Add env vars for PubSub handlers (#83) #80
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deployment | |
on: | |
push: | |
branches: [ master ] | |
env: | |
# Required for CI workflow | |
JAVA_VERSION: "15" | |
JAVA_DISTRIBUTION: "zulu" | |
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT }} | |
GCP_SERVICE: cloudrun-test | |
GCP_REGION: us-west1 | |
GCP_REPOSITORY: cloudrun-test-repo | |
GCP_REPOSITORY_FORMAT: docker | |
GCP_REPOSITORY_IMAGE: cloudrun-test-image | |
GCP_SA_KEY_DEPLOY: ${{ secrets.GCP_SA_KEY_DEPLOY }} | |
# Required for build | |
GCP_SA_KEY_PUBSUB: ${{ secrets.GCP_SA_KEY_PUBSUB }} | |
FIREBASE_API_KEY: ${{ secrets.FIREBASE_API_KEY }} | |
FIREBASE_AUTH_DOMAIN: ${{ secrets.FIREBASE_AUTH_DOMAIN }} | |
FIREBASE_PROJECT_ID: ${{ secrets.FIREBASE_PROJECT_ID }} | |
FIREBASE_STORAGE_BUCKET: ${{ secrets.FIREBASE_STORAGE_BUCKET }} | |
FIREBASE_GCM_SENDER_ID: ${{ secrets.FIREBASE_GCM_SENDER_ID }} | |
FIREBASE_APPLICATION_ID: ${{ secrets.FIREBASE_APPLICATION_ID }} | |
SLACK_SIGNING_SECRET: ${{ secrets.SLACK_SIGNING_SECRET }} | |
SLACK_REQUEST_VERIFICATION_ENABLED: ${{ secrets.SLACK_REQUEST_VERIFICATION_ENABLED }} | |
SLACK_CLIENT_ID: ${{ secrets.SLACK_CLIENT_ID }} | |
SLACK_CLIENT_SECRET: ${{ secrets.SLACK_CLIENT_SECRET }} | |
APP_LOG_LEVEL: ${{ secrets.APP_LOG_LEVEL }} | |
APP_NETWORK_HTML_LOG_LEVEL: ${{ secrets.APP_NETWORK_HTML_LOG_LEVEL }} | |
APP_NETWORK_JSON_LOG_LEVEL: ${{ secrets.APP_NETWORK_JSON_LOG_LEVEL }} | |
jobs: | |
jsDeploy: | |
runs-on: ubuntu-20.04 | |
concurrency: | |
group: ${{ github.ref }}_jsDeploy | |
cancel-in-progress: true | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up Java | |
uses: actions/setup-java@v3 | |
with: | |
distribution: ${{ env.JAVA_DISTRIBUTION }} | |
java-version: ${{ env.JAVA_VERSION }} | |
- name: Set up Gradle cache | |
uses: gradle/gradle-build-action@v2 # By default, cache is only saved on the 'master' branch | |
- name: Build | |
run: | | |
set -o pipefail && | |
bash ./scripts/env.sh && | |
./gradlew --no-daemon assemble | |
- name: Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Build | |
path: | | |
build/bin | |
local.properties | |
local-credentials-pubsub.json | |
- name: Set up deploy environment | |
run: | | |
GCP_BUILD_TAG="${{ env.GCP_REGION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_REPOSITORY }}/${{ env.GCP_REPOSITORY_IMAGE }}" | |
echo "GCP_BUILD_TAG=$GCP_BUILD_TAG" >> $GITHUB_ENV | |
- name: Set up deploy authentication | |
uses: google-github-actions/[email protected] | |
with: | |
credentials_json: ${{ env.GCP_SA_KEY_DEPLOY }} | |
- name: Set up deploy cli | |
uses: google-github-actions/[email protected] | |
with: | |
project_id: ${{ env.GCP_PROJECT_ID }} | |
- name: Set up container storage | |
run: |- | |
if [ "$(gcloud artifacts repositories describe ${{ env.GCP_REPOSITORY }} --location=${{ env.GCP_REGION }} >&/dev/null ; echo $?)" -ne 0 ]; then | |
echo "Creating new artifact registry repository" | |
gcloud artifacts repositories create ${{ env.GCP_REPOSITORY }} --location=${{ env.GCP_REGION }} --repository-format=${{ env.GCP_REPOSITORY_FORMAT }} | |
else | |
echo "Artifact registry repository already exists" | |
fi | |
- name: Build and push container image | |
run: |- | |
gcloud auth configure-docker ${{ env.GCP_REGION }}-docker.pkg.dev | |
docker build -t $GCP_BUILD_TAG . | |
docker push $GCP_BUILD_TAG | |
- name: Deploy | |
id: deployment | |
uses: google-github-actions/[email protected] | |
with: | |
service: ${{ env.GCP_SERVICE }} | |
image: ${{ env.GCP_BUILD_TAG }} | |
region: ${{ env.GCP_REGION }} | |
- name: Allow public access | |
run: | | |
gcloud run services add-iam-policy-binding ${{ env.GCP_SERVICE }} \ | |
--platform managed \ | |
--region ${{ env.GCP_REGION }} \ | |
--member=allUsers \ | |
--role=roles/run.invoker | |
- name: Deploy output | |
run: |- | |
echo "Service available at: ${{ steps.deployment.outputs.url }}" | |
jsTest: | |
runs-on: ubuntu-20.04 | |
concurrency: | |
group: ${{ github.ref }}_jsTest | |
cancel-in-progress: true | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up Java | |
uses: actions/setup-java@v3 | |
with: | |
distribution: ${{ env.JAVA_DISTRIBUTION }} | |
java-version: ${{ env.JAVA_VERSION }} | |
- name: Set up Gradle cache | |
uses: gradle/gradle-build-action@v2 | |
- name: Test | |
run: | | |
set -o pipefail && | |
bash ./scripts/env.sh && | |
./gradlew --no-daemon --continue jsNodeTest | |
- name: Generate test report | |
uses: mikepenz/action-junit-report@v3 | |
if: always() # Ensure all test reports are collected, even after errors | |
with: | |
report_paths: '**/build/test-results/**/TEST-*.xml' | |
check_name: 'jsTestResults' | |
- name: Artifacts | |
uses: actions/upload-artifact@v3 | |
if: always() # Ensure all artifacts are collected, even after errors | |
with: | |
name: Tests | |
path: '**/build/test-results/**/TEST-*.xml' |