WIP README #57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will install Python dependencies, run tests and lint with a single version of Python | |
| # For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions | |
| # The full GCP authentication setup is described in this nice blog post: https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions | |
| # Here you see how to push to google cloud artifact registry: https://roger-that-dev.medium.com/push-code-with-github-actions-to-google-clouds-artifact-registry-60d256f8072f | |
| # Here you see how to deploy a cloudrun: https://github.com/google-github-actions/deploy-cloudrun | |
| # Or more generically, setup gcloud: https://github.com/google-github-actions/setup-gcloud | |
| name: GCP app deployment | |
| on: | |
| push: | |
| branches: [ deployment/dev, deployment/prd ] | |
| # pull_request: | |
| # branches: [ master ] | |
| #virtualenv venv | |
| #source venv/bin/activate | |
| #pip install -r ./requirements.txt | |
| # | |
| #gcloud auth configure-docker europe-west1-docker.pkg.dev | |
| #docker build -t europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app . | |
| #OR | |
| #docker buildx build --platform linux/arm64/v8,linux/amd64 -t europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app . | |
| #docker tag europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test1 | |
| #docker push europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test1 | |
| #docker run -it -e PORT=8080 -p 8080:8080 --rm europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test | |
| ## Cloudrun deployment | |
| #gcloud run services proxy tom-toolkit-instance-dev-b614bde8 --port=8080 --project=tom-toolkit-dev-hxm --region=europe-west1 | |
| #Then go to http://localhost:8080 | |
| #env: | |
| # IMAGE_NAME: '' | |
| # PROJECT_ID: '' | |
| # AR_REPO_LOCATION: '' | |
| # AR_URL: '' | |
| # SERVICE_ACCOUNT: '' | |
| # WORKLOAD_IDENTITY_PROVIDER: '' | |
| # CLOUDRUN_INSTANCE_NAME: '' | |
| jobs: | |
| push_push_deploy: | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| runs-on: ubuntu-latest | |
| environment: |- | |
| ${{ github.ref_name == 'deployment/dev' && 'dev' | |
| || github.ref_name == 'deployment/prd' && 'prd' }} | |
| steps: | |
| # - shell: bash | |
| # run: | | |
| # echo "YOUR WIP is ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }} " | |
| - uses: 'actions/checkout@v4' | |
| - id: 'auth' # The exact debug procedure is described here: https://cloud.google.com/iam/docs/audit-logging/examples-workload-identity#exchange-federated | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| token_format: access_token | |
| project_id: ${{ vars.PROJECT_ID }} | |
| workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ vars.SERVICE_ACCOUNT }} | |
| - id: 'docker-auth' | |
| uses: 'docker/login-action@v3' | |
| with: | |
| username: 'oauth2accesstoken' | |
| password: '${{ steps.auth.outputs.access_token }}' | |
| registry: '${{ vars.AR_REPO_LOCATION }}-docker.pkg.dev' | |
| # - id: 'Set up Cloud SDK' | |
| # uses: 'google-github-actions/setup-gcloud@v2' | |
| # with: | |
| # version: '>= 363.0.0' | |
| - id: 'build_and_push' | |
| run: |- | |
| docker buildx build --platform linux/amd64 -t ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }} . | |
| docker tag ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }} ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }}:${{ github.sha }} | |
| #gcloud auth configure-docker ${{ vars.AR_REPO_LOCATION }}-docker.pkg.dev | |
| docker push ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }}:${{ github.sha }} | |
| # Deploy comes from https://github.com/google-github-actions/deploy-cloudrun | |
| - id: 'deploy' | |
| uses: 'google-github-actions/deploy-cloudrun@v2' | |
| with: | |
| service: ${{ vars.CLOUDRUN_INSTANCE_NAME }} | |
| image: ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }}:${{ github.sha }} | |
| project_id: ${{ vars.PROJECT_ID }} | |
| region: ${{ vars.AR_REPO_LOCATION }} | |
| env_vars_update_strategy: merge # will be changed from terraform | |
| # env_vars: |- | |
| # FRUIT=apple | |
| # SENTENCE=" this will retain leading and trailing spaces " | |
| # env_vars_file: | |
| secrets_update_strategy: merge # will be changed from terraform | |
| # - name: 'Use output' | |
| # run: 'curl "${{ steps.deploy.outputs.url }}"' |