication { + auto {} + } lifecycle { ignore_changes = [replication] @@ -24,7 +26,9 @@ resource "google_secret_manager_secret" "stripe_secret_key" { resource "google_secret_manager_secret" "stripe_webhook_secret" { secret_id = "stripe-webhook-secret" project = var.project_id - replication { auto {} } + replication { + auto {} + } lifecycle { ignore_changes = [replication] @@ -36,19 +40,25 @@ resource "google_secret_manager_secret" "stripe_webhook_secret" { resource "google_secret_manager_secret" "stripe_price_free_plan" { secret_id = "stripe-price-free-plan" project = var.project_id - replication { auto {} } + replication { + auto {} + } } resource "google_secret_manager_secret" "stripe_price_professional_plan" { secret_id = "stripe-price-professional-plan" project = var.project_id - replication { auto {} } + replication { + auto {} + } } resource "google_secret_manager_secret" "stripe_price_founding_plan" { secret_id = "stripe-price-founding-plan" project = var.project_id - replication { auto {} } + replication { + auto {} + } } # ── Billing Meter IDs ───────────────────────────────────────────────────────── @@ -56,13 +66,17 @@ resource "google_secret_manager_secret" "stripe_price_founding_plan" { resource "google_secret_manager_secret" "stripe_meter_id_input_tokens" { secret_id = "stripe-meter-id-input-tokens" project = var.project_id - replication { auto {} } + replication { + auto {} + } } resource "google_secret_manager_secret" "stripe_meter_id_output_tokens" { secret_id = "stripe-meter-id-output-tokens" project = var.project_id - replication { auto {} } + replication { + auto {} + } } # ── Overage price IDs — Free plan ───────────────────────────────────────────── @@ -70,13 +84,17 @@ resource "google_secret_manager_secret" "stripe_meter_id_output_tokens" { resource "google_secret_manager_secret" "stripe_price_free_input_overage" { secret_id = "stripe-price-free-input-overage" project = var.project_id - replication { auto {} } + replication { + auto {} + } } resource "google_secret_manager_secret" "stripe_price_free_output_overage" { secret_id = "stripe-price-free-output-overage" project = var.project_id - replication { auto {} } + replication { + auto {} + } } # ── Overage price IDs — Professional plan ───────────────────────────────────── @@ -84,13 +102,17 @@ resource "google_secret_manager_secret" "stripe_price_free_output_overage" { resource "google_secret_manager_secret" "stripe_price_professional_input_overage" { secret_id = "stripe-price-professional-input-overage" project = var.project_id - replication { auto {} } + replication { + auto {} + } } resource "google_secret_manager_secret" "stripe_price_professional_output_overage" { secret_id = "stripe-price-professional-output-overage" project = var.project_id - replication { auto {} } + replication { + auto {} + } } # ── Overage price IDs — Founding Member plan ────────────────────────────────── @@ -98,13 +120,17 @@ resource "google_secret_manager_secret" "stripe_price_professional_output_overag resource "google_secret_manager_secret" "stripe_price_founding_input_overage" { secret_id = "stripe-price-founding-input-overage" project = var.project_id - replication { auto {} } + replication { + auto {} + } } resource "google_secret_manager_secret" "stripe_price_founding_output_overage" { secret_id = "stripe-price-founding-output-overage" project = var.project_id - replication { auto {} } + replication { + auto {} + } } # ── Secret accessor grants for Soma SA ────────────────────────────────────────