github/social-tw-website
1
1
Fork 0
mirror of https://github.com/social-tw/social-tw-website.git synced 2026-01-09 15:38:09 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
762711d7977f0d56a4f2e92df8ab4ae62b705681
social-tw-website/.github/workflows/deploy-relay.yml
Evis Chang 762711d797 migrate the cicd enhancement to new branch
2023-12-20 00:56:47 +08:00

88 lines
3.2 KiB
YAML
Raw Blame History

name: Manual-Relay-Deploy
on:
workflow_dispatch:
branches: ['dev', 'prod']
inputs:
version:
type: string
required: true
env:
type: string
required: true
workflow_call:
inputs:
version:
type: string
required: true
env:
type: string
required: true
# get repo vars before running jobs
env:
REGION: ${{ vars.REGION }}
WIF_PROVIDER: ${{ secrets.WIF_PROVIDER }}
WIF_SERVICE_ACCOUNT: ${{ secrets.WIF_SERVICE_ACCOUNT }}
GAR_LOCATION: ${{ vars.GAR_LOCATION }}
PROJECT_ID: ${{ vars.PROJECT_ID }}
REPOSITORY: ${{ vars.REPOSITORY }}
TWITTER_CLIENT_ID: ${{ secrets.TWITTER_CLIENT_ID }}
TWITTER_CLIENT_KEY: ${{ secrets.TWITTER_CLIENT_KEY }}
jobs:
relay:
permissions:
contents: 'read'
id-token: 'write'
runs-on: ubuntu-latest
environment: ${{ inputs.env }}
steps:
- name: Production Code
uses: 'actions/checkout@v3'
- name: Authenticate to Google Cloud
id: auth
uses: 'google-github-actions/auth@v1'
with:
token_format: access_token
workload_identity_provider: '${{ env.WIF_PROVIDER }}'
service_account: '${{ env.WIF_SERVICE_ACCOUNT }}'
access_token_lifetime: 300s
## artifact registry auth setup
- name: Login to Artifact Registry
id: docker-auth
uses: docker/login-action@v1
with:
registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- name: Deploy to Cloud Run
id: deploy
uses: google-github-actions/deploy-cloudrun@v0
with:
service: ${{ vars.BACKEND_SERVICE }}
region: ${{ env.REGION }}
image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ vars.BACKEND_SERVICE }}:${{ inputs.version }}
# add ENV as below
env_vars: |
TWITTER_CLIENT_ID=${{ env.TWITTER_CLIENT_ID }}
TWITTER_CLIENT_KEY=${{ env.TWITTER_CLIENT_KEY }}
CLIENT_URL=${{ vars.CLIENT_URL }}
APP_ADDRESS=${{ vars.APP_ADDRESS }}
UNIREP_ADDRESS=${{ vars.UNIREP_ADDRESS }}
PRIVATE_KEY=${{ secrets.PRIVATE_KEY }}
GENESIS_BLOCK=${{ vars.GENESIS_BLOCK }}
ETH_PROVIDER_URL=${{ vars.ETH_PROVIDER_URL }}
DB_PATH=${{ secrets.DB_PATH }}
- name: Allow public access
id: unauthenticated
run: gcloud run services add-iam-policy-binding ${{ vars.BACKEND_SERVICE }} --region=${{ env.REGION }} --member="allUsers" --role="roles/run.invoker"
- name: Show Output
run: echo ${{ steps.deploy.outputs.url }}
Reference in New Issue View Git Blame Copy Permalink