Environment Initialization

Purpose

The Environment Initialization subtopic addresses the foundational setup required to deploy and manage the MCP server on Google Cloud Run. This setup ensures that the Google Cloud project is properly configured, necessary APIs are enabled, correct IAM roles are assigned, and critical environment variables are exported for deployment scripts and runtime usage.

Within the broader context of Cloud Run Deployment Automation (the parent topic), this subtopic solves the problem of establishing a reproducible and authenticated environment that supports both public and secure deployment modes. Without this initialization, deployment scripts like cloudrun.sh or cloudrun-secure.sh cannot reliably execute, nor can the MCP server function with the correct permissions and settings.

Functionality

The environment initialization process is primarily implemented through two shell scripts: init.sh and set_env.sh. Together, they automate and standardize the following key workflows:

1. Google Cloud Project Configuration

   • Prompt the user to input their Google Cloud project ID.

   • Save the project ID to a file (project_id.txt) for consistent reference.

   • Configure the gcloud CLI to use the specified project by default.

2. Enable Required Google Cloud APIs

   • Enable essential services such as:

     • Cloud Run API (run.googleapis.com)

     • Artifact Registry API (artifactregistry.googleapis.com)

     • Cloud Build API (cloudbuild.googleapis.com)

   This ensures that the deployment environment supports container deployment, artifact management, and build automation.

3. Assign IAM Roles

   • Bind the current user account to the roles/run.invoker IAM role on the project, granting permission to invoke Cloud Run services.

   • Detect the environment (Google Cloud Shell, GCP VM, or local machine) to adjust authentication flows accordingly.

   • Provide Application Default Credentials (ADC) if running outside Google Cloud environments by triggering gcloud auth application-default login.

4. Export Environment Variables

   • Export critical variables such as:

     • PROJECT_ID, GOOGLE_CLOUD_PROJECT, PROJECT_NUMBER

     • Cloud region variables like GOOGLE_CLOUD_LOCATION and REGION

     • Identity token used for authenticated requests (ID_TOKEN)

     • Additional flags, e.g., GOOGLE_GENAI_USE_VERTEXAI for feature toggles.

   These environment variables are needed both by deployment scripts and potentially by the MCP server during runtime to identify project context and authentication.

5. Authentication Verification

   • Verify that the gcloud CLI is authenticated and has valid access tokens before proceeding.

   • Provide clear error messages and instructions for login if authentication is missing.

Example Snippets

From init.sh, setting and saving the project ID:

read -p "Please enter your Google Cloud project ID: " user_project_id
echo "$user_project_id" > "$PROJECT_FILE"
gcloud config set project $(cat ~/project_id.txt)

From set_env.sh, exporting key environment variables:

export PROJECT_ID=$(gcloud config get project)
export GOOGLE_CLOUD_PROJECT=$(gcloud config get project)
export PROJECT_NUMBER=$(gcloud projects describe ${PROJECT_ID} --format="value(projectNumber)")
export REGION="$GOOGLE_CLOUD_LOCATION"
export ID_TOKEN=$(gcloud auth print-identity-token)

Integration

The Environment Initialization subtopic operates as the prerequisite stage within the Cloud Run Deployment Automation topic. By preparing the project environment and authentication context, it enables the subsequent deployment subtopics—namely:

• Unauthenticated Deployment – which leverages the environment variables and enabled services to deploy the MCP server publicly.

• Secure Deployment – which relies on the identity tokens and IAM roles set during initialization to enforce authentication.

Moreover, environment variables exported here are consumed by deployment scripts (cloudrun.sh, cloudrun-secure.sh) to parameterize deployment commands, ensuring consistent usage of project, region, and authentication details.

This subtopic complements operational tooling by establishing a repeatable and scriptable initialization process, reducing manual errors, and standardizing cloud environment setup for the MCP server lifecycle.

flowchart TD
A[Start: User runs init.sh] --> B[Prompt for Project ID]
B --> C[Save Project ID to file]
C --> D[Set gcloud config project]
D --> E[Enable required Cloud APIs]
E --> F["Assign IAM roles (run.invoker)"]
F --> G{Environment Check}
G -->|Cloud Shell / GCP VM| H[Use default service account]
G -->|Local or Other| I[Run ADC login]
H --> J[Export environment variables]
I --> J
J --> K[Set ID_TOKEN and flags]
K --> L[Initialization Complete]