Feature/GitHub actions #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Cloud Run' | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: {} | |
repository_dispatch: | |
types: | |
- deploy | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
cloudrun: | |
name: 'Cloud Run' | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
pull-requests: write # Write contents to the PR | |
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | |
defaults: | |
run: | |
shell: bash | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
NEXT_PUBLIC_FIREBASE_APIKEY: ${{ secrets.NEXT_PUBLIC_FIREBASE_APIKEY }} | |
NEXT_PUBLIC_MAPBOX_APIKEY: ${{ secrets.NEXT_PUBLIC_MAPBOX_APIKEY }} | |
NEXT_PUBLIC_OAUTH_CLIENT_ID: ${{ secrets.NEXT_PUBLIC_OAUTH_CLIENT_ID }} | |
NEXT_PUBLIC_FIRESTORE_DB: ${{ vars.NEXT_PUBLIC_FIRESTORE_DB }} | |
GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT }} | |
AUTH_SECRET: ${{ secrets.AUTH_SECRET }} | |
RUN_SERVICE: ${{ vars.RUN_SERVICE}} | |
RUN_REGION: ${{ vars.RUN_REGION }} | |
RUN_SERVICE_ACCOUNT: ${{ secrets.RUN_SERVICE_ACCOUNT}} | |
CLOUDSDK_CORE_PROJECT: ${{ vars.CLOUDSDK_CORE_PROJECT }} | |
CLOUDSDK_COMPUTE_REGION: ${{ vars.CLOUDSDK_COMPUTE_REGION }} | |
IMAGE: ${{ vars.IMAGE }} | |
steps: | |
# Checkout the repository to the GitHub Actions runner | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 | |
- name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@v2' | |
with: | |
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} # this is the output provider_name from the TF module | |
service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT }} # this is a SA email configured | |
export_environment_variables: 'true' | |
- name: 'Set up Cloud SDK' | |
uses: google-github-actions/setup-gcloud@v2 | |
- name: Setup env | |
shell: bash | |
id: env | |
run: | | |
# write env file | |
VERSION=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} | |
echo "VERSION=${VERSION}" >.version | |
VERSION_TAG=$(echo ${VERSION} | tr '[:upper:]' '[:lower:]'} | sed -r 's@[^a-zA-Z0-9_-]+@-@g' ) | |
VERSION_TAG=$(echo -n ${VERSION_TAG:0:30} | sed 's@-$@@') | |
echo "VERSION_TAG=${VERSION_TAG}" >>.version | |
# if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then | |
# # prod version | |
# else | |
# SERVICE="${SERVICE}-dev" | |
# fi | |
if [[ "${NEXT_PUBLIC_FIRESTORE_DB}" == "default" ]]; then | |
# set to empty string | |
export NEXT_PUBLIC_FIRESTORE_DB="" | |
fi | |
echo "NEXT_PUBLIC_FIRESTORE_DB='${NEXT_PUBLIC_FIRESTORE_DB}'" >>.version | |
echo "RUN_SERVICE='${RUN_SERVICE}'" >>.version | |
echo "RUN_REGION='${RUN_REGION}'" >>.version | |
echo "IMAGE='${IMAGE}'" >>.version | |
echo "IMAGE_TAG='${IMAGE}:${VERSION_TAG}'" >>.version | |
echo "Versions: $(cat .version)" | |
cat .version >>$GITHUB_OUTPUT | |
cat >.env.local <<EOF | |
NEXT_PUBLIC_FIREBASE_APIKEY='${NEXT_PUBLIC_FIREBASE_APIKEY}' | |
NEXT_PUBLIC_MAPBOX_APIKEY='${NEXT_PUBLIC_MAPBOX_APIKEY}' | |
NEXT_PUBLIC_BUILD_ID='$VERSION' | |
NEXT_PUBLIC_OAUTH_CLIENT_ID='${NEXT_PUBLIC_OAUTH_CLIENT_ID}' | |
NEXT_PUBLIC_FIRESTORE_DB="${NEXT_PUBLIC_FIRESTORE_DB}" | |
AUTH_SECRET='${AUTH_SECRET}' | |
EOF | |
# echo "Environment:" | |
# cat .env.local | |
# - id: 'deploy' | |
# uses: 'google-github-actions/deploy-cloudrun@v2' | |
# with: | |
# service: ${{vars.RUN_SERVICE}} | |
# image: ${{ steps.env.outputs.IMAGE_TAG}} | |
# region: ${{vars.RUN_REGION}} | |
# project_id: ${{vars.CLOUDSDK_CORE_PROJECT}} | |
# tag: ${{steps.env.outputs.VERSION_TAG}} | |
# # service account is not available | |
# # service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT}} | |
# secrets: |- | |
# NEXT_PUBLIC_FIREBASE_APIKEY=NEXT_PUBLIC_FIREBASE_APIKEY:latest | |
# NEXT_PUBLIC_MAPBOX_APIKEY=NEXT_PUBLIC_MAPBOX_APIKEY:latest | |
# AUTH_SECRET=AUTH_SECRET:latest | |
# EINSATZMAPPE_SHEET_ID=EINSATZMAPPE_SHEET_ID:latest,EINSATZMAPPE_SHEET_RANGE=EINSATZMAPPE_SHEET_RANGE:latest | |
- id: image | |
name: Build image | |
run: | | |
gcloud auth configure-docker ${RUN_REGION}-docker.pkg.dev --quiet | |
docker build . --tag ${{steps.env.outputs.IMAGE_TAG}} | |
docker push ${{steps.env.outputs.IMAGE_TAG}} | |
- id: deploy | |
name: deploy to Cloud Run | |
run: | | |
set -eo pipefail | |
source .version | |
gcloud run deploy $RUN_SERVICE \ | |
--allow-unauthenticated \ | |
--image $IMAGE_TAG \ | |
--execution-environment gen2 \ | |
--max-instances=2 --region $RUN_REGION \ | |
--tag=${VERSION_TAG} \ | |
--service-account=$RUN_SERVICE_ACCOUNT \ | |
--update-secrets="NEXT_PUBLIC_FIREBASE_APIKEY=NEXT_PUBLIC_FIREBASE_APIKEY:latest,NEXT_PUBLIC_MAPBOX_APIKEY=NEXT_PUBLIC_MAPBOX_APIKEY:latest,AUTH_SECRET=AUTH_SECRET:latest,EINSATZMAPPE_SHEET_ID=EINSATZMAPPE_SHEET_ID:latest,EINSATZMAPPE_SHEET_RANGE=EINSATZMAPPE_SHEET_RANGE:latest" \ | |
${RUN_ARGS} |