forked from TOMToolkit/tom_base
-
Notifications
You must be signed in to change notification settings - Fork 0
97 lines (89 loc) · 4.88 KB
/
deploy_gcp.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# This workflow will install Python dependencies, run tests and lint with a single version of Python
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
# The full GCP authentication setup is described in this nice blog post: https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions
# Here you see how to push to google cloud artifact registry: https://roger-that-dev.medium.com/push-code-with-github-actions-to-google-clouds-artifact-registry-60d256f8072f
# Here you see how to deploy a cloudrun: https://github.com/google-github-actions/deploy-cloudrun
# Or more generically, setup gcloud: https://github.com/google-github-actions/setup-gcloud
name: GCP app deployment
on:
push:
branches: [ deployment/dev, deployment/prd ]
# pull_request:
# branches: [ master ]
#virtualenv venv
#source venv/bin/activate
#pip install -r ./requirements.txt
#
#gcloud auth configure-docker europe-west1-docker.pkg.dev
#docker build -t europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app .
#OR
#docker buildx build --platform linux/arm64/v8,linux/amd64 -t europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app .
#docker tag europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test1
#docker push europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test1
#docker run -it -e PORT=8080 -p 8080:8080 --rm europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test
## Cloudrun deployment
# gcloud run deploy tom-toolkit-instance-dev-b614bde8 --image europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test1 --update-labels ^,^managed-by=manual_deploy,commit-sha=XXXXXXXXXXXXXXX --format json --region europe-west1 --project tom-toolkit-dev-hxm
# gcloud run services proxy tom-toolkit-instance-dev-b614bde8 --port=8080 --project=tom-toolkit-dev-hxm --region=europe-west1
# cloud-sql-proxy --auto-iam-authn tom-toolkit-dev-hxm:europe-west1:tom-toolkit-instance-dev-ae78f371
#Then go to http://localhost:8080
#env:
# IMAGE_NAME: ''
# PROJECT_ID: ''
# AR_REPO_LOCATION: ''
# AR_URL: ''
# SERVICE_ACCOUNT: ''
# WORKLOAD_IDENTITY_PROVIDER: ''
# CLOUDRUN_INSTANCE_NAME: ''
jobs:
push_push_deploy:
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
runs-on: ubuntu-latest
environment: |-
${{ github.ref_name == 'deployment/dev' && 'dev'
|| github.ref_name == 'deployment/prd' && 'prd' }}
steps:
# - shell: bash
# run: |
# echo "YOUR WIP is ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }} "
- uses: 'actions/checkout@v4'
- id: 'auth' # The exact debug procedure is described here: https://cloud.google.com/iam/docs/audit-logging/examples-workload-identity#exchange-federated
uses: 'google-github-actions/auth@v2'
with:
token_format: access_token
project_id: ${{ vars.PROJECT_ID }}
workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ vars.SERVICE_ACCOUNT }}
- id: 'docker-auth'
uses: 'docker/login-action@v3'
with:
username: 'oauth2accesstoken'
password: '${{ steps.auth.outputs.access_token }}'
registry: '${{ vars.AR_REPO_LOCATION }}-docker.pkg.dev'
# - id: 'Set up Cloud SDK'
# uses: 'google-github-actions/setup-gcloud@v2'
# with:
# version: '>= 363.0.0'
- id: 'build_and_push'
run: |-
docker buildx build --platform linux/amd64 -t ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }} .
docker tag ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }} ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }}:${{ github.sha }}
#gcloud auth configure-docker ${{ vars.AR_REPO_LOCATION }}-docker.pkg.dev
docker push ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }}:${{ github.sha }}
# Deploy comes from https://github.com/google-github-actions/deploy-cloudrun
- id: 'deploy'
uses: 'google-github-actions/deploy-cloudrun@v2'
with:
service: ${{ vars.CLOUDRUN_INSTANCE_NAME }}
image: ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }}:${{ github.sha }}
project_id: ${{ vars.PROJECT_ID }}
region: ${{ vars.AR_REPO_LOCATION }}
env_vars_update_strategy: merge # will be changed from terraform
# env_vars: |-
# FRUIT=apple
# SENTENCE=" this will retain leading and trailing spaces "
# env_vars_file:
secrets_update_strategy: merge # will be changed from terraform
# - name: 'Use output'
# run: 'curl "${{ steps.deploy.outputs.url }}"'