adding simple profile display #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Homepage Deployment | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| paths: | |
| - 'homepage/**' | |
| - '!homepage/**.md' | |
| - '.github/workflows/homepage-deployment.yml' | |
| env: | |
| CONTAINER_REGISTRY_LOCATION: europe-west1 | |
| CONTAINER_REGISTRY: cr-webapps | |
| CONTAINER_NAME: homepage | |
| CR_LOCATION: europe-west1 | |
| CR_SERVICE: homepage | |
| jobs: | |
| lint-typecheck: | |
| name: Lint & Type Check | |
| runs-on: ubuntu-latest | |
| permissions: | |
| checks: write | |
| pull-requests: read | |
| contents: read | |
| defaults: | |
| run: | |
| working-directory: homepage | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Nodejs Environment | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| cache: yarn | |
| cache-dependency-path: 'homepage/yarn.lock' | |
| - name: Install Dependencies | |
| run: yarn --frozen-lockfile | |
| - name: Lint | |
| run: yarn lint:nofix --output-file eslint_report.json --format json | |
| continue-on-error: true | |
| - name: Type Check | |
| run: yarn tsc > typescript.log | |
| continue-on-error: true | |
| - name: Annotate Code | |
| uses: DerLev/eslint-annotations@v1 | |
| with: | |
| eslint-report: homepage/eslint_report.json | |
| typescript-log: homepage/typescript.log | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| error-on-warn: true | |
| status-check-name: Annotations | |
| fail-in-pr: false | |
| add-notice-with-url: false | |
| delete-outdated-ar: | |
| name: Delete outdated Container Images from Artifact Registry | |
| runs-on: ubuntu-latest | |
| needs: lint-typecheck | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Authenticate to Google Cloud | |
| id: auth | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| workload_identity_provider: ${{ secrets.GCP_WIF_PROVIDER }} | |
| service_account: ${{ secrets.GCP_SA_EMAIL }} | |
| - name: Cleanup Artifact Registry | |
| uses: docker://europe-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli | |
| with: | |
| args: >- | |
| -repo=${{ env.CONTAINER_REGISTRY_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_NAME }} | |
| -keep=6 | |
| -tag-filter-any=.* | |
| delete-outdated-cr: | |
| name: Delete outdated Cloud Run Revisions | |
| runs-on: ubuntu-latest | |
| needs: lint-typecheck | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Authenticate to Google Cloud | |
| id: auth | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| workload_identity_provider: ${{ secrets.GCP_WIF_PROVIDER }} | |
| service_account: ${{ secrets.GCP_SA_EMAIL }} | |
| token_format: access_token | |
| access_token_lifetime: 60s | |
| - name: Only leave the 2 most recent Revisions | |
| uses: actions/github-script@v6 | |
| with: | |
| script: | | |
| const response = await fetch("https://run.googleapis.com/v2/projects/${{ secrets.GCP_PROJECT_ID }}/locations/${{ env.CR_LOCATION }}/services/${{ env.CR_SERVICE }}/revisions", { headers: { 'Authorization': "Bearer ${{ steps.auth.outputs.access_token }}" } }) | |
| .then(res => res.json()); | |
| const toBeDeleted = response.revisions.sort((a, b) => (new Date(b.createTime) - new Date(a.createTime))).slice(2); | |
| const deletionPromises = []; | |
| for(const revision of toBeDeleted) { | |
| deletionPromises.push(fetch(`https://run.googleapis.com/v2/${revision.name}`, { method: 'DELETE', headers: { 'Authorization': "Bearer ${{ steps.auth.outputs.access_token }}" } })); | |
| } | |
| await Promise.all(deletionPromises); | |
| build-deploy: | |
| name: Build Container & Deploy on Cloud Run | |
| runs-on: ubuntu-latest | |
| needs: [delete-outdated-ar, delete-outdated-cr] | |
| permissions: | |
| contents: read | |
| id-token: write | |
| environment: Production | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Authenticate to Google Cloud | |
| id: auth | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| workload_identity_provider: ${{ secrets.GCP_WIF_PROVIDER }} | |
| service_account: ${{ secrets.GCP_SA_EMAIL }} | |
| token_format: access_token | |
| access_token_lifetime: 600s | |
| - name: Login to GCP Artifact Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.CONTAINER_REGISTRY_LOCATION }}-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.auth.outputs.access_token }} | |
| - name: Extract Metadata for Docker | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ env.CONTAINER_REGISTRY_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_NAME }} | |
| tags: | | |
| type=raw,value=latest | |
| type=sha,prefix=,format=long | |
| - name: Build and Push Docker Image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: homepage/ | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v1 | |
| - name: Get short commit SHA | |
| id: commit_sha | |
| uses: actions/github-script@v6 | |
| with: | |
| script: | | |
| const sha = "${{ github.sha }}" | |
| const shortSha = sha.substring(0, 7) | |
| core.setOutput('shortSha', shortSha) | |
| - name: Create new Cloud Run Revision | |
| run: gcloud run deploy ${{ env.CR_SERVICE }} --image ${{ env.CONTAINER_REGISTRY_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_NAME }}:${{ github.sha }} --region ${{ env.CR_LOCATION }} --tag sha-${{ steps.commit_sha.outputs.shortSha }} |