-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudbuild.yaml
106 lines (102 loc) · 3.91 KB
/
cloudbuild.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
steps:
- name: gcr.io/cloud-builders/gcloud
env:
- COMMIT_SHA=$COMMIT_SHA
- TAG_NAME=$TAG_NAME
- PROJECT_ID=$PROJECT_ID
- NEXT_PUBLIC_FIRESTORE_DB=$_NEXT_PUBLIC_FIRESTORE_DB
args:
- "-c"
- |
# write env file
VERSION=$${TAG_NAME:-sha$$COMMIT_SHA}
echo "VERSION=$${VERSION}" >.version
VERSION_TAG=$$(echo $${TAG_NAME:-$BRANCH_NAME} | tr '[:upper:]' '[:lower:]'} | sed -r 's@[^a-zA-Z0-9_-]+@-@g' )
VERSION_TAG=$$(echo -n $${VERSION_TAG:0:40} | sed 's@-$@@')
echo "VERSION_TAG=$${VERSION_TAG}" >>.version
echo "Versions: $$(cat .version)"
cat >.env.local <<EOF
NEXT_PUBLIC_FIREBASE_APIKEY='$${NEXT_PUBLIC_FIREBASE_APIKEY}'
NEXT_PUBLIC_MAPBOX_APIKEY='$${NEXT_PUBLIC_MAPBOX_APIKEY}'
NEXT_PUBLIC_BUILD_ID='$$VERSION'
NEXT_PUBLIC_OAUTH_CLIENT_ID='$${NEXT_PUBLIC_OAUTH_CLIENT_ID}'
NEXT_PUBLIC_FIRESTORE_DB="$${NEXT_PUBLIC_FIRESTORE_DB}"
AUTH_SECRET='$${AUTH_SECRET}'
EOF
echo "Environment:"
cat .env.local
id: env
entrypoint: bash
secretEnv:
- NEXT_PUBLIC_FIREBASE_APIKEY
- NEXT_PUBLIC_MAPBOX_APIKEY
- NEXT_PUBLIC_OAUTH_CLIENT_ID
- AUTH_SECRET
- name: gcr.io/cloud-builders/docker
args:
- "-c"
- |
set -eo pipefail
source .version
docker pull $_IMAGE:latest || echo "no latest image"
docker pull $_IMAGE:$$VERSION_TAG || echo "no $$VERSION_TAG image"
docker build -t $_IMAGE:$$VERSION --cache-from=$_IMAGE:latest --cache-from=$_IMAGE:$$VERSION_TAG .
docker tag $_IMAGE:$$VERSION $_IMAGE:latest
docker tag $_IMAGE:$$VERSION $_IMAGE:$$VERSION_TAG
docker push $_IMAGE:$$VERSION
docker push $_IMAGE:latest
docker push $_IMAGE:$$VERSION_TAG
id: docker_build
entrypoint: bash
secretEnv:
- NEXT_PUBLIC_FIREBASE_APIKEY
- NEXT_PUBLIC_MAPBOX_APIKEY
- NEXT_PUBLIC_OAUTH_CLIENT_ID
- name: gcr.io/cloud-builders/gcloud
args:
- "-c"
- |
# deploy to cloud run
set -eo pipefail
source .version
# only deploy on main branch and tags
# if [[ "$BRANCH_NAME" == "main" || -n "$TAG_NAME" ]]; then
gcloud run deploy $_SERVICE_NAME \
--allow-unauthenticated \
--image $_IMAGE:$$VERSION \
--execution-environment gen2 \
--max-instances=2 --region europe-west4 \
--tag=$${VERSION_TAG} \
--service-account=$_RUN_SERVICE_ACCOUNT \
--update-secrets="NEXT_PUBLIC_FIREBASE_APIKEY=NEXT_PUBLIC_FIREBASE_APIKEY:latest,NEXT_PUBLIC_MAPBOX_APIKEY=NEXT_PUBLIC_MAPBOX_APIKEY:latest,AUTH_SECRET=AUTH_SECRET:latest,EINSATZMAPPE_SHEET_ID=EINSATZMAPPE_SHEET_ID:latest,EINSATZMAPPE_SHEET_RANGE=EINSATZMAPPE_SHEET_RANGE:latest" \
${_RUN_ARGS}
# fi
id: cloudrun_deploy
entrypoint: bash
env:
- TAG_NAME=$TAG_NAME
- BRANCH_NAME=$BRANCH_NAME
secretEnv:
- NEXT_PUBLIC_FIREBASE_APIKEY
- NEXT_PUBLIC_MAPBOX_APIKEY
- NEXT_PUBLIC_OAUTH_CLIENT_ID
timeout: 1800s
substitutions:
_SERVICE_NAME: hydrantenmap-dev
_IMAGE: europe-west3-docker.pkg.dev/$PROJECT_ID/hydrantenkarte/hydrantenmap/dev
_NEXT_PUBLIC_FIRESTORE_DB: "ffndev"
_RUN_ARGS: ""
_RUN_SERVICE_ACCOUNT: "hydrantenmap@$PROJECT_ID.iam.gserviceaccount.com"
availableSecrets:
secretManager:
- versionName: projects/$PROJECT_ID/secrets/NEXT_PUBLIC_FIREBASE_APIKEY/versions/latest
env: NEXT_PUBLIC_FIREBASE_APIKEY
- versionName: projects/$PROJECT_ID/secrets/NEXT_PUBLIC_MAPBOX_APIKEY/versions/latest
env: NEXT_PUBLIC_MAPBOX_APIKEY
- versionName: projects/$PROJECT_ID/secrets/NEXT_PUBLIC_OAUTH_CLIENT_ID/versions/latest
env: NEXT_PUBLIC_OAUTH_CLIENT_ID
- versionName: projects/$PROJECT_ID/secrets/AUTH_SECRET/versions/latest
env: AUTH_SECRET
options:
logging: CLOUD_LOGGING_ONLY
substitutionOption: ALLOW_LOOSE