Skip to content

Merge pull request #173 from r00tat/bugfix/redirect #59

Merge pull request #173 from r00tat/bugfix/redirect

Merge pull request #173 from r00tat/bugfix/redirect #59

Workflow file for this run

name: 'Cloud Run'
on:
push:
branches:
- main
tags:
- 'v*'
pull_request:
branches:
- main
workflow_dispatch: {}
repository_dispatch:
types:
- deploy
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
cloudrun:
name: 'Cloud Run'
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
pull-requests: write # Write contents to the PR
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
env:
DEBIAN_FRONTEND: noninteractive
NEXT_PUBLIC_FIREBASE_APIKEY: ${{ secrets.NEXT_PUBLIC_FIREBASE_APIKEY }}
NEXT_PUBLIC_MAPBOX_APIKEY: ${{ secrets.NEXT_PUBLIC_MAPBOX_APIKEY }}
NEXT_PUBLIC_OAUTH_CLIENT_ID: ${{ secrets.NEXT_PUBLIC_OAUTH_CLIENT_ID }}
NEXT_PUBLIC_FIRESTORE_DB: ${{ vars.NEXT_PUBLIC_FIRESTORE_DB }}
GOOGLE_CLOUD_PROJECT: ${{ vars.GOOGLE_CLOUD_PROJECT }}
AUTH_SECRET: ${{ secrets.AUTH_SECRET }}
RUN_SERVICE: ${{ vars.RUN_SERVICE}}
RUN_REGION: ${{ vars.RUN_REGION }}
RUN_SERVICE_ACCOUNT: ${{ secrets.RUN_SERVICE_ACCOUNT}}
CLOUDSDK_CORE_PROJECT: ${{ vars.CLOUDSDK_CORE_PROJECT }}
CLOUDSDK_COMPUTE_REGION: ${{ vars.CLOUDSDK_COMPUTE_REGION }}
IMAGE: ${{ vars.IMAGE }}
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} # this is the output provider_name from the TF module
service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT }} # this is a SA email configured
export_environment_variables: 'true'
- name: 'Set up Cloud SDK'
uses: google-github-actions/setup-gcloud@v2
- name: Setup env
shell: bash
id: env
run: |
# write env file
set -eo pipefail
VERSION=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
VERSION_TAG=$(echo ${VERSION} | tr '[:upper:]' '[:lower:]'} | sed -r 's@[^a-zA-Z0-9_-]+@-@g' )
VERSION_TAG=$(echo -n ${VERSION_TAG:0:30} | sed 's@-$@@')
export NEXTAUTH_URL="https://hydrantenmap-dev-xrhhpxsnva-ez.a.run.app/"
if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then
export NEXT_PUBLIC_FIRESTORE_DB=""
export RUN_SERVICE=$(echo -n "${RUN_SERVICE}" | sed 's/-dev$//')
export NEXTAUTH_URL="https://hydrant.ffnd.at"
fi
if [[ "${NEXT_PUBLIC_FIRESTORE_DB}" == "default" ]]; then
# set to empty string
export NEXT_PUBLIC_FIRESTORE_DB=""
fi
echo "Environment:"
cat <<EOF | tee -a $GITHUB_ENV | tee -a $GITHUB_OUTPUT
VERSION=${VERSION}
VERSION_TAG=${VERSION_TAG}
RUN_SERVICE=${RUN_SERVICE}
RUN_REGION=${RUN_REGION}
NEXT_PUBLIC_FIRESTORE_DB=${NEXT_PUBLIC_FIRESTORE_DB}
IMAGE=${IMAGE}
IMAGE_TAG=${IMAGE}:${VERSION_TAG}
NEXTAUTH_URL=${NEXTAUTH_URL}
NEXTAUTH_URL_INTERNAL=http://localhost:8080
EOF
cat >.env.local <<EOF
NEXT_PUBLIC_FIREBASE_APIKEY='${NEXT_PUBLIC_FIREBASE_APIKEY}'
NEXT_PUBLIC_MAPBOX_APIKEY='${NEXT_PUBLIC_MAPBOX_APIKEY}'
NEXT_PUBLIC_BUILD_ID='$VERSION'
NEXT_PUBLIC_OAUTH_CLIENT_ID='${NEXT_PUBLIC_OAUTH_CLIENT_ID}'
NEXT_PUBLIC_FIRESTORE_DB="${NEXT_PUBLIC_FIRESTORE_DB}"
AUTH_SECRET='${AUTH_SECRET}'
NEXTAUTH_URL='${NEXTAUTH_URL}'
NEXTAUTH_URL_INTERNAL=http://localhost:8080
EOF
# - id: 'deploy'
# uses: 'google-github-actions/deploy-cloudrun@v2'
# with:
# service: ${{vars.RUN_SERVICE}}
# image: ${{ steps.env.outputs.IMAGE_TAG}}
# region: ${{vars.RUN_REGION}}
# project_id: ${{vars.CLOUDSDK_CORE_PROJECT}}
# tag: ${{steps.env.outputs.VERSION_TAG}}
# # service account is not available
# # service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT}}
# secrets: |-
# NEXT_PUBLIC_FIREBASE_APIKEY=NEXT_PUBLIC_FIREBASE_APIKEY:latest
# NEXT_PUBLIC_MAPBOX_APIKEY=NEXT_PUBLIC_MAPBOX_APIKEY:latest
# AUTH_SECRET=AUTH_SECRET:latest
# EINSATZMAPPE_SHEET_ID=EINSATZMAPPE_SHEET_ID:latest,EINSATZMAPPE_SHEET_RANGE=EINSATZMAPPE_SHEET_RANGE:latest
- id: image
name: Build image
run: |
set -eo pipefail
gcloud auth configure-docker ${RUN_REGION}-docker.pkg.dev --quiet
docker build . --tag ${IMAGE_TAG}
docker push ${IMAGE_TAG}
- id: deploy
name: deploy to Cloud Run
run: |
set -eo pipefail
gcloud run deploy $RUN_SERVICE \
--allow-unauthenticated \
--image $IMAGE_TAG \
--execution-environment gen2 \
--max-instances=2 --region $RUN_REGION \
--tag=${VERSION_TAG} \
--service-account=$RUN_SERVICE_ACCOUNT \
--update-secrets="NEXT_PUBLIC_FIREBASE_APIKEY=NEXT_PUBLIC_FIREBASE_APIKEY:latest,NEXT_PUBLIC_MAPBOX_APIKEY=NEXT_PUBLIC_MAPBOX_APIKEY:latest,AUTH_SECRET=AUTH_SECRET:latest,EINSATZMAPPE_SHEET_ID=EINSATZMAPPE_SHEET_ID:latest,EINSATZMAPPE_SHEET_RANGE=EINSATZMAPPE_SHEET_RANGE:latest" \
--update-env-vars="NEXTAUTH_URL=${NEXTAUTH_URL},NEXTAUTH_URL_INTERNAL=http://localhost:8080" \
${RUN_ARGS}