Skip to content

Commit

Permalink
devops: add github actions workflows to deploy the xodarap-api cloud …
Browse files Browse the repository at this point in the history
…run service
  • Loading branch information
hakumizuki committed Oct 7, 2024
1 parent bdec487 commit 8b11c43
Show file tree
Hide file tree
Showing 2 changed files with 107 additions and 0 deletions.
71 changes: 71 additions & 0 deletions .github/workflows/_deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
# ref1: https://cloud.google.com/blog/ja/products/devops-sre/deploy-to-cloud-run-with-github-actions
# ref2: https://github.com/google-github-actions/example-workflows/blob/24274f78e13a0df73f176af798a36b54163d1e72/workflows/deploy-cloudrun/cloudrun-docker.yml

# Set secrets below in your GitHub repository settings:
# - PROJECT_ID # Google Cloud project id
# - GAR_LOCATION # Artifact Registry location
# - REPOSITORY # Artifact Registry repository name
# - SERVICE # Cloud Run service name
# - REGION # Cloud Run service region
# - WIF_PROVIDER # Workload Identity Federation provider (e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider)
# - WIF_SERVICE_ACCOUNT # Workload Identity Federation service account (e.g. - my-service-account@my-project.iam.gserviceaccount.com)

name: Build and Deploy to Cloud Run
on:
workflow_call:
inputs:
environment:
type: string
required: true
description: Name of the target environment.
ref:
type: string
required: true
description: The tag or SHA to checkout.

jobs:
deploy:
# Add 'id-token' with the intended permissions for workload identity federation
# See: apps/api/scripts/google-cloud/setup-workload-identity.sh
permissions:
contents: 'read'
id-token: 'write'

runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2

- name: Google Auth
id: auth
uses: 'google-github-actions/auth@v0'
with:
token_format: 'access_token'
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'

- name: Docker Auth
id: docker-auth
uses: 'docker/login-action@v1'
with:
username: 'oauth2accesstoken'
password: '${{ steps.auth.outputs.access_token }}'
registry: '${{ secrets.GAR_LOCATION }}-docker.pkg.dev'

- name: Build and Push Container
run: |-
docker build -t "${{ secrets.GAR_LOCATION }}-docker.pkg.dev/${{ secrets.PROJECT_ID }}/${{ secrets.REPOSITORY }}/${{ secrets.SERVICE }}:${{ inputs.ref }}" ./
docker push "${{ secrets.GAR_LOCATION }}-docker.pkg.dev/${{ secrets.PROJECT_ID }}/${{ secrets.REPOSITORY }}/${{ secrets.SERVICE }}:${{ inputs.ref }}"
- name: Deploy to Cloud Run
id: deploy
uses: google-github-actions/deploy-cloudrun@v0
with:
service: ${{ secrets.SERVICE }}
region: ${{ secrets.REGION }}
image: ${{ secrets.GAR_LOCATION }}-docker.pkg.dev/${{ secrets.PROJECT_ID }}/${{ secrets.REPOSITORY }}/${{ secrets.SERVICE }}:${{ inputs.ref }}
env_vars: |
NODE_ENV=${{ inputs.environment }}
- name: Show Output
run: echo ${{ steps.deploy.outputs.url }}
36 changes: 36 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
on:
push:
branches: [develop, stage, main]

jobs:
dev:
name: deploy cloudrun to dev environment
if: ${{ github.ref == 'refs/heads/develop' || github.base_ref == 'develop' }}
uses: ./_deployment.yaml
permissions:
id-token: write
contents: read
with:
environment: development
ref: ${{ github.sha }}
secrets: inherit
staging:
if: ${{ github.ref == 'refs/heads/staging' || github.base_ref == 'staging' }}
uses: ./_deployment.yaml
permissions:
id-token: write
contents: read
with:
environment: staging
ref: ${{ github.sha }}
secrets: inherit
prod:
if: ${{ github.ref == 'refs/heads/main' || github.base_ref == 'main' }}
uses: ./_deployment.yaml
permissions:
id-token: write
contents: read
with:
environment: production
ref: ${{ github.sha }}
secrets: inherit

0 comments on commit 8b11c43

Please sign in to comment.