Merge pull request #11 from aerosense-ai/devops/add-gcloud-deploy

Add Cloud Run deployment

.github/workflows/cloud_run_deploy.yml

@@ -0,0 +1,154 @@
+on:
+  push:
+    branches:
+      - main
+
+  workflow_dispatch:
+    inputs:
+      debug_enabled:
+        description: "Enable tmate debug"
+        type: boolean
+        default: "false"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+
+    permissions:
+      id-token: write
+      contents: read
+
+    outputs:
+      version: ${{ steps.get_version.outputs.version }}
+      branch_tag: ${{ steps.tags.outputs.branch_tag }}
+      short_sha: ${{ steps.tags.outputs.short_sha }}
+      environment_label: ${{ steps.tags.outputs.environment_label}}
+      image_version_tag: ${{ steps.tags.outputs.image_version_tag }}
+      image_latest_tag: ${{ steps.tags.outputs.image_latest_tag }}
+      image_version_artefact: ${{ steps.artefacts.outputs.image_version_artefact}}
+      image_latest_artefact: ${{ steps.artefacts.outputs.image_latest_artefact}}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install poetry
+        uses: snok/install-poetry@v1
+
+      - name: Get version
+        id: get_version
+        run: |
+          PACKAGE_VERSION=$(poetry version -s)
+          echo "::set-output name=version::${PACKAGE_VERSION}"
+
+      - name: Get slugified branch name and docker image tags
+        id: tags
+        run: |
+          echo "::set-output name=short_sha::$(git rev-parse --short HEAD)"
+          BRANCH_TAG=$(echo ${GITHUB_REF#refs/heads/} | iconv -c -t ascii//TRANSLIT | sed -E 's/[~^]+//g' | sed -E 's/[^a-zA-Z0-9]+/-/g' | sed -E 's/^-+|-+$//g' | tr A-Z a-z)
+          if [ "$BRANCH_TAG" = "main" ]; then
+            TAG_VERSION=${{steps.get_version.outputs.version}}
+            ENVIRONMENT_LABEL=production
+          else
+            TAG_VERSION="unreleased"
+            ENVIRONMENT_LABEL=staging
+          fi
+          echo "::set-output name=branch_tag::$BRANCH_TAG"
+          echo "::set-output name=tag_version::$TAG_VERSION"
+          echo "::set-output name=environment_label::$ENVIRONMENT_LABEL"
+          echo "::set-output name=image_version_tag::$BRANCH_TAG-$TAG_VERSION"
+          echo "::set-output name=image_latest_tag::$BRANCH_TAG-latest"
+          echo "Output: branch_tag = $BRANCH_TAG"
+          echo "Output: tag_version = $TAG_VERSION"
+          echo "Output: environment_label = $ENVIRONMENT_LABEL"
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Authenticate with GCP Workload Identity
+        id: auth
+        uses: google-github-actions/auth@v0
+        with:
+          # NOTE: If setting create_credentials_file=true, .dockerignore file must include `gha-creds-*.json` to avoid baking these credentials into build
+          create_credentials_file: false
+          workload_identity_provider: "projects/885434704038/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider"
+          service_account: "dashboard-github-actions@aerosense-twined.iam.gserviceaccount.com"
+
+      - name: Setup gcloud
+        uses: "google-github-actions/setup-gcloud@v0"
+
+      - name: Configure Docker for GCP
+        run: gcloud auth configure-docker europe-west1-docker.pkg.dev
+
+      - name: Set image artefact address
+        id: artefacts
+        run: |
+          echo "::set-output name=image_version_artefact::europe-west1-docker.pkg.dev/aerosense-twined/dashboard/dashboard:${{ steps.tags.outputs.image_version_tag}}"
+          echo "::set-output name=image_latest_artefact::europe-west1-docker.pkg.dev/aerosense-twined/dashboard/dashboard:${{ steps.tags.outputs.image_latest_tag}}"
+
+      - name: Build and push container
+        # Note: We don't push containers with shas because we'd end up with terabytes in storage (an image for every commit)
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          platforms: linux/amd64
+          file: Dockerfile
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: |
+            ${{ steps.artefacts.outputs.image_version_artefact}}
+            ${{ steps.artefacts.outputs.image_latest_artefact}}
+
+  deploy:
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    needs: build
+
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Checkout
+        # Shouldn't be necessary since we pull code in an image, but it's required by google-github-actions/auth
+        uses: actions/checkout@v3
+
+      - name: Show input values
+        run: |
+          echo "GitHub event_name: ${{ github.event_name }}"
+          echo "GitHub event inputs debug_enabled: ${{ github.event.inputs.debug_enabled }}"
+          echo "Slugified branch_tag: ${{ needs.build.outputs.branch_tag }}"
+          echo "Docker image_version_artefact: ${{ needs.build.outputs.image_version_artefact }}"
+          echo "Docker image_latest_artefact: ${{ needs.build.outputs.image_latest_artefact }}"
+          echo "Repository short_sha: ${{ needs.build.outputs.short_sha }}"
+          echo "Environment environment_label: ${{ needs.build.outputs.environment_label }}"
+
+      - name: Authenticate with GCP Workload Identity
+        id: auth
+        uses: google-github-actions/auth@v0
+        with:
+          # NOTE: If setting create_credentials_file=true, .dockerignore file must include `gha-creds-*.json` to avoid baking these credentials into build
+          create_credentials_file: false
+          workload_identity_provider: "projects/885434704038/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider"
+          service_account: "dashboard-github-actions@aerosense-twined.iam.gserviceaccount.com"
+
+      - name: Setup tmate session [DEBUG]
+        if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled == 'true'}}
+        uses: mxschmitt/action-tmate@v3
+
+      - name: Deploy to Cloud Run Server
+        id: deploy_dashboard
+        uses: google-github-actions/deploy-cloudrun@v0
+        with:
+          image: ${{ needs.build.outputs.image_version_artefact }}
+          region: europe-west1
+          service: aerosense-dashboard-${{ needs.build.outputs.branch_tag }}
+          tag: ${{ needs.build.outputs.short_sha }}
+
+      - name: Show Cloud Run Deployment URL
+        run: echo "${{ steps.deploy_dashboard.outputs.url }}"

pyproject.toml

@@ -2,7 +2,7 @@
 
 [tool.poetry]
 name = "aerosense-dashboard"
-version = "0.3.0"
+version = "0.3.1"
 description = "High-level visualisation for aerosense"
 authors = ["Tom Clark", "Marcus Lugg", "Yuriy Marykovsky"]
 license = "BSD-3"