feat: github actions #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # google-cloudrun-docker.yaml | |
| # This workflow build and push a Docker container to Google Artifact Registry | |
| # and deploy it on Cloud Run when a commit is pushed to the "develop" | |
| # branch. | |
| # | |
| # To configure this workflow: | |
| # | |
| # 1. Enable the following Google Cloud APIs: | |
| # | |
| # - Artifact Registry (artifactregistry.googleapis.com) | |
| # - Cloud Run (run.googleapis.com) | |
| # - IAM Credentials API (iamcredentials.googleapis.com) | |
| # | |
| # You can learn more about enabling APIs at | |
| # https://support.google.com/googleapi/answer/6158841. | |
| # | |
| # 2. Create and configure a Workload Identity Provider for GitHub: | |
| # https://github.com/google-github-actions/auth#preferred-direct-workload-identity-federation. | |
| # | |
| # Depending on how you authenticate, you will need to grant an IAM principal | |
| # permissions on Google Cloud: | |
| # | |
| # - Artifact Registry Administrator (roles/artifactregistry.admin) | |
| # - Cloud Run Developer (roles/run.developer) | |
| # | |
| # You can learn more about setting IAM permissions at | |
| # https://cloud.google.com/iam/docs/manage-access-other-resources | |
| # | |
| # 3. Change the values in the "env" block to match your values. | |
| name: 'Build and Deploy to Cloud Run' | |
| on: | |
| push: | |
| branches: [ "develop" ] | |
| env: | |
| PROJECT_ID: 'anbd-project' # TODO: update to your Google Cloud project ID | |
| REGION: 'asia-northeast3' # TODO: update to your region | |
| SERVICE: 'anbd' # TODO: update to your service name | |
| WORKLOAD_IDENTITY_PROVIDER: 'projects/1091105746278/locations/global/workloadIdentityPools/anbd-github-actions/providers/github-actions' # TODO: update to your workload identity provider | |
| jobs: | |
| deploy: | |
| runs-on: 'ubuntu-latest' | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - name: 'Checkout' | |
| uses: 'actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332' # actions/checkout@v4 | |
| # Configure Workload Identity Federation and generate an access token. | |
| # | |
| # See https://github.com/google-github-actions/auth for more options, | |
| # including authenticating via a JSON credentials file. | |
| - id: 'auth' | |
| name: 'Authenticate to Google Cloud' | |
| uses: 'google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2' # google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: '${{ env.WORKLOAD_IDENTITY_PROVIDER }}' | |
| service_account: 'anbd-admin@anbd-project.iam.gserviceaccount.com' # TODO: update to your service account email | |
| # Build application | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'adopt' | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x gradlew | |
| - name: Build with Gradle | |
| run: ./gradlew :anbd-api:bootJar | |
| - name: Decode Dockerfile from secret and save it | |
| run: | | |
| echo "$DOCKERFILE" > Dockerfile | |
| env: | |
| DOCKERFILE: ${{ secrets.DOCKERFILE }} | |
| # BEGIN - Docker auth and build | |
| # | |
| # If you already have a container image, you can omit these steps. | |
| - name: 'Docker Auth' | |
| uses: 'docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567' # docker/login-action@v3 | |
| with: | |
| username: 'oauth2accesstoken' | |
| password: '${{ steps.auth.outputs.auth_token }}' | |
| registry: '${{ env.REGION }}-docker.pkg.dev' | |
| - name: 'Build and Push Container' | |
| run: |- | |
| gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://asia-northeast3-docker.pkg.dev | |
| DOCKER_TAG="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/anbd-api:${{ github.sha }}" | |
| docker build --tag "${DOCKER_TAG}" . | |
| docker push "${DOCKER_TAG}" | |
| - name: 'Deploy to Cloud Run' | |
| # END - Docker auth and build | |
| uses: 'google-github-actions/deploy-cloudrun@33553064113a37d688aa6937bacbdc481580be17' # google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| service: 'tle-server' | |
| region: '${{ env.REGION }}' | |
| # NOTE: If using a pre-built image, update the image name below: | |
| image: '${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/tle-api:${{ github.sha }}' | |
| # If required, use the Cloud Run URL output in later steps | |
| - name: 'Show output' | |
| run: |2- | |
| echo ${{ steps.deploy.outputs.url }} |