Skip to content

Deploy doghouse

Deploy doghouse #3

Workflow file for this run

name: Deploy doghouse
on:
push:
tags:
- "v*.*.*"
workflow_dispatch:
jobs:
test:
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 50 # Need git history for testing.
- uses: actions/setup-go@v5
with:
# must sync doghouse/appengine/app.yaml
go-version: "1.21"
- run: go test -v -race ./...
deploy:
permissions:
contents: read
needs: [test]
runs-on: ubuntu-latest
defaults:
run:
shell: bash
working-directory: ./doghouse/appengine/
steps:
- uses: actions/checkout@v4
- uses: google-github-actions/[email protected]
with:
project_id: review-dog
service_account_key: ${{ secrets.GCP_SA_KEY }}
export_default_credentials: true
- name: Decrypt keys
env:
GAE_KEYRING_NAME: reviewdog-doghouse-deploy
GAE_KEY_NAME: secret-env
run: |-
gcloud kms decrypt --location=global \
--keyring="$GAE_KEYRING_NAME" \
--key="$GAE_KEY_NAME" \
--ciphertext-file=secret/encrypted-reviewdog.private-key.pem.bin \
--plaintext-file=secret/reviewdog.private-key.pem
gcloud kms decrypt --location=global \
--keyring="$GAE_KEYRING_NAME" \
--key="$GAE_KEY_NAME" \
--ciphertext-file=secret/encrypted-secret.yaml.bin \
--plaintext-file=secret/secret.yaml
- name: Deploy
run: gcloud --quiet app deploy app.yaml
- name: Cleanup
run: |-
rm secret/reviewdog.private-key.pem
rm secret/secret.yaml