diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..dddb919 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,63 @@ +name: Build and Deploy + +on: workflow_dispatch +env: + PROJECT_ID: ${{ secrets.GOOGLE_CLOUD_PROJECT_ID }} + REGION: ${{ secrets.GOOGLE_CLOUD_REGION }} + REPOSITORY: ${{ secrets.ARTIFACT_REGISTRY_REPOSITORY }} + IMAGE: ${{ secrets.DOCKER_IMAGE }} + +jobs: + build-and-push: + runs-on: ubuntu-24.04 + permissions: + contents: read + id-token: write + + steps: + - uses: actions/checkout@v4 + + - id: auth + uses: google-github-actions/auth@v2 + with: + token_format: access_token + workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ secrets.SERVICE_ACCOUNT }} + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v2 + + - name: Login to GAR + uses: docker/login-action@v3 + with: + registry: ${{ env.REGION }}-docker.pkg.dev + username: oauth2accesstoken + password: ${{ steps.auth.outputs.access_token }} + + - name: Configure Docker for Artifact Registry + run: | + gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + push: true + tags: ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.IMAGE }}:${{ github.sha }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Deploy to Cloud Run + run: | + gcloud run deploy ${{ env.IMAGE }} \ + --image ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.IMAGE }}:${{ github.sha }} \ + --port="3000" \ + --region ${{ env.REGION }} \ + --max-instances=1 \ + --ingress=internal-and-cloud-load-balancing \ + --allow-unauthenticated \ + --set-env-vars=LITESTREAM_BUCKET=${{ secrets.LITESTREAM_BUCKET }}