-
Notifications
You must be signed in to change notification settings - Fork 0
60 lines (59 loc) · 1.71 KB
/
deploy-doghouse.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
name: Deploy doghouse
on:
push:
tags:
- "v*.*.*"
workflow_dispatch:
jobs:
test:
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 50 # Need git history for testing.
- uses: actions/setup-go@v5
with:
# must sync doghouse/appengine/app.yaml
go-version: "1.21"
- run: go test -v -race ./...
deploy:
permissions:
contents: read
needs: [test]
runs-on: ubuntu-latest
defaults:
run:
shell: bash
working-directory: ./doghouse/appengine/
steps:
- uses: actions/checkout@v4
- id: auth
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
- uses: google-github-actions/[email protected]
with:
project_id: review-dog
- name: Decrypt keys
env:
GAE_KEYRING_NAME: reviewdog-doghouse-deploy
GAE_KEY_NAME: secret-env
run: |-
gcloud kms decrypt --location=global \
--keyring="$GAE_KEYRING_NAME" \
--key="$GAE_KEY_NAME" \
--ciphertext-file=secret/encrypted-reviewdog.private-key.pem.bin \
--plaintext-file=secret/reviewdog.private-key.pem
gcloud kms decrypt --location=global \
--keyring="$GAE_KEYRING_NAME" \
--key="$GAE_KEY_NAME" \
--ciphertext-file=secret/encrypted-secret.yaml.bin \
--plaintext-file=secret/secret.yaml
- name: Deploy
run: gcloud --quiet app deploy app.yaml
- name: Cleanup
run: |-
rm secret/reviewdog.private-key.pem
rm secret/secret.yaml