Skip to content

Commit

Permalink
build(Github): Refactors main workflow and adds Dry Run mode and envi…
Browse files Browse the repository at this point in the history
…ronment override
  • Loading branch information
KevSanchez committed May 17, 2024
1 parent 43895f9 commit 063cb02
Show file tree
Hide file tree
Showing 7 changed files with 351 additions and 328 deletions.
84 changes: 84 additions & 0 deletions .github/actions/build-and-deploy-cloud-run/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
name: Build And Deploy to Cloud Run
description: Build And Deploy to Cloud Run
inputs:
GCP_SA_KEY:
description: "Service Account Key to log into GCP"
required: true
REPOSITORY:
description: "Repository"
required: true
SERVICE:
description: "Service"
required: true
PROJECT_ID:
description: "GCP Project Id"
required: true
GAR_LOCATION:
description: "GCP Artifact Registry url"
required: true
ENVIRONMENT_NAME:
description: "Environment name (PRODUCTION, STAGING)"
required: true
REGION:
description: "GCP Region"
required: true
COMPONENT_PATH:
description: "Component path of the component to be deployed (./cms, ./client ...)"
required: true
DRY_RUN:
description: "Makes the action work in Dry Run Mode"
required: false
default: "false" # WARNING Input type is not supported in composite actions. Must treat it as a string

#NOTE Actions needs to specify the shell to use on every action https://stackoverflow.com/questions/71041836/github-actions-required-property-is-missing-shell

outputs:
url:
description: url
value: ${{steps.deploy.output}}

runs:
using: "composite"
steps:
- name: Google Auth
id: auth
uses: 'google-github-actions/auth@v1'
with:
credentials_json: "${{ inputs.GCP_SA_KEY }}"
token_format: 'access_token'

# Authenticate Docker to Google Cloud Artifact Registry via credentials json
- name: Docker Auth
id: docker-auth
uses: 'docker/login-action@v3'
with:
registry: ${{ inputs.GAR_LOCATION }}-docker.pkg.dev
username: _json_key
password: ${{ inputs.GCP_SA_KEY }}

- name: Build Container
shell: bash
run: |-
docker build -f ${{ inputs.COMPONENT_PATH }}/Dockerfile.prod -t "${{ inputs.GAR_LOCATION }}-docker.pkg.dev/${{ inputs.PROJECT_ID }}/${{ inputs.REPOSITORY }}/${{ inputs.SERVICE }}:${{ github.sha }}" ${{ inputs.COMPONENT_PATH }}
- name: Push Container
if: ${{ inputs.DRY_RUN == 'false' }}
shell: bash
run: |-
docker push "${{ inputs.GAR_LOCATION }}-docker.pkg.dev/${{ inputs.PROJECT_ID }}/${{ inputs.REPOSITORY }}/${{ inputs.SERVICE }}:${{ github.sha }}"
# tag as "latest"
docker tag "${{ inputs.GAR_LOCATION }}-docker.pkg.dev/${{ inputs.PROJECT_ID }}/${{ inputs.REPOSITORY }}/${{ inputs.SERVICE }}:${{ github.sha }}" "${{ inputs.GAR_LOCATION }}-docker.pkg.dev/${{ inputs.PROJECT_ID }}/${{ inputs.REPOSITORY }}/${{ inputs.SERVICE }}:latest"
docker push "${{ inputs.GAR_LOCATION }}-docker.pkg.dev/${{ inputs.PROJECT_ID }}/${{ inputs.REPOSITORY }}/${{ inputs.SERVICE }}:latest"
- name: Deploy to Cloud Run
if: ${{ inputs.DRY_RUN == 'false' }}
id: deploy
uses: google-github-actions/deploy-cloudrun@v1
with:
service: ${{ inputs.SERVICE }}
region: ${{ inputs.REGION }}
image: ${{ inputs.GAR_LOCATION }}-docker.pkg.dev/${{ inputs.PROJECT_ID }}/${{ inputs.REPOSITORY }}/${{ inputs.SERVICE }}:${{ github.sha }}
# NOTE: You can also set env variables here:
# env_vars: |
# NODE_ENV=production
# TOKEN_EXPIRE=6400
62 changes: 62 additions & 0 deletions .github/actions/generate-env-file-from-json/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
name: Generate Env file from JSON secret/variable collection
description: Takes a set of GH variables and secrets in JSON format and generates an env file for the docker image building step for the relevant environment and component (CMS, client, etc)

inputs:
secrets_json:
description: "The GH Secrets collection in JSON format"
required: true
vars_json:
description: "The GH Variables collection in JSON format"
required: true
ENVIRONMENT:
description: "Environment name"
required: true
APP_ENV_PREFIX:
description: "Something"
required: true

outputs:
env_file:
description: "The env file contents"
value: ${{steps.env_entries_stripped.outputs.entries_stripped}}

runs:
using: "composite"
steps:
- name: Output secrets and vars as key=value entries
# Use jq to convert JSON to key=value entries
# 1. to_entries converts JSON to array of key/value pairs
# 2. map(.key + "=" + .value) converts each key/value pair to key=value
# 3. .[] flattens array to key=value entries
id: env_entries_all
shell: bash
run: |
{
echo 'entries_all<<EOF'
echo '${{ inputs.secrets_json }}' '${{ inputs.vars_json }}' | jq -r 'to_entries | map(.key + "=" + .value) | .[]'
echo 'EOF'
} >> $GITHUB_OUTPUT
- name: Filter secrets and vars for inclusion in .env file by environment and application prefixes
# Use grep to filter client secrets & vars and save .env file (names starting with (TF_)((PRODUCTION|STAGING|SOMEBRANCH)_)[CLIENT_ENV|CMS_ENV]_
id: env_entries_filtered
shell: bash
run: |
{
echo 'entries_filtered<<EOF'
echo '${{ steps.env_entries_all.outputs.entries_all }}' | grep -E "^(TF_)?(${ENVIRONMENT}_)?${APP_ENV_PREFIX}_"
echo 'EOF'
} >> $GITHUB_OUTPUT
- name: Strip environment and application prefixes from secret and var names
# Use sed to strip environment and application prefixes from secret and var names
id: env_entries_stripped
shell: bash
run: |
{
echo 'entries_stripped<<EOF'
echo '${{ steps.env_entries_filtered.outputs.entries_filtered }}' | sed -E "s/^(TF_)?("$ENVIRONMENT"_)?"$APP_ENV_PREFIX"_//g"
echo 'EOF'
} >> $GITHUB_OUTPUT
Loading

0 comments on commit 063cb02

Please sign in to comment.