-
Notifications
You must be signed in to change notification settings - Fork 0
141 lines (127 loc) · 4.6 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: Release Events
on:
release:
types: [published]
concurrency:
group: "${{ github.head_ref || github.ref }}"
cancel-in-progress: true
jobs:
deploy-prod:
runs-on: ubuntu-latest
if: github.event.release.prerelease == false
permissions:
id-token: write
deployments: write
environment:
name: prod
steps:
- name: ⬇️ Set up code
uses: actions/checkout@v4
with:
show-progress: false
- name: 🗝️ Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
create_credentials_file: true
token_format: access_token
workload_identity_provider: ${{ secrets.IDENTITY_PROVIDER }}
service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
- name: 🐳 Set up Docker Buildx
id: builder
uses: docker/setup-buildx-action@v3
- name: 🗝️ Authenticate Docker to Google Cloud
uses: docker/login-action@v3
with:
registry: us-central1-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- name: 🏷️ Extract tags from GitHub
id: meta
uses: docker/metadata-action@v5
with:
images: us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/app
tags: |
type=ref,suffix=-{{sha}},event=branch
type=ref,prefix=pr-,suffix=-{{sha}},event=pr
type=semver,pattern={{version}}
type=raw,value=latest
- name: 📦 Build and push image
uses: docker/build-push-action@v6
with:
builder: ${{ steps.builder.outputs.name }}
tags: ${{ steps.meta.outputs.tags }}
provenance: false
context: .
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
- name: 🔍️ Set Image Name
run: |
IMAGE_ID=$(echo $DOCKER_METADATA_OUTPUT_TAGS | cut -d ' ' -f 1)
echo "IMAGE_ID=$IMAGE_ID" >> $GITHUB_ENV
- name: 🚀 Deploy to Cloud Run
id: deploy
uses: google-github-actions/deploy-cloudrun@v2
with:
service: app
image: ${{ env.IMAGE_ID }}
region: us-west3
flags: |
--service-account=cloud-run-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
--vpc-connector=${{ secrets.VPC }}
--vpc-egress=all-traffic
--max-instances=1
--concurrency=1
--cpu=1
--memory=512Mi
--timeout=30m
env_vars: LOG_LEVEL=INFO
secrets: |
/secrets/db/connection=database-connections:latest
- name: 🕰️ Create cloud scheduler
run: |
if [ ! "$(gcloud scheduler jobs list --location=us-west3 | grep app)" ]; then
gcloud scheduler jobs create http app \
--description="Trigger the app bot once a week on monday morning" \
--schedule="0 0 * * *" \
--time-zone=America/Denver \
--uri=$(gcloud run services describe app --region us-west3 --format 'value(status.url)')/scheduled \
--http-method=POST \
--max-retry-attempts=0 \
--min-backoff=30m \
--max-backoff=1h \
--max-doublings=1 \
--attempt-deadline=30m \
--oidc-service-account-email=cloud-scheduler-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com \
--location=us-west3 \
--quiet
else
gcloud scheduler jobs update http app \
--description="Trigger the app bot once a week on monday morning" \
--schedule="0 0 * * *" \
--time-zone=America/Denver \
--uri=$(gcloud run services describe app --region us-west3 --format 'value(status.url)')/scheduled \
--http-method=POST \
--max-retry-attempts=0 \
--min-backoff=30m \
--max-backoff=1h \
--max-doublings=1 \
--attempt-deadline=30m \
--oidc-service-account-email=cloud-scheduler-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com \
--location=us-west3 \
--quiet
fi
notify:
name: Comment on issues
runs-on: ubuntu-latest
needs: [deploy-prod]
permissions:
contents: read
pull-requests: write
issues: write
steps:
- name: 💬 Comment on issues in release
uses: agrc/release-issue-notifications-action@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}