social-tw-website/.github/workflows/deploy-frontend.yml

name: Manual-Frontend-Deploy

on:
    workflow_dispatch:
        branches: ['dev', 'prod']
        inputs:
            version:
                type: string
                required: true
            env:
                type: string
                required: true

    workflow_call:
        inputs:
            version:
                type: string
                required: true
            env:
                type: string
                required: true

# get repo vars before running jobs
env:
    NODE_OPTIONS: ${{ vars.NODE_OPTIONS }}
    REGION: ${{ vars.REGION }}
    WIF_PROVIDER: ${{ secrets.WIF_PROVIDER }}
    WIF_SERVICE_ACCOUNT: ${{ secrets.WIF_SERVICE_ACCOUNT }}
    GAR_LOCATION: ${{ vars.GAR_LOCATION }}
    PROJECT_ID: ${{ vars.PROJECT_ID }}
    REPOSITORY: ${{ vars.REPOSITORY }}

jobs:
    frontend:
        permissions:
            contents: 'read'
            id-token: 'write'

        runs-on: ubuntu-latest
        environment: ${{ inputs.env }}
        steps:
            - name: Production Code
              uses: 'actions/checkout@v3'

            - name: Authenticate to Google Cloud
              id: auth
              uses: 'google-github-actions/auth@v1'
              with:
                  token_format: access_token
                  workload_identity_provider: '${{ env.WIF_PROVIDER }}'
                  service_account: '${{ env.WIF_SERVICE_ACCOUNT }}'
                  access_token_lifetime: 900s

            ## artifact registry auth setup
            - name: Login to Artifact Registry
              id: docker-auth
              uses: docker/login-action@v1
              with:
                  registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev
                  username: oauth2accesstoken
                  password: ${{ steps.auth.outputs.access_token }}

            - name: Deploy to Cloud Run
              id: deploy
              uses: google-github-actions/deploy-cloudrun@v0
              with:
                  service: ${{ vars.FRONTEND_SERVICE }}
                  region: ${{ env.REGION }}
                  image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ vars.FRONTEND_SERVICE }}:${{ inputs.version }}
                  ## set --max-old-space-size=8192 for node.js to increase memory limit
                  env_vars: |
                      SERVER=${{ vars.SERVER }}
                      NODE_OPTIONS=${{ env.NODE_OPTIONS }}
            - name: Allow public access
              id: unauthenticated
              run: gcloud run services add-iam-policy-binding ${{ vars.FRONTEND_SERVICE }} --region=${{ env.REGION }} --member="allUsers" --role="roles/run.invoker"

            - name: Show Output
              run: echo ${{ steps.deploy.outputs.url }}