Skip to content

ar(feat) [DPTM-8] [DPCP-88] [DPCP-81] [DPCP-118] Dockerize and GCP #52

ar(feat) [DPTM-8] [DPCP-88] [DPCP-81] [DPCP-118] Dockerize and GCP

ar(feat) [DPTM-8] [DPCP-88] [DPCP-81] [DPCP-118] Dockerize and GCP #52

name: hypnos::deploy_prod
# on:
# push:
# branches:
# - main
on:
pull_request:
branches:
- dev
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
REGION: europe-west2
GAR_LOCATION: europe-west2-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/chain-service/
jobs:
build-and-push-image:
name: hypnos::build_and_push::docker_image
runs-on: ubuntu-24.04
permissions:
contents: read
packages: write
attestations: write
id-token: write
steps:
- name: hypnos::deploy_prod::docker::Checkout repository
uses: actions/checkout@v4
- name: hypnos::deploy_prod::docker::Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: hypnos::deploy_prod::docker::Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: hypnos::deploy_prod::docker::Build and push Docker image
id: push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
API_URL=${{ secrets.API_URL_PROD }}
APPLE_CLIENT_ID=${{ secrets.APPLE_CLIENT_ID_PROD }}
APPLE_CLIENT_SECRET=${{ secrets.APPLE_CLIENT_SECRET_PROD }}
AUTH_SECRET=${{ secrets.AUTH_SECRET_PROD }}
AUTH_TRUST_HOST=${{ secrets.AUTH_TRUST_HOST_PROD }}
AUTH_URL=${{ secrets.AUTH_URL_PROD }}
EMAIL_FROM=${{ secrets.EMAIL_FROM_PROD }}
EMAIL_SERVER=${{ secrets.EMAIL_SERVER_PROD }}
FACEBOOK_CLIENT_ID=${{ secrets.FACEBOOK_CLIENT_ID_PROD }}
FACEBOOK_CLIENT_SECRET=${{ secrets.FACEBOOK_CLIENT_SECRET_PROD }}
GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID_PROD }}
GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET_PROD }}
INSTAGRAM_CLIENT_ID=${{ secrets.INSTAGRAM_CLIENT_ID_PROD }}
INSTAGRAM_CLIENT_SECRET=${{ secrets.INSTAGRAM_CLIENT_SECRET_PROD }}
KV_REST_API_READ_ONLY_TOKEN=${{ secrets.KV_REST_API_READ_ONLY_TOKEN_PROD }}
KV_REST_API_TOKEN=${{ secrets.KV_REST_API_TOKEN_PROD }}
KV_REST_API_URL=${{ secrets.KV_REST_API_URL_PROD }}
KV_URL=${{ secrets.KV_URL_PROD }}
MAIN_URL=${{ secrets.MAIN_URL_PROD }}
MONGODB_DATABASE=${{ secrets.MONGODB_DATABASE_PROD }}
MONGODB_DEFAULT_ORG=${{ secrets.MONGODB_DEFAULT_ORG_PROD }}
MONGODB_ORGS_DATABASE=${{ secrets.MONGODB_ORGS_DATABASE_PROD }}
MONGODB_PRIVATE_URI=${{ secrets.MONGODB_PRIVATE_URI_PROD }}
MONGODB_PUBLIC_URI=${{ secrets.MONGODB_PUBLIC_URI_PROD }}
MONGODB_USERS_DATABASE=${{ secrets.MONGODB_USERS_DATABASE_PROD }}
NEXUS_KEEPALIVE=${{ secrets.NEXUS_KEEPALIVE_PROD }}
NEXUS_MODE=${{ secrets.NEXUS_MODE_PROD }}
NEXUS_STANDALONE=true
PRISMA_PRIVATE_URI=${{ secrets.MONGODB_PRIVATE_URI_PROD }}
PRISMA_PUBLIC_URI=${{ secrets.MONGODB_PUBLIC_URI_PROD }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
# deploy-to-gcp-cloud-run:
# name: hypnos::deploy_prod::push_to_gcp::cloud_run
# runs-on: ubuntu-latest
# steps:
# - name: hypnos::deploy_prod::gcp::Checkout repository
# uses: actions/checkout@v3
# - name: hypnos::deploy_prod::gcp::Set Docker image tag
# id: set_tag
# run: echo "::set-output name=tag::${GITHUB_REF#refs/tags/}"
# - name: hypnos::deploy_prod::gcp::Set up Google Cloud SDK
# uses: google-github-actions/setup-gcloud@v0.3.0
# with:
# service_account_email: ${{ secrets.GCP_SA_EMAIL }}
# service_account_key: ${{ secrets.GCP_SA_KEY }}
# export_default_credentials: true
# project_id: ${{ secrets.GCP_PROJECT_ID }}
# - name: hypnos::deploy_prod::gcp::Log in to the Container registry
# uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
# with:
# registry: ${{ env.REGISTRY }}
# username: ${{ github.actor }}
# password: ${{ secrets.GITHUB_TOKEN }}
# - name: hypnos::deploy_prod::gcp::Deploy to Cloud Run
# run: gcloud run deploy chain-service --image ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} \
# --platform managed --region europe-west2 --concurrency 1 \
# --min-instances 1 --max-instances 1 \
# # --vpc-connector= \
# # --set-secrets=
# deploy-to-gcp-vm:
# needs: build-and-push-image
# name: hypnos::deploy_prod::push_to_gcp::vm
# runs-on: ubuntu-latest
# steps:
# - name: hypnos::deploy_prod::gcp::Checkout repository
# uses: actions/checkout@v3
# - name: hypnos::deploy_prod::gcp::Set Docker image tag
# id: set_tag
# run: echo "::set-output name=tag::${GITHUB_REF#refs/tags/}"
# - name: hypnos::deploy_prod::gcp::Set up Google Cloud SDK
# uses: google-github-actions/setup-gcloud@v0.3.0
# with:
# service_account_email: ${{ secrets.GCP_SA_EMAIL }}
# service_account_key: ${{ secrets.GCP_SA_KEY }}
# export_default_credentials: true
# project_id: ${{ secrets.GCP_PROJECT_ID }}
# - name: hypnos::deploy_prod::gcp::Log in to the Container registry
# uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
# with:
# registry: ${{ env.REGISTRY }}
# username: ${{ github.actor }}
# password: ${{ secrets.GITHUB_TOKEN }}
# - name: install ssh keys
# # check this thread to understand why its needed:
# # <https://stackoverflow.com/a/70447517>
# run: |
# install -m 600 -D /dev/null ~/.ssh/id_rsa
# echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
# ssh-keyscan -H ${{ secrets.SSH_HOST }} > ~/.ssh/known_hosts
# - name: connect and pull
# run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ secrets.WORK_DIR }} && docker compose pull && docker compose up -d && exit"
# - name: cleanup
# run: rm -rf ~/.ssh