Skip to main content

Bilko Stage Environment — Cloud SQL & IAM (Phase 1)

Summary

MC #10177 Phase 1 (FlowForge, 2026-04-29): bilko-staging-db Cloud SQL instance brought under Flyway management. Pre-existing instance (2026-04-15, Prisma-managed). V1+V2+V4+V5 baselined, V3 actually executed. IAM SA created. Phase 2 (Cloud Run) pending.

Instance Details

FieldValue
Instance namebilko-staging-db
Connection nametribal-sign-487920-k0:europe-north1:bilko-staging-db
IP35.228.33.112
Tierdb-g1-small
VersionPOSTGRES_16
StateRUNNABLE (pre-existing since 2026-04-15; reused)
Databasebilko
App userbilko
Migration adminmigration_admin
Secretbilko-staging-db-password (Secret Manager, 2026-04-15)
IAM SA[email protected]
IAM SA rolesroles/cloudsql.client + roles/secretmanager.secretAccessor
Total tables24 (public schema)

Flyway State (2026-04-29)

VersionScriptStatus
V1V1__initial_schema.sqlBaselined (DDL existed via Prisma)
V2V2__add_missing_prisma_columns.sqlBaselined (DDL existed via Prisma)
V3V3__add_jmbg_oib_encryption.sqlEXECUTED LIVE — jmbg/jmbg_hash/oib/oib_hash + 2 indexes added to contacts (ADR-014)
V4V4__add_supplementary_tables.sqlBaselined (DDL existed via Prisma)
V5V5__add_logo_url_to_organizations.sqlBaselined (DDL existed via Prisma)

Open Risks

  • V3 prod gap: Prisma migrations never included V3. Production DB may be missing jmbg/oib columns on contacts. Audit required before Kotlin cutover (separate MC pending).
  • Prod topology unknown: bilko-staging-db is the only documented Cloud SQL instance. Whether a separate prod instance exists is unconfirmed. Audit required before Phase 2 prod deploy.
  • MC #10187: gradle flywayMigrate broken (Flyway plugin 10.22.0 + Gradle 9.3.1 incompatibility). Workaround: psql sequential apply.

Phase Status

  • Phase 1 (Cloud SQL + IAM + Flyway baseline): COMPLETE
  • Phase 1.5 (Proveo validation): pending
  • Phase 2 (Cloud Run bilko-api-stage + bilko-web-stage): Mehanik gate next

References

  • MC #10177 (parent), MC #10183 (Flyway verify), MC #10187 (gradle fix)
  • ADR-014 (field encryption), ADR-021 (blueprint reorg)
  • DEPLOY-MAP.md — Cloud SQL Instances section
  • RUNBOOK.md — Section 7g
  • Evidence: /tmp/bilko-stage-phase1-evidence.json (FlowForge)

No comments to display

Back to top