-
Notifications
You must be signed in to change notification settings - Fork 7
130 lines (106 loc) · 3.64 KB
/
docker-gcp.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: docker-gcp
on:
push:
tags:
- "*"
branches:
- main
# Run builds for any PRs.
pull_request:
types:
- opened
- synchronize
- reopened
paths-ignore:
- "examples/**"
- "img/**"
workflow_dispatch:
env:
# e.g. projects/123456789/locations/global/workloadIdentityPools/github-actions/providers/github-actions
WORKLOAD_IDENTITY_PROVIDER: "projects/270340932667/locations/global/workloadIdentityPools/gitpanda/providers/github-actions"
# e.g. terraform@GCP_PROJECT_ID.iam.gserviceaccount.com
SERVICE_ACCOUNT_EMAIL: "deployer@gitpanda.iam.gserviceaccount.com"
permissions:
contents: read
id-token: write
jobs:
build_and_push:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
us-docker.pkg.dev/gitpanda/gitpanda/app
tags: |
type=sha,format=long
type=edge,branch=main
type=ref,event=tag
- id: auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.SERVICE_ACCOUNT_EMAIL }}
token_format: access_token
- uses: docker/login-action@v3
with:
registry: asia-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- name: Login to Artifact Registry
run: echo '${{ steps.auth.outputs.access_token }}' | docker login -u oauth2accesstoken --password-stdin https://us-docker.pkg.dev
- name: Build and push
id: build
uses: docker/build-push-action@v6
with:
context: .
push: ${{ (github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main')) || github.event_name == 'workflow_dispatch' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Test image
run: docker run --rm ${IMAGE_ID} -version
env:
IMAGE_ID: ${{ steps.build.outputs.imageid }}
- name: Slack Notification
uses: act10ns/slack@v2
if: always()
continue-on-error: true
with:
status: ${{ job.status }}
webhook-url: ${{ secrets.SLACK_WEBHOOK }}
deploy_to_cloud_run:
needs:
- build_and_push
if: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch' }}
runs-on: ubuntu-latest
environment: production
concurrency: production
steps:
- name: Checkout
uses: actions/checkout@v4
- id: auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.SERVICE_ACCOUNT_EMAIL }}
- name: Replace __GITHUB_SHA__ in .github/cloud_run-service.yml
run: |
sed -i "s/__GITHUB_SHA__/${GITHUB_SHA}/g" .github/cloud_run-service.yml
grep "docker.pkg.dev" .github/cloud_run-service.yml
- id: deploy
uses: google-github-actions/deploy-cloudrun@v2
with:
region: us-central1
metadata: .github/cloud_run-service.yml
- name: Slack Notification
uses: act10ns/slack@v2
if: always()
continue-on-error: true
with:
status: ${{ job.status }}
webhook-url: ${{ secrets.SLACK_WEBHOOK }}