-
Notifications
You must be signed in to change notification settings - Fork 0
68 lines (63 loc) · 2.17 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
name: Deploy
permissions: write-all
on:
push:
branches: [main]
release:
types: [published]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
defaults:
run:
shell: bash -el {0}
env:
TF_VAR_ANALYTICS_BASE_URL: ${{ github.event_name == 'release' && vars.PROD_ANALYTICS_BASE_URL || vars.STAGING_ANALYTICS_BASE_URL}}
# Analytics and Sourcing (AS) Auth Flow
TF_VAR_PARMA_SHARED_SECRET_KEY: ${{ github.event_name == 'release' && secrets.PROD_PARMA_SHARED_SECRET_KEY || secrets.STAGING_PARMA_SHARED_SECRET_KEY}}
jobs:
deploy:
name: Deploy - ${{ matrix.DEPLOYMENT_ENV }}
runs-on: ubuntu-latest
timeout-minutes: 40
strategy:
matrix:
DEPLOYMENT_ENV:
["${{ github.event_name == 'release' && 'prod' || 'staging' }}"]
defaults:
run:
working-directory: ./terraform/${{ matrix.DEPLOYMENT_ENV }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Configure gcloud CLI
uses: google-github-actions/setup-gcloud@5a5f7b85fca43e76e53463acaa9d408a03c98d3a
with:
version: "416.0.0"
service_account_email: ${{ secrets.GCP_SA_EMAIL }}
service_account_key: ${{ secrets.GCP_SA_KEY }}
export_default_credentials: true
- name: Test gcloud cli
run: gcloud auth list --filter=status:ACTIVE --format="value(account)"
- name: Terraform setup
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.5.3
- name: Store credentials file
run: |
mkdir -p ./../.secrets/
echo -n "$KEYSTORE" > ./../.secrets/la-famiglia-parma-ai.json
env:
KEYSTORE: ${{ secrets.GCP_SA_KEY }}
- name: Activate service account
run: gcloud auth activate-service-account --key-file=./../.secrets/la-famiglia-parma-ai.json
- name: Authenticate with GCR
run: gcloud auth configure-docker europe-west1-docker.pkg.dev
- name: Terraform init
run: terraform init
- name: Terraform plan
run: terraform plan
- name: Terraform apply
run: terraform apply -auto-approve