build(deps): bump com.abavilla:fpi-framework-pom from 1.8.10 to 1.8.11 #308

Workflow file for this run

.github/workflows/release-dev.yml at c35723a

	name: GCP Cloud Run CI Dev

	on:
	pull_request:
	types: [ opened, synchronize, reopened ]

	env:
	PROJECT_ID: fpi-sms-api
	REGISTRY: asia-east1-docker.pkg.dev
	GHUB_REPO_NAME: fpi-bot-api
	SERVICE: fpi-bot-api-dev
	REGION: asia-east1
	SONAR_PROJECT_KEY: vincejv_fpi-bot-api
	SERVICE_CPU: 1000m
	SERVICE_MEMORY: 512Mi
	SERVICE_ENV: dev

	jobs:

	pre_job:
	name: Duplicate checks
	runs-on: ubuntu-latest
	if: ${{ !contains(github.event.head_commit.message, 'docs-update(') }} # skip for commits containing 'docs-update('
	outputs:
	should_skip: ${{ steps.skip_check.outputs.should_skip }}
	paths_result: ${{ steps.skip_check.outputs.paths_result }}
	steps:
	- name: Skip duplicate actions
	id: skip_check
	uses: fkirc/skip-duplicate-actions@v5
	with:
	concurrent_skipping: outdated_runs
	cancel_others: true

	code_quality_checks:
	name: Code quality checks
	runs-on: ubuntu-latest
	needs: pre_job
	if: needs.pre_job.outputs.should_skip != 'true'
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis

	- name: Set up JDK 17
	uses: actions/setup-java@v3
	with:
	distribution: temurin
	java-version: 17
	cache: maven

	- name: Cache SonarCloud packages
	uses: actions/cache@v3
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar

	- name: Build and analyze
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=${{ env.SONAR_PROJECT_KEY }} -Dsonar.qualitygate.wait=true -Pallow-snapshots

	deploy_to_cloud:
	name: Deploy to Cloud Run
	runs-on: ubuntu-latest
	needs: code_quality_checks
	outputs:
	artifact_version: ${{ steps.gen_ver.outputs.artifact_version }}
	service_image_path: ${{ steps.image_version.outputs.service_image_path }}
	permissions:
	contents: read
	packages: write
	id-token: write
	environment: Development
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0 # for jgitver to generate the version

	# - name: Set up Docker Buildx
	# uses: docker/setup-buildx-action@v2

	- name: Set up JDK 17
	uses: actions/setup-java@v3
	with:
	distribution: temurin
	java-version: 17
	cache: maven

	- name: Prepare artifact version
	id: gen_ver
	run: \|
	echo "artifact_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT

	- name: Prepare Docker image tag
	id: image_version
	run: \|
	echo "service_image_path=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }}:${{ steps.gen_ver.outputs.artifact_version }}" >> $GITHUB_OUTPUT

	- name: Create JVM package
	run: mvn -B package -Pallow-snapshots

	- name: Google Auth
	id: gcp-auth
	uses: google-github-actions/auth@v1
	with:
	token_format: 'access_token'
	workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
	service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'

	- name: Login to Google Docker Registry
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: 'oauth2accesstoken'
	password: ${{ steps.gcp-auth.outputs.access_token }}

	- name: Check Docker repository
	id: repository_check
	continue-on-error: true # will throw an error if repository does not exist
	run: \|
	gcloud artifacts repositories describe ${{ env.GHUB_REPO_NAME }} --location ${{ env.REGION }}

	- name: Create Docker repository
	if: ${{ steps.repository_check.outcome == 'failure' }} # only create if previous step does not exist
	run: \|
	gcloud artifacts repositories create ${{ env.GHUB_REPO_NAME }} --repository-format=docker --location ${{ env.REGION }}

	# - name: Extract metadata (tags, labels) for Docker
	# id: meta
	# uses: docker/metadata-action@v4
	# with:
	# images: ${{ steps.image_version.outputs.service_image_path }}

	- name: Build and push Docker image
	uses: docker/build-push-action@v5
	with:
	context: .
	file: Dockerfile.dev
	push: true
	tags: \| # ${{ steps.meta.outputs.tags }} - (For public repositories like docker hub)
	${{ steps.image_version.outputs.service_image_path }}
	labels: ${{ steps.meta.outputs.labels }}

	- name: Deploy to cloud run
	id: deploy
	uses: google-github-actions/deploy-cloudrun@v1
	with:
	service: ${{ env.SERVICE }}
	region: ${{ env.REGION }}
	image: ${{ steps.image_version.outputs.service_image_path }}
	project_id: ${{ env.PROJECT_ID }}
	flags: \|
	--set-env-vars ^##^MONGO_CONN_STRING=${{ secrets.MONGO_CONN_STRING }}
	--set-env-vars OIDC_CLIENT_ID=${{ secrets.OIDC_CLIENT_ID }}
	--set-env-vars OIDC_AUTH_URL=${{ secrets.OIDC_AUTH_URL }}
	--set-env-vars OIDC_SECRET=${{ secrets.OIDC_SECRET }}
	--set-env-vars FPI_APP_TO_APP_USERN=${{ secrets.FPI_APP_TO_APP_USERN }}
	--set-env-vars FPI_APP_TO_APP_PASSW=${{ secrets.FPI_APP_TO_APP_PASSW }}
	--set-env-vars FPI_MO_WEBHOOK_KEY=${{ secrets.FPI_MO_WEBHOOK_KEY }}
	--set-env-vars LOGIN_BASE_URI=${{ secrets.LOGIN_BASE_URI }}
	--set-env-vars USER_BASE_URI=${{ secrets.USER_BASE_URI }}
	--set-env-vars LOAD_API_BASE_URI=${{ secrets.LOAD_API_BASE_URI }}
	--set-env-vars MSGR_API_BASE_URI=${{ secrets.MSGR_API_BASE_URI }}
	--set-env-vars TG_API_BASE_URI=${{ secrets.TG_API_BASE_URI }}
	--set-env-vars SMS_BASE_URI=${{ secrets.SMS_BASE_URI }}
	--set-env-vars VIBER_API_BASE_URI=${{ secrets.VIBER_API_BASE_URI }}
	--set-env-vars META_FB_VRFY_TOKEN=${{ secrets.META_FB_VRFY_TOKEN }}
	--set-env-vars META_FB_APP_SECRET=${{ secrets.META_FB_APP_SECRET }}
	--set-env-vars TELEGRAM_SECRET_VERIFY_TOKEN=${{ secrets.TELEGRAM_SECRET_VERIFY_TOKEN }}
	--set-env-vars VIBER_AUTH_TOKEN=${{ secrets.VIBER_AUTH_TOKEN }}
	--set-env-vars DB_NAME=bot-api-dev
	--cpu ${{ env.SERVICE_CPU }}
	--memory ${{ env.SERVICE_MEMORY }}
	--timeout 900
	--no-cpu-throttling
	labels: \|
	env=${{ env.SERVICE_ENV }}

	- name: Configure cloud run
	run: \|-
	gcloud run services add-iam-policy-binding ${{ env.SERVICE }} --member=allUsers --role=roles/run.invoker --region=${{ env.REGION }}

	- name: Show Output
	run: echo ${{ steps.deploy.outputs.url }}

	deploy_to_central:
	name: Release artifact to central
	runs-on: ubuntu-latest
	needs: deploy_to_cloud # only deploy to central if successfully deployed to cloud run environment
	permissions:
	contents: read
	packages: write
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis

	- name: Set up JDK 17
	uses: actions/setup-java@v3
	with:
	distribution: temurin
	java-version: 17
	cache: maven
	server-id: ossrh
	server-username: MAVEN_USERNAME
	server-password: MAVEN_PASSWORD
	gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
	gpg-passphrase: MAVEN_GPG_PASSPHRASE

	- name: Build and release to central repo
	env:
	MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
	MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
	MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
	run: mvn -B deploy -Dlib-only -Prelease-for-oss,allow-snapshots

	pr_update:
	name: Pull request update
	if: always()
	needs: [ pre_job, deploy_to_cloud ]
	runs-on: ubuntu-latest
	permissions:
	contents: read
	pull-requests: write # allows job to decorate PRs with analysis results
	steps:
	- name: Update PR (Skip message)
	uses: marocchino/sticky-pull-request-comment@v2
	if: ${{ always() && needs.pre_job.outputs.should_skip == 'true' }}
	with:
	message: \|
	⚪ Skipped CI/CD as deployment was done in a previous job

	- name: Update PR (Success message)
	uses: marocchino/sticky-pull-request-comment@v2
	if: ${{ always() && needs.pre_job.outputs.should_skip != 'true' && needs.deploy_to_cloud.outputs.artifact_version != '' }}
	with:
	message: \|
	✅ Deployed to DEV environment: `${{ needs.deploy_to_cloud.outputs.artifact_version }}`

	#### Add to your POM
	```xml
	<dependency>
	<groupId>com.abavilla</groupId>
	<artifactId>${{ env.GHUB_REPO_NAME }}-lib</artifactId>
	<version>${{ needs.deploy_to_cloud.outputs.artifact_version }}</version>
	</dependency>
	```

	- name: Update PR (Failure message)
	uses: marocchino/sticky-pull-request-comment@v2
	if: ${{ always() && needs.pre_job.outputs.should_skip != 'true' && needs.deploy_to_cloud.outputs.artifact_version == '' }}
	with:
	message: \|
	❌ CI Build & Deployment failed, please check the [logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details

	gcr-cleaner:
	name: Clean-up old artifact registry images
	needs: deploy_to_cloud
	runs-on: 'ubuntu-latest'
	permissions:
	contents: read
	id-token: write
	steps:
	- name: Google Auth
	id: gcp-auth
	uses: google-github-actions/auth@v1
	with:
	token_format: 'access_token'
	workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
	service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'

	- name: Login to Google Docker Registry
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: 'oauth2accesstoken'
	password: ${{ steps.gcp-auth.outputs.access_token }}

	- name: Run GCR Cleaner
	uses: docker://us-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli
	with:
	args: >-
	-repo=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }}
	-tag-filter-any "."
	-keep=1
	-recursive=true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump com.abavilla:fpi-framework-pom from 1.8.10 to 1.8.11 #308

Workflow file

build(deps): bump com.abavilla:fpi-framework-pom from 1.8.10 to 1.8.11 #308

Jobs

Run details

Workflow file for this run