-
Notifications
You must be signed in to change notification settings - Fork 1
151 lines (125 loc) · 5.6 KB
/
cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: cd
on:
push:
branches:
- main
workflow_dispatch:
inputs:
debug_enabled:
description: "Enable tmate debug"
type: boolean
default: "false"
jobs:
info:
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
contents: read
# TODO: Update spelling of "artefact" to "artifact" when GitHub actions manages to run the version of the `octue/get-deployment-info` action we're asking it to.
outputs:
branch_tag_kebab: ${{ steps.get-deployment-info.outputs.branch_tag_kebab }}
branch_tag_screaming: ${{ steps.get-deployment-info.outputs.branch_tag_screaming}}
image_latest_artifact: ${{ steps.get-deployment-info.outputs.image_latest_artefact}}
image_latest_tag: ${{ steps.get-deployment-info.outputs.image_latest_tag }}
image_version_artifact: ${{ steps.get-deployment-info.outputs.image_version_artefact}}
image_version_tag: ${{ steps.get-deployment-info.outputs.image_version_tag }}
short_sha: ${{ steps.get-deployment-info.outputs.short_sha }}
gcp_project_name: ${{ steps.get-deployment-info.outputs.gcp_project_name}}
gcp_project_number: ${{ steps.get-deployment-info.outputs.gcp_project_number}}
gcp_region: ${{ steps.get-deployment-info.outputs.gcp_region}}
gcp_resource_affix: ${{ steps.get-deployment-info.outputs.gcp_resource_affix}}
gcp_service_name: ${{ steps.get-deployment-info.outputs.gcp_service_name}}
gcp_environment: ${{ steps.get-deployment-info.outputs.gcp_environment}}
version: ${{ steps.get-deployment-info.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install poetry
uses: snok/install-poetry@v1
- name: Get deployment info
id: get-deployment-info
uses: octue/[email protected]
with:
gcp_project_name: aerosense-twined
gcp_project_number: 885434704038
gcp_region: europe-west6
gcp_resource_affix: aerosense
gcp_service_name: dashboard
gcp_environment: main
build:
runs-on: ubuntu-latest
timeout-minutes: 60
needs: info
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Authenticate with GCP Workload Identity
id: auth
uses: google-github-actions/auth@v0
with:
# NOTE: If setting create_credentials_file=true, .dockerignore file must include `gha-creds-*.json` to avoid baking these credentials into build
create_credentials_file: true
workload_identity_provider: "projects/${{ needs.info.outputs.gcp_project_number }}/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider"
service_account: "dashboard-github-actions@${{ needs.info.outputs.gcp_project_name }}.iam.gserviceaccount.com"
- name: Setup gcloud
uses: "google-github-actions/setup-gcloud@v0"
- name: Configure Docker for GCP
run: gcloud auth configure-docker ${{ needs.info.outputs.gcp_region }}-docker.pkg.dev
- name: Build and push artifact with latest and version tags
uses: docker/build-push-action@v3
with:
context: .
platforms: linux/amd64
file: Dockerfile
load: false
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
tags: |
${{ needs.info.outputs.image_version_artifact }}
${{ needs.info.outputs.image_latest_artifact }}
deploy:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
timeout-minutes: 60
needs:
- info
- build
permissions:
id-token: write
contents: read
steps:
- name: Checkout
# Shouldn't be necessary since we pull code in an image, but it's required by google-github-actions/auth
uses: actions/checkout@v3
- name: Authenticate with GCP Workload Identity
id: auth
uses: google-github-actions/auth@v0
with:
# NOTE: If setting create_credentials_file=true, .dockerignore file must include `gha-creds-*.json` to avoid baking these credentials into build
create_credentials_file: true
workload_identity_provider: "projects/${{ needs.info.outputs.gcp_project_number }}/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider"
service_account: "dashboard-github-actions@${{ needs.info.outputs.gcp_project_name }}.iam.gserviceaccount.com"
- name: Setup gcloud
uses: "google-github-actions/setup-gcloud@v0"
- name: Setup tmate session [DEBUG]
if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled == 'true'}}
uses: mxschmitt/action-tmate@v3
- name: Deploy to Cloud Run Server
id: deploy_dashboard
uses: google-github-actions/deploy-cloudrun@v0
with:
image: ${{ needs.info.outputs.image_version_artifact }}
region: ${{ needs.info.outputs.gcp_region }}
service: ${{ needs.info.outputs.gcp_resource_affix }}-${{ needs.info.outputs.gcp_service_name }}-${{ needs.info.outputs.branch_tag_kebab }}
tag: sha${{ needs.info.outputs.short_sha }}
flags: --service-account=dashboard@${{ needs.info.outputs.gcp_project_name }}.iam.gserviceaccount.com
- name: Show Cloud Run Deployment URL
run: echo "${{ steps.deploy_dashboard.outputs.url }}"