-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build(Github): Refactors main workflow and adds Dry Run mode and envi…
…ronment override
- Loading branch information
1 parent
43895f9
commit 063cb02
Showing
7 changed files
with
351 additions
and
328 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
name: Build And Deploy to Cloud Run | ||
description: Build And Deploy to Cloud Run | ||
inputs: | ||
GCP_SA_KEY: | ||
description: "Service Account Key to log into GCP" | ||
required: true | ||
REPOSITORY: | ||
description: "Repository" | ||
required: true | ||
SERVICE: | ||
description: "Service" | ||
required: true | ||
PROJECT_ID: | ||
description: "GCP Project Id" | ||
required: true | ||
GAR_LOCATION: | ||
description: "GCP Artifact Registry url" | ||
required: true | ||
ENVIRONMENT_NAME: | ||
description: "Environment name (PRODUCTION, STAGING)" | ||
required: true | ||
REGION: | ||
description: "GCP Region" | ||
required: true | ||
COMPONENT_PATH: | ||
description: "Component path of the component to be deployed (./cms, ./client ...)" | ||
required: true | ||
DRY_RUN: | ||
description: "Makes the action work in Dry Run Mode" | ||
required: false | ||
default: "false" # WARNING Input type is not supported in composite actions. Must treat it as a string | ||
|
||
#NOTE Actions needs to specify the shell to use on every action https://stackoverflow.com/questions/71041836/github-actions-required-property-is-missing-shell | ||
|
||
outputs: | ||
url: | ||
description: url | ||
value: ${{steps.deploy.output}} | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- name: Google Auth | ||
id: auth | ||
uses: 'google-github-actions/auth@v1' | ||
with: | ||
credentials_json: "${{ inputs.GCP_SA_KEY }}" | ||
token_format: 'access_token' | ||
|
||
# Authenticate Docker to Google Cloud Artifact Registry via credentials json | ||
- name: Docker Auth | ||
id: docker-auth | ||
uses: 'docker/login-action@v3' | ||
with: | ||
registry: ${{ inputs.GAR_LOCATION }}-docker.pkg.dev | ||
username: _json_key | ||
password: ${{ inputs.GCP_SA_KEY }} | ||
|
||
- name: Build Container | ||
shell: bash | ||
run: |- | ||
docker build -f ${{ inputs.COMPONENT_PATH }}/Dockerfile.prod -t "${{ inputs.GAR_LOCATION }}-docker.pkg.dev/${{ inputs.PROJECT_ID }}/${{ inputs.REPOSITORY }}/${{ inputs.SERVICE }}:${{ github.sha }}" ${{ inputs.COMPONENT_PATH }} | ||
- name: Push Container | ||
if: ${{ inputs.DRY_RUN == 'false' }} | ||
shell: bash | ||
run: |- | ||
docker push "${{ inputs.GAR_LOCATION }}-docker.pkg.dev/${{ inputs.PROJECT_ID }}/${{ inputs.REPOSITORY }}/${{ inputs.SERVICE }}:${{ github.sha }}" | ||
# tag as "latest" | ||
docker tag "${{ inputs.GAR_LOCATION }}-docker.pkg.dev/${{ inputs.PROJECT_ID }}/${{ inputs.REPOSITORY }}/${{ inputs.SERVICE }}:${{ github.sha }}" "${{ inputs.GAR_LOCATION }}-docker.pkg.dev/${{ inputs.PROJECT_ID }}/${{ inputs.REPOSITORY }}/${{ inputs.SERVICE }}:latest" | ||
docker push "${{ inputs.GAR_LOCATION }}-docker.pkg.dev/${{ inputs.PROJECT_ID }}/${{ inputs.REPOSITORY }}/${{ inputs.SERVICE }}:latest" | ||
- name: Deploy to Cloud Run | ||
if: ${{ inputs.DRY_RUN == 'false' }} | ||
id: deploy | ||
uses: google-github-actions/deploy-cloudrun@v1 | ||
with: | ||
service: ${{ inputs.SERVICE }} | ||
region: ${{ inputs.REGION }} | ||
image: ${{ inputs.GAR_LOCATION }}-docker.pkg.dev/${{ inputs.PROJECT_ID }}/${{ inputs.REPOSITORY }}/${{ inputs.SERVICE }}:${{ github.sha }} | ||
# NOTE: You can also set env variables here: | ||
# env_vars: | | ||
# NODE_ENV=production | ||
# TOKEN_EXPIRE=6400 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
name: Generate Env file from JSON secret/variable collection | ||
description: Takes a set of GH variables and secrets in JSON format and generates an env file for the docker image building step for the relevant environment and component (CMS, client, etc) | ||
|
||
inputs: | ||
secrets_json: | ||
description: "The GH Secrets collection in JSON format" | ||
required: true | ||
vars_json: | ||
description: "The GH Variables collection in JSON format" | ||
required: true | ||
ENVIRONMENT: | ||
description: "Environment name" | ||
required: true | ||
APP_ENV_PREFIX: | ||
description: "Something" | ||
required: true | ||
|
||
outputs: | ||
env_file: | ||
description: "The env file contents" | ||
value: ${{steps.env_entries_stripped.outputs.entries_stripped}} | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- name: Output secrets and vars as key=value entries | ||
# Use jq to convert JSON to key=value entries | ||
# 1. to_entries converts JSON to array of key/value pairs | ||
# 2. map(.key + "=" + .value) converts each key/value pair to key=value | ||
# 3. .[] flattens array to key=value entries | ||
id: env_entries_all | ||
shell: bash | ||
run: | | ||
{ | ||
echo 'entries_all<<EOF' | ||
echo '${{ inputs.secrets_json }}' '${{ inputs.vars_json }}' | jq -r 'to_entries | map(.key + "=" + .value) | .[]' | ||
echo 'EOF' | ||
} >> $GITHUB_OUTPUT | ||
- name: Filter secrets and vars for inclusion in .env file by environment and application prefixes | ||
# Use grep to filter client secrets & vars and save .env file (names starting with (TF_)((PRODUCTION|STAGING|SOMEBRANCH)_)[CLIENT_ENV|CMS_ENV]_ | ||
id: env_entries_filtered | ||
shell: bash | ||
run: | | ||
{ | ||
echo 'entries_filtered<<EOF' | ||
echo '${{ steps.env_entries_all.outputs.entries_all }}' | grep -E "^(TF_)?(${ENVIRONMENT}_)?${APP_ENV_PREFIX}_" | ||
echo 'EOF' | ||
} >> $GITHUB_OUTPUT | ||
- name: Strip environment and application prefixes from secret and var names | ||
# Use sed to strip environment and application prefixes from secret and var names | ||
id: env_entries_stripped | ||
shell: bash | ||
run: | | ||
{ | ||
echo 'entries_stripped<<EOF' | ||
echo '${{ steps.env_entries_filtered.outputs.entries_filtered }}' | sed -E "s/^(TF_)?("$ENVIRONMENT"_)?"$APP_ENV_PREFIX"_//g" | ||
echo 'EOF' | ||
} >> $GITHUB_OUTPUT |
Oops, something went wrong.