-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (136 loc) · 5.74 KB
/
cloud-run.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: 'Cloud Run'
on:
push:
branches:
- main
tags:
- 'v*'
pull_request:
branches:
- main
workflow_dispatch: {}
repository_dispatch:
types:
- deploy
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
cloudrun:
name: 'Cloud Run'
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
pull-requests: write # Write contents to the PR
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
env:
DEBIAN_FRONTEND: noninteractive
NEXT_PUBLIC_FIREBASE_APIKEY: ${{ secrets.NEXT_PUBLIC_FIREBASE_APIKEY }}
NEXT_PUBLIC_MAPBOX_APIKEY: ${{ secrets.NEXT_PUBLIC_MAPBOX_APIKEY }}
NEXT_PUBLIC_OAUTH_CLIENT_ID: ${{ secrets.NEXT_PUBLIC_OAUTH_CLIENT_ID }}
NEXT_PUBLIC_FIRESTORE_DB: ${{ vars.NEXT_PUBLIC_FIRESTORE_DB }}
GOOGLE_CLOUD_PROJECT: ${{ vars.GOOGLE_CLOUD_PROJECT }}
AUTH_SECRET: ${{ secrets.AUTH_SECRET }}
RUN_SERVICE: ${{ vars.RUN_SERVICE}}
RUN_REGION: ${{ vars.RUN_REGION }}
RUN_SERVICE_ACCOUNT: ${{ secrets.RUN_SERVICE_ACCOUNT}}
CLOUDSDK_CORE_PROJECT: ${{ vars.CLOUDSDK_CORE_PROJECT }}
CLOUDSDK_COMPUTE_REGION: ${{ vars.CLOUDSDK_COMPUTE_REGION }}
IMAGE: ${{ vars.IMAGE }}
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} # this is the output provider_name from the TF module
service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT }} # this is a SA email configured
export_environment_variables: 'true'
- name: 'Set up Cloud SDK'
uses: google-github-actions/setup-gcloud@v2
- name: Setup env
shell: bash
id: env
run: |
# write env file
set -eo pipefail
VERSION=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
VERSION_TAG=$(echo ${VERSION} | tr '[:upper:]' '[:lower:]'} | sed -r 's@[^a-zA-Z0-9_-]+@-@g' )
VERSION_TAG=$(echo -n ${VERSION_TAG:0:30} | sed 's@-$@@')
export NEXTAUTH_URL="https://hydrantenmap-dev-xrhhpxsnva-ez.a.run.app/"
if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then
export NEXT_PUBLIC_FIRESTORE_DB=""
export RUN_SERVICE=$(echo -n "${RUN_SERVICE}" | sed 's/-dev$//')
export NEXTAUTH_URL="https://hydrant.ffnd.at"
fi
if [[ "${NEXT_PUBLIC_FIRESTORE_DB}" == "default" ]]; then
# set to empty string
export NEXT_PUBLIC_FIRESTORE_DB=""
fi
echo "Environment:"
cat <<EOF | tee -a $GITHUB_ENV | tee -a $GITHUB_OUTPUT
VERSION=${VERSION}
VERSION_TAG=${VERSION_TAG}
RUN_SERVICE=${RUN_SERVICE}
RUN_REGION=${RUN_REGION}
NEXT_PUBLIC_FIRESTORE_DB=${NEXT_PUBLIC_FIRESTORE_DB}
IMAGE=${IMAGE}
IMAGE_TAG=${IMAGE}:${VERSION_TAG}
NEXTAUTH_URL=${NEXTAUTH_URL}
NEXTAUTH_URL_INTERNAL=http://localhost:8080
EOF
cat >.env.local <<EOF
NEXT_PUBLIC_FIREBASE_APIKEY='${NEXT_PUBLIC_FIREBASE_APIKEY}'
NEXT_PUBLIC_MAPBOX_APIKEY='${NEXT_PUBLIC_MAPBOX_APIKEY}'
NEXT_PUBLIC_BUILD_ID='$VERSION'
NEXT_PUBLIC_OAUTH_CLIENT_ID='${NEXT_PUBLIC_OAUTH_CLIENT_ID}'
NEXT_PUBLIC_FIRESTORE_DB="${NEXT_PUBLIC_FIRESTORE_DB}"
AUTH_SECRET='${AUTH_SECRET}'
NEXTAUTH_URL='${NEXTAUTH_URL}'
NEXTAUTH_URL_INTERNAL=http://localhost:8080
EOF
# - id: 'deploy'
# uses: 'google-github-actions/deploy-cloudrun@v2'
# with:
# service: ${{vars.RUN_SERVICE}}
# image: ${{ steps.env.outputs.IMAGE_TAG}}
# region: ${{vars.RUN_REGION}}
# project_id: ${{vars.CLOUDSDK_CORE_PROJECT}}
# tag: ${{steps.env.outputs.VERSION_TAG}}
# # service account is not available
# # service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT}}
# secrets: |-
# NEXT_PUBLIC_FIREBASE_APIKEY=NEXT_PUBLIC_FIREBASE_APIKEY:latest
# NEXT_PUBLIC_MAPBOX_APIKEY=NEXT_PUBLIC_MAPBOX_APIKEY:latest
# AUTH_SECRET=AUTH_SECRET:latest
# EINSATZMAPPE_SHEET_ID=EINSATZMAPPE_SHEET_ID:latest,EINSATZMAPPE_SHEET_RANGE=EINSATZMAPPE_SHEET_RANGE:latest
- id: image
name: Build image
run: |
set -eo pipefail
gcloud auth configure-docker ${RUN_REGION}-docker.pkg.dev --quiet
docker build . --tag ${IMAGE_TAG}
docker push ${IMAGE_TAG}
- id: deploy
name: deploy to Cloud Run
run: |
set -eo pipefail
gcloud run deploy $RUN_SERVICE \
--allow-unauthenticated \
--image $IMAGE_TAG \
--execution-environment gen2 \
--max-instances=2 --region $RUN_REGION \
--tag=${VERSION_TAG} \
--service-account=$RUN_SERVICE_ACCOUNT \
--update-secrets="NEXT_PUBLIC_FIREBASE_APIKEY=NEXT_PUBLIC_FIREBASE_APIKEY:latest,NEXT_PUBLIC_MAPBOX_APIKEY=NEXT_PUBLIC_MAPBOX_APIKEY:latest,AUTH_SECRET=AUTH_SECRET:latest,EINSATZMAPPE_SHEET_ID=EINSATZMAPPE_SHEET_ID:latest,EINSATZMAPPE_SHEET_RANGE=EINSATZMAPPE_SHEET_RANGE:latest" \
--update-env-vars="NEXTAUTH_URL=${NEXTAUTH_URL},NEXTAUTH_URL_INTERNAL=http://localhost:8080" \
${RUN_ARGS}