Skip to content

Ticket #199 and ticket #213 (#228) #43

Ticket #199 and ticket #213 (#228)

Ticket #199 and ticket #213 (#228) #43

Workflow file for this run

name: Deploy
on:
push:
branches:
- main
jobs:
build-and-push-image:
name: Build and push image to Google Cloud
permissions:
id-token: write
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Authenticate with Google Cloud
id: auth
uses: google-github-actions/auth@v1
with:
token_format: "access_token"
workload_identity_provider: ${{ secrets.GCS_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCS_SERVICE_ACCOUNT_EMAIL }}
access_token_lifetime: 300s
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- uses: docker/login-action@v1
with:
registry: "${{ secrets.GCS_REGION }}-docker.pkg.dev"
username: "oauth2accesstoken"
password: ${{ steps.auth.outputs.access_token }}
- name: Build and push
uses: docker/build-push-action@v4
with:
push: true
tags: "${{ secrets.GCS_REGION }}-docker.pkg.dev/${{ secrets.GCS_PROJECT_ID }}/${{ secrets.GCS_ARTIFACT_REPO_NAME }}/compass:${{ github.sha }}"
cache-from: type=gha
cache-to: type=gha,mode=max
deploy:
name: Deploy to Google Cloud Run
permissions:
id-token: write
contents: read
needs: build-and-push-image
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./terraform/gcs
steps:
- uses: actions/checkout@v3
- name: Authenticate with Google Cloud
id: auth
uses: google-github-actions/auth@v1
with:
token_format: "access_token"
workload_identity_provider: ${{ secrets.GCS_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCS_SERVICE_ACCOUNT_EMAIL }}
access_token_lifetime: 300s
- uses: hashicorp/setup-terraform@v2
- run: terraform init -backend-config=../backend.hcl
- run: terraform apply -auto-approve -var="project_id=${{ secrets.GCS_PROJECT_ID }}" -var="image=${{ secrets.GCS_REGION }}-docker.pkg.dev/${{ secrets.GCS_PROJECT_ID }}/${{ secrets.GCS_ARTIFACT_REPO_NAME }}/compass:${{ github.sha }}" -var="oauth_client_id=${{ secrets.GCS_OAUTH_CLIENT_ID }}" -var="oauth_client_secret=${{ secrets.GCS_OAUTH_CLIENT_SECRET }}" -var="base_http_endpoint=${{ secrets.GCS_BASE_HTTP_ENDPOINT }}"