generated from CS3219-AY2324S1/course-assessment-template
-
Notifications
You must be signed in to change notification settings - Fork 3
92 lines (78 loc) · 3.45 KB
/
production.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# Adapted from: https://github.com/actions/starter-workflows/blob/main/deployments/google.yml
name: Build and Deploy Production App
on:
workflow_run:
workflows: ["Continuous Integration"] # Run only after CI passes
types: [completed]
branches:
- prod
env:
PROJECT_ID: peerprep-group11-prod
ARTIFACT_REPOSITORY_NAME: codeparty-prod-images
GKE_CLUSTER: codeparty-g11-prod # Add your cluster name here.
GKE_REGION: asia-southeast1 # Add your cluster zone here.
FIREBASE_SERVICE_ACCOUNT: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_PROD }}
PRISMA_DATABASE_URL: ${{ secrets.PRISMA_DATABASE_URL_PROD }}
MONGO_ATLAS_URL: ${{ secrets.MONGO_ATLAS_URL_PROD }}
FRONTEND_FIREBASE_CONFIG: ${{ secrets.FRONTEND_FIREBASE_CONFIG_PROD }}
jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish, and Deploy
runs-on: ubuntu-latest
environment: production
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Authenticate to Google Cloud
uses: 'google-github-actions/auth@v1'
with:
workload_identity_provider: projects/345207492413/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-oidc
service_account: 'github-actions-service@peerprep-group11-prod.iam.gserviceaccount.com'
# Setup gcloud CLI
- name: Setup Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
# Configure Docker to use the gcloud command-line tool as a credential
# helper for authentication
- name: Configure Docker to use gcloud
run: |-
gcloud --quiet auth configure-docker
# Get the GKE credentials so that we can deploy to the cluster
- name: Get Google Kubernetes Engine credentials for production
uses: google-github-actions/get-gke-credentials@v1
with:
cluster_name: ${{ env.GKE_CLUSTER }}
location: ${{ env.GKE_REGION }}
# Install the dependencies such as prisma
- name: Install dependencies with immutable lockfile
run: yarn install --frozen-lockfile
# Apply prisma migrations to production prisma database
- name: Apply prisma database migrations
run: |-
yarn prisma migrate deploy
# Build the Docker images and push to Google Artifact Repository
- name: Build and push Docker images
run: |-
chmod u+x ./build-prod-images.sh
./build-prod-images.sh
working-directory: ./deployment
# Set the secrets that are used as env variables in the manifest files
- name: Set kubectl secrets
run: |-
kubectl create secret generic firebase-service-account \
--from-literal=firebase-service-account=$FIREBASE_SERVICE_ACCOUNT
kubectl create secret generic prisma-database-url \
--from-literal=prisma-database-url=$PRISMA_DATABASE_URL
kubectl create secret generic mongo-atlas-url \
--from-literal=mongo-atlas-url=$MONGO_ATLAS_URL
kubectl create secret generic frontend-firebase-config \
--from-literal=frontend-firebase-config=$FRONTEND_FIREBASE_CONFIG
# Deploy the Docker images to the GKE cluster
- name: Deploy production application
run: |-
kubectl apply -f ./gke-prod-manifests
kubectl rollout status deployment
kubectl get services -o wide
working-directory: ./deployment