generated from dragonfish/node-ts-template
-
Notifications
You must be signed in to change notification settings - Fork 0
199 lines (172 loc) · 5.32 KB
/
cd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
name: CD
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches:
- main
jobs:
build:
name: Build+Push
runs-on: ubuntu-latest
env:
BUF_USER: debkanchan
permissions:
contents: read
id-token: write
strategy:
matrix:
stack: [prod, dev-2]
include:
- stack: prod
project-number: 486946551871
- stack: dev-2
project-number: 785768451767
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version-file: .nvmrc
- name: Cache node_modules
uses: actions/cache@v3.3.1
with:
path: |
**/node_modules
key: |
node-${{ hashfiles('**/package-lock.json') }}
restore-keys: |
node-
- name: Install Packages
run: npm install
- uses: bufbuild/buf-setup-action@v1.24.0
with:
github_token: ${{ github.token }}
- name: Authenticate buf
run: echo ${{ secrets.BUF_TOKEN }} | buf registry login --username ${{ env.BUF_USER }} --token-stdin
- name: Build protobuf
run: buf generate
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: |
asia-south2-docker.pkg.dev/ride-app-${{ matrix.stack }}/docker-registry/wallet-service
tags: |
type=semver,pattern={{version}}
type=sha
type=sha,format=long
flavor: |
latest=true
github-token: ${{ github.token }}
- name: Authenticate To Google Cloud
id: gcp-auth
uses: google-github-actions/auth@v1
with:
token_format: access_token
workload_identity_provider: projects/${{ matrix.project-number }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions-provider
service_account: artifact-registry-admin@ride-app-${{ matrix.stack }}.iam.gserviceaccount.com
- name: Login to GAR
uses: docker/login-action@v2
with:
registry: asia-south2-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.gcp-auth.outputs.access_token }}
- name: Build and Upload
id: docker
uses: docker/build-push-action@v4
with:
context: .
tags: ${{ steps.meta.outputs.tags }}
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
deploy:
name: Deploy
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
strategy:
matrix:
stack: [prod, dev]
include:
- stack: prod
project-number: 486946551871
project-stack: prod
- stack: dev
project-number: 785768451767
project-stack: dev-2
steps:
- name: Checkout Code
uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: .nvmrc
- run: npm install
working-directory: infra
- name: Cache node_modules
uses: actions/cache@v3.3.1
with:
path: |
**/node_modules
key: |
node-${{ hashfiles('**/package-lock.json') }}
restore-keys: |
node-
- name: Authenticate Google Cloud
uses: google-github-actions/auth@v1
with:
workload_identity_provider: projects/${{ matrix.project-number }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions-provider
service_account: cloud-run-service-manager@ride-app-${{ matrix.project-stack }}.iam.gserviceaccount.com
- name: Setup gcloud
uses: google-github-actions/setup-gcloud@v1
- name: Set current sha in pulumi config
run: |
pulumi config set image:tag sha-${{ github.sha }} -s ride/${{ matrix.stack }}
working-directory: infra
- uses: pulumi/actions@v4
with:
work-dir: infra
command: up
stack-name: ride/${{ matrix.stack }}
refresh: true
deploy-cloud-function:
name: Deploy Cloud Function
runs-on: ubuntu-latest
strategy:
matrix:
stack: [prod, dev]
include:
- stack: prod
project-suffix: prod
- stack: dev
project-suffix: dev-2
env:
npm_config_yes: true
steps:
- name: Checkout Code
uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: .nvmrc
- run: npm install
working-directory: functions/functions
- name: Cache node_modules
uses: actions/cache@v3.3.1
with:
path: |
**/node_modules
key: |
node-${{ hashfiles('functions/function/package-lock.json') }}
restore-keys: |
node-
- run: npx firebase-tools deploy --only functions --project ride-app-${{ matrix.project-suffix }} --token ${{ secrets.FIREBASE_TOKEN }}
working-directory: functions