Build and Deploy Production App #33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Adapted from: https://github.com/actions/starter-workflows/blob/main/deployments/google.yml | |
| name: Build and Deploy Production App | |
| on: | |
| workflow_run: | |
| workflows: ["Continuous Integration"] # Run only after CI passes | |
| types: [completed] | |
| branches: | |
| - prod | |
| env: | |
| PROJECT_ID: peerprep-group11-prod | |
| ARTIFACT_REPOSITORY_NAME: codeparty-prod-images | |
| GKE_CLUSTER: codeparty-g11-prod # Add your cluster name here. | |
| GKE_REGION: asia-southeast1 # Add your cluster zone here. | |
| FIREBASE_SERVICE_ACCOUNT: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_PROD }} | |
| PRISMA_DATABASE_URL: ${{ secrets.PRISMA_DATABASE_URL_PROD }} | |
| MONGO_ATLAS_URL: ${{ secrets.MONGO_ATLAS_URL_PROD }} | |
| NEXT_PUBLIC_FRONTEND_FIREBASE_CONFIG: ${{ secrets.FRONTEND_FIREBASE_CONFIG_PROD }} | |
| TWILIO_ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }} | |
| TWILIO_API_KEY: ${{ secrets.TWILIO_API_KEY }} | |
| TWILIO_API_SECRET: ${{ secrets.TWILIO_API_SECRET }} | |
| jobs: | |
| setup-build-publish-deploy: | |
| name: Setup, Build, Publish, and Deploy | |
| runs-on: ubuntu-latest | |
| environment: production | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - id: 'auth' | |
| name: Authenticate to Google Cloud | |
| uses: 'google-github-actions/auth@v1' | |
| with: | |
| token_format: 'access_token' | |
| workload_identity_provider: projects/345207492413/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-oidc | |
| service_account: 'github-actions-service@peerprep-group11-prod.iam.gserviceaccount.com' | |
| # Setup gcloud CLI | |
| - name: Setup Google Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v1 | |
| # Configure Docker to login to google cloud | |
| - name: Configure Docker | |
| run: |- | |
| echo ${{steps.auth.outputs.access_token}} | docker login -u oauth2accesstoken --password-stdin https://$GKE_REGION-docker.pkg.dev | |
| # Get the GKE credentials so that we can deploy to the cluster | |
| - name: Get Google Kubernetes Engine credentials for production | |
| uses: google-github-actions/get-gke-credentials@v1 | |
| with: | |
| cluster_name: ${{ env.GKE_CLUSTER }} | |
| location: ${{ env.GKE_REGION }} | |
| # Copy the JSON secrets (Firebase configs) into JSON files | |
| - name: Copy JSON secrets into JSON files | |
| run: |- | |
| echo -n "$FIREBASE_SERVICE_ACCOUNT" > ./firebase_service_account.json | |
| echo -n "$NEXT_PUBLIC_FRONTEND_FIREBASE_CONFIG" > ./next_public_frontend_firebase_config.json | |
| # Set the secrets that are used as env variables in the manifest files | |
| - name: Set kubectl secrets | |
| run: |- | |
| kubectl delete secret firebase-service-account \ | |
| --ignore-not-found | |
| kubectl create secret generic firebase-service-account \ | |
| --from-file=firebase-service-account=./firebase_service_account.json | |
| kubectl delete secret prisma-database-url \ | |
| --ignore-not-found | |
| kubectl create secret generic prisma-database-url \ | |
| --from-literal=prisma-database-url=$PRISMA_DATABASE_URL | |
| kubectl delete secret mongo-atlas-url \ | |
| --ignore-not-found | |
| kubectl create secret generic mongo-atlas-url \ | |
| --from-literal=mongo-atlas-url=$MONGO_ATLAS_URL | |
| kubectl delete secret frontend-firebase-config \ | |
| --ignore-not-found | |
| kubectl create secret generic frontend-firebase-config \ | |
| --from-file=frontend-firebase-config=./next_public_frontend_firebase_config.json | |
| kubectl delete secret twilio-account-sid \ | |
| --ignore-not-found | |
| kubectl create secret generic twilio-account-sid \ | |
| --from-literal=twilio-account-sid=$TWILIO_ACCOUNT_SID | |
| kubectl delete secret twilio-api-key \ | |
| --ignore-not-found | |
| kubectl create secret generic twilio-api-key \ | |
| --from-literal=twilio-api-key=$TWILIO_API_KEY | |
| kubectl delete secret twilio-api-secret \ | |
| --ignore-not-found | |
| kubectl create secret generic twilio-api-secret \ | |
| --from-literal=twilio-api-secret=$TWILIO_API_SECRET | |
| # Remove the JSON files | |
| - name: Delete JSON files | |
| if: ${{ always() }} | |
| run: |- | |
| rm ./firebase_service_account.json | |
| rm ./next_public_frontend_firebase_config.json | |
| # Install the dependencies such as prisma | |
| - name: Install dependencies with immutable lockfile | |
| run: yarn install --frozen-lockfile | |
| # Apply prisma migrations to production prisma database | |
| - name: Apply prisma database migrations | |
| run: |- | |
| yarn prisma migrate deploy | |
| # Build the Docker images and push to Google Artifact Repository | |
| - name: Build and push Docker images | |
| run: |- | |
| chmod u+x ./build-prod-images.sh | |
| ./build-prod-images.sh | |
| working-directory: ./deployment | |
| # Deploy the Docker images to the GKE cluster | |
| - name: Deploy production application | |
| run: |- | |
| kubectl apply -f ./gke-prod-manifests | |
| kubectl rollout status deployment | |
| kubectl get services -o wide | |
| working-directory: ./deployment |