This repository has been archived by the owner on Nov 20, 2024. It is now read-only.
fix: attempt to inline the secret keys #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Development | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ["main"] | |
| env: | |
| PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} | |
| SERVICE: ${{ secrets.GCP_SERVICE }} | |
| REGION: ${{ secrets.GCP_REGION }} | |
| TAG: latest | |
| # RUNNER_SERVICE_ACCOUNT: | |
| A: NEXTAUTH_URL=NEXTAUTH_URL:latest | |
| B: NEXTAUTH_SECRET=NEXTAUTH_SECRET:latest | |
| C: DATABASE_URL=DATABASE_URL:latest | |
| D: AUTH_GITHUB_ID=AUTH_GITHUB_ID:latest | |
| E: AUTH_GITHUB_SECRET=AUTH_GITHUB_SECRET:latest | |
| F: AUTH_GOOGLE_ID=AUTH_GOOGLE_ID:latest | |
| G: AUTH_GOOGLE_SECRET=AUTH_GOOGLE_SECRET:latest | |
| H: AUTH_EMAIL_SERVER_USER=AUTH_EMAIL_SERVER_USER:latest | |
| I: AUTH_EMAIL_SERVER_PASSWORD=AUTH_EMAIL_SERVER_PASSWORD:latest | |
| J: AUTH_EMAIL_SERVER_HOST=AUTH_EMAIL_SERVER_HOST:latest | |
| K: AUTH_EMAIL_SERVER_PORT=AUTH_EMAIL_SERVER_PORT:latest | |
| L: AUTH_EMAIL_FROM=AUTH_EMAIL_FROM:latest | |
| M: GCP_PROJECT_ID=GCP_PROJECT_ID:latest | |
| N: GCP_PRIVATE_KEY_ID=GCP_PRIVATE_KEY_ID:latest | |
| O: GCP_PRIVATE_KEY=GCP_PRIVATE_KEY:latest | |
| P: GCP_CLIENT_EMAIL=GCP_CLIENT_EMAIL:latest | |
| Q: GCP_CLIENT_ID=GCP_CLIENT_ID:latest | |
| R: GCP_CLIENT_X509_CERT_URL=GCP_CLIENT_X509_CERT_URL:latest | |
| S: GCP_PRIMARY_BUCKET_NAME=GCP_PRIMARY_BUCKET_NAME:latest | |
| T: GCP_SECONDARY_BUCKET_NAME=GCP_SECONDARY_BUCKET_NAME:latest | |
| U: STRIPE_API_KEY=STRIPE_API_KEY:latest | |
| V: STRIPE_WEBHOOK_SECRET=STRIPE_WEBHOOK_SECRET:latest | |
| W: RESEND_API_KEY=RESEND_API_KEY:latest | |
| X: EMAIL_SEND=EMAIL_SEND:latest | |
| Y: EMAIL_RECEIVE=EMAIL_RECEIVE:latest | |
| Z: NEXT_PUBLIC_GA_ID=NEXT_PUBLIC_GA_ID:latest | |
| jobs: | |
| build-and-deploy: | |
| environment: development | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checkout the repo and make it accessible to workflow | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # Authenticate to Google Cloud | |
| - name: Google Auth | |
| id: auth | |
| uses: "google-github-actions/auth@v2" | |
| with: | |
| credentials_json: "${{ secrets.GOOGLE_CREDENTIALS }}" | |
| # Authenticate Docker to Google Cloud Artifact Registry | |
| - name: Docker Auth | |
| id: docker-auth | |
| uses: "docker/login-action@v3" | |
| with: | |
| username: _json_key | |
| password: "${{ secrets.GOOGLE_CREDENTIALS }}" | |
| registry: "${{ env.REGION }}-docker.pkg.dev" | |
| # Build and Push Container to Google Cloud Artifact Registry | |
| # ! Remember to add "" to secrets that contain @, &, or other special characters | |
| - name: Build and Push Container | |
| run: | | |
| docker build --no-cache \ | |
| --build-arg NEXT_PUBLIC_GA_ID="${{secrets.NEXT_PUBLIC_GA_ID}}" \ | |
| --build-arg DATABASE_URL="${{secrets.DATABASE_URL}}" \ | |
| -f Dockerfile \ | |
| -t "${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ env.TAG }}" ./ | |
| docker push "${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ env.TAG }}" | |
| # Deploy to Cloud Run | |
| - name: Deploy to Cloud Run | |
| run: | | |
| gcloud run deploy ${{env.SERVICE}} \ | |
| --platform=managed \ | |
| --region=${{ env.REGION }} \ | |
| --image="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ env.TAG }}" \ | |
| --min-instances=default \ | |
| --max-instances=1 \ | |
| --update-secrets=[NEXTAUTH_URL=NEXTAUTH_URL:latest,NEXTAUTH_SECRET=NEXTAUTH_SECRET:latest,DATABASE_URL=DATABASE_URL:latest,AUTH_GITHUB_ID=AUTH_GITHUB_ID:latest,AUTH_GITHUB_SECRET=AUTH_GITHUB_SECRET:latest,AUTH_GOOGLE_ID=AUTH_GOOGLE_ID:latest,AUTH_GOOGLE_SECRET=AUTH_GOOGLE_SECRET:latest,AUTH_EMAIL_SERVER_USER=AUTH_EMAIL_SERVER_USER:latest,AUTH_EMAIL_SERVER_PASSWORD=AUTH_EMAIL_SERVER_PASSWORD:latest,AUTH_EMAIL_SERVER_HOST=AUTH_EMAIL_SERVER_HOST:latest,AUTH_EMAIL_SERVER_PORT=AUTH_EMAIL_SERVER_PORT:latest,AUTH_EMAIL_FROM=AUTH_EMAIL_FROM:latest,GCP_PROJECT_ID=GCP_PROJECT_ID:latest,GCP_PRIVATE_KEY_ID=GCP_PRIVATE_KEY_ID:latest,GCP_PRIVATE_KEY=GCP_PRIVATE_KEY:latest,GCP_CLIENT_EMAIL=GCP_CLIENT_EMAIL:latest,GCP_CLIENT_ID=GCP_CLIENT_ID:latest,GCP_CLIENT_X509_CERT_URL=GCP_CLIENT_X509_CERT_URL:latest,GCP_PRIMARY_BUCKET_NAME=GCP_PRIMARY_BUCKET_NAME:latest,GCP_SECONDARY_BUCKET_NAME=GCP_SECONDARY_BUCKET_NAME:latest,STRIPE_API_KEY=STRIPE_API_KEY:latest,STRIPE_WEBHOOK_SECRET=STRIPE_WEBHOOK_SECRET:latest,RESEND_API_KEY=RESEND_API_KEY:latest,EMAIL_SEND=EMAIL_SEND:latest,EMAIL_RECEIVE=EMAIL_RECEIVE:latest,NEXT_PUBLIC_GA_ID=NEXT_PUBLIC_GA_ID:latest] |