Bump the dependencies group with 9 updates #169
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Cloud Run' | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- 'v*' | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: {} | |
repository_dispatch: | |
types: | |
- deploy | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
cloudrun: | |
name: 'Cloud Run' | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
pull-requests: write # Write contents to the PR | |
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | |
defaults: | |
run: | |
shell: bash | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
NEXT_PUBLIC_FIREBASE_APIKEY: ${{ vars.NEXT_PUBLIC_FIREBASE_APIKEY }} | |
NEXT_PUBLIC_MAPBOX_APIKEY: ${{ secrets.NEXT_PUBLIC_MAPBOX_APIKEY }} | |
NEXT_PUBLIC_OAUTH_CLIENT_ID: ${{ vars.NEXT_PUBLIC_OAUTH_CLIENT_ID }} | |
NEXT_PUBLIC_FIRESTORE_DB: ${{ vars.NEXT_PUBLIC_FIRESTORE_DB }} | |
GOOGLE_CLOUD_PROJECT: ${{ vars.GOOGLE_CLOUD_PROJECT }} | |
AUTH_SECRET: ${{ secrets.AUTH_SECRET }} | |
RUN_SERVICE: ${{ vars.RUN_SERVICE}} | |
RUN_REGION: ${{ vars.RUN_REGION }} | |
RUN_SERVICE_ACCOUNT: ${{ secrets.RUN_SERVICE_ACCOUNT}} | |
CLOUDSDK_CORE_PROJECT: ${{ vars.CLOUDSDK_CORE_PROJECT }} | |
CLOUDSDK_COMPUTE_REGION: ${{ vars.CLOUDSDK_COMPUTE_REGION }} | |
IMAGE: ${{ vars.IMAGE }} | |
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} | |
steps: | |
# Checkout the repository to the GitHub Actions runner | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 | |
- name: Setup env | |
shell: bash | |
id: env | |
run: | | |
# write env file | |
set -eo pipefail | |
VERSION=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} | |
VERSION_TAG=$(echo ${VERSION} | tr '[:upper:]' '[:lower:]'} | sed -r 's@[^a-zA-Z0-9-]+@-@g' ) | |
VERSION_TAG=$(echo -n ${VERSION_TAG:0:30} | sed 's@-$@@') | |
export NEXTAUTH_URL="https://hydrantenmap-dev-xrhhpxsnva-ez.a.run.app/" | |
if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then | |
export NEXT_PUBLIC_FIRESTORE_DB="" | |
export RUN_SERVICE=$(echo -n "${RUN_SERVICE}" | sed 's/-dev$//') | |
export NEXTAUTH_URL="https://hydrant.ffnd.at" | |
fi | |
if [[ "${NEXT_PUBLIC_FIRESTORE_DB}" == "default" ]]; then | |
# set to empty string | |
export NEXT_PUBLIC_FIRESTORE_DB="" | |
fi | |
echo "Environment:" | |
cat <<EOF | tee -a $GITHUB_ENV | tee -a $GITHUB_OUTPUT | |
VERSION=${VERSION} | |
VERSION_TAG=${VERSION_TAG} | |
RUN_SERVICE=${RUN_SERVICE} | |
RUN_REGION=${RUN_REGION} | |
NEXT_PUBLIC_FIRESTORE_DB=${NEXT_PUBLIC_FIRESTORE_DB} | |
IMAGE=${IMAGE} | |
IMAGE_TAG=${IMAGE}:${VERSION_TAG} | |
NEXTAUTH_URL=${NEXTAUTH_URL} | |
NEXTAUTH_URL_INTERNAL=http://localhost:8080 | |
EOF | |
cat >.env.local <<EOF | |
NEXT_PUBLIC_FIREBASE_APIKEY='${NEXT_PUBLIC_FIREBASE_APIKEY}' | |
NEXT_PUBLIC_MAPBOX_APIKEY='${NEXT_PUBLIC_MAPBOX_APIKEY}' | |
NEXT_PUBLIC_BUILD_ID='$VERSION' | |
NEXT_PUBLIC_OAUTH_CLIENT_ID='${NEXT_PUBLIC_OAUTH_CLIENT_ID}' | |
NEXT_PUBLIC_FIRESTORE_DB="${NEXT_PUBLIC_FIRESTORE_DB}" | |
AUTH_SECRET='${AUTH_SECRET}' | |
NEXTAUTH_URL='${NEXTAUTH_URL}' | |
NEXTAUTH_URL_INTERNAL=http://localhost:8080 | |
EOF | |
# - id: 'deploy' | |
# uses: 'google-github-actions/deploy-cloudrun@v2' | |
# with: | |
# service: ${{vars.RUN_SERVICE}} | |
# image: ${{ steps.env.outputs.IMAGE_TAG}} | |
# region: ${{vars.RUN_REGION}} | |
# project_id: ${{vars.CLOUDSDK_CORE_PROJECT}} | |
# tag: ${{steps.env.outputs.VERSION_TAG}} | |
# # service account is not available | |
# # service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT}} | |
# secrets: |- | |
# NEXT_PUBLIC_FIREBASE_APIKEY=NEXT_PUBLIC_FIREBASE_APIKEY:latest | |
# NEXT_PUBLIC_MAPBOX_APIKEY=NEXT_PUBLIC_MAPBOX_APIKEY:latest | |
# AUTH_SECRET=AUTH_SECRET:latest | |
# EINSATZMAPPE_SHEET_ID=EINSATZMAPPE_SHEET_ID:latest,EINSATZMAPPE_SHEET_RANGE=EINSATZMAPPE_SHEET_RANGE:latest | |
- name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@v2' | |
if: ${{ env.workload_identity_provider != '' }} | |
with: | |
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} # this is the output provider_name from the TF module | |
service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT }} # this is a SA email configured | |
export_environment_variables: 'true' | |
- name: 'Set up Cloud SDK' | |
uses: google-github-actions/setup-gcloud@v2 | |
- id: image | |
name: Build image | |
run: | | |
set -eo pipefail | |
docker build . --tag ${IMAGE_TAG} | |
if [[ -n "${workload_identity_provider}" ]]; then | |
gcloud auth configure-docker ${RUN_REGION}-docker.pkg.dev --quiet | |
docker push ${IMAGE_TAG} | |
else | |
echo "Skipping push to Cloud run as there are no credentials" | |
fi | |
- id: deploy | |
name: deploy to Cloud Run | |
if: ${{ env.workload_identity_provider != '' }} | |
run: | | |
set -eo pipefail | |
gcloud run deploy $RUN_SERVICE \ | |
--allow-unauthenticated \ | |
--image $IMAGE_TAG \ | |
--execution-environment gen2 \ | |
--max-instances=2 --region $RUN_REGION \ | |
--tag=${VERSION_TAG} \ | |
--service-account=$RUN_SERVICE_ACCOUNT \ | |
--update-secrets="NEXT_PUBLIC_FIREBASE_APIKEY=NEXT_PUBLIC_FIREBASE_APIKEY:latest,NEXT_PUBLIC_MAPBOX_APIKEY=NEXT_PUBLIC_MAPBOX_APIKEY:latest,AUTH_SECRET=AUTH_SECRET:latest,EINSATZMAPPE_SHEET_ID=EINSATZMAPPE_SHEET_ID:latest,EINSATZMAPPE_SHEET_RANGE=EINSATZMAPPE_SHEET_RANGE:latest,EINSATZMAPPE_SHEET_FOLDER=EINSATZMAPPE_SHEET_FOLDER:latest,GOOGLE_SERVICE_ACCOUNT=GOOGLE_SERVICE_ACCOUNT:latest,EINSATZMAPPE_IMPERSONATION_ACCOUNT=EINSATZMAPPE_IMPERSONATION_ACCOUNT:latest" \ | |
--update-env-vars="NEXTAUTH_URL=${NEXTAUTH_URL},NEXTAUTH_URL_INTERNAL=http://localhost:8080" \ | |
${RUN_ARGS} |