Merge branch 'release' into dev #83
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy to Cloud Run | |
| on: | |
| push: | |
| branches: | |
| - 'dev' | |
| # paths: | |
| # - 'Chart.yaml' | |
| env: | |
| PROJECT_ID: '${{ secrets.PROJECT_ID }}' # TODO: update Google Cloud project id. | |
| GAR_LOCATION: '${{ secrets.GAR_LOCATION }}' # TODO: update Artifact Registry location | |
| SLACK_WEBHOOK_URL: '${{ secrets.SLACK_WEBHOOK_URL}}' | |
| SLACK_CHANNEL: '${{ secrets.GITHUBACTIONS_SLACK_CHANNEL }}' | |
| jobs: | |
| build: | |
| # needs: analyze | |
| # Add 'id-token' with the intended permissions for workload identity federation | |
| permissions: | |
| contents: write | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| environment: legacy-dev | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: dev | |
| - name: Read VERSION file | |
| id: getversion | |
| run: echo "version=$(cat Chart.yaml)" >> $GITHUB_OUTPUT | |
| - name: Google Auth | |
| id: auth | |
| uses: 'google-github-actions/auth@v0' | |
| with: | |
| token_format: 'access_token' | |
| workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' | |
| service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' | |
| - name: Login to GAR | |
| id: garlogin | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.PROJECT_ID }} | |
| username: oauth2accesstoken | |
| password: ${{ steps.auth.outputs.access_token }} | |
| - name: Build and Push Container | |
| id: build | |
| shell: bash | |
| env: | |
| GAR_LOCATION: ${{ secrets.GAR_LOCATION }} | |
| PROJECT_ID: ${{ secrets.PROJECT_ID }} | |
| GAR_NAME: ${{ secrets.GAR_NAME_API }} | |
| run: |- | |
| docker build -t '${{ env.GAR_LOCATION }}'-docker.pkg.dev/'${{ env.PROJECT_ID }}'/'${{ env.GAR_NAME }}'/${{ steps.getversion.outputs.version }}:${{ github.sha }} -t '${{ env.GAR_LOCATION }}'-docker.pkg.dev/'${{ env.PROJECT_ID }}'/'${{ env.GAR_NAME }}'/${{ steps.getversion.outputs.version }}:latest ./ | |
| docker push --all-tags '${{ env.GAR_LOCATION }}'-docker.pkg.dev/'${{ env.PROJECT_ID }}'/'${{ env.GAR_NAME }}'/${{ steps.getversion.outputs.version }} | |
| - name: Build Notification | |
| id: buildnotificationsent | |
| uses: act10ns/slack@v1 | |
| with: | |
| status: ${{ job.status }} | |
| steps: ${{ toJson(steps) }} | |
| channel: ${{ env.SLACK_CHANNEL }} | |
| message: Building {{ env.GITHUB_REF_NAME }} branch | |
| if: always() | |
| # END - Docker auth and build | |
| # Deployment please don't modify anything here as the infrastructure is controlled by terraform any changes here please agree with chris and reuben | |
| deploy: | |
| needs: build | |
| permissions: | |
| contents: write | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| environment: legacy-dev | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: dev | |
| - name: Google Auth | |
| id: auth | |
| uses: 'google-github-actions/auth@v0' | |
| with: | |
| token_format: 'access_token' | |
| workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' | |
| service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' | |
| - name: Read VERSION file | |
| id: getversion | |
| run: echo "version=$(cat Chart.yaml)" >> $GITHUB_OUTPUT | |
| - name: Deploy to Cloud Run | |
| uses: actions-hub/gcloud@master | |
| id: deploy | |
| env: | |
| PROJECT_ID: ${{ secrets.PROJECT_ID }} | |
| GAR_LOCATION: ${{ secrets.GAR_LOCATION }} | |
| GAR_NAME: ${{ secrets.GAR_NAME_API }} | |
| SERVICE_NAME: '${{ secrets.SERVICE_NAME_API }}' | |
| SERVICE_REGION: '${{ secrets.SERVICE_REGION_API }}' | |
| with: | |
| args: run services update '${{ env.SERVICE_NAME }}' --image='${{ env.GAR_LOCATION }}'-docker.pkg.dev/'${{ env.PROJECT_ID }}'/'${{ env.GAR_NAME }}'/${{ steps.getversion.outputs.version }}:${{ github.sha }} --region='${{ env.SERVICE_REGION }}' --project='${{ env.PROJECT_ID }}' | |
| - name: Deploy Notification | |
| id: deploynotificationsent | |
| uses: act10ns/slack@v1 | |
| with: | |
| status: ${{ job.status }} | |
| steps: ${{ toJson(steps) }} | |
| channel: ${{ env.SLACK_CHANNEL }} | |
| message: Deploying {{ env.GITHUB_REF_NAME }} branch | |
| if: always() | |
| # If required, use the Cloud Run url output in later steps |