-
Notifications
You must be signed in to change notification settings - Fork 5
89 lines (75 loc) · 3.19 KB
/
deploy-builder-api.yml
File metadata and controls
89 lines (75 loc) · 3.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# This workflow uses devbox for dependency management and builds/deploys the builder API
# to Cloud Run when a commit is pushed to the "main" branch.
name: 'Build and Deploy Builder API to Cloud Run'
on:
push:
branches:
- main
paths:
- 'builder-api/**'
- 'devbox.json'
- 'devbox.lock'
env:
PROJECT_ID: 'benefit-decision-toolkit-play'
REGION: 'us-central1'
SERVICE: 'benefit-decision-toolkit-play'
API_NAME: 'builder-api'
WORKLOAD_IDENTITY_PROVIDER: 'projects/1034049717668/locations/global/workloadIdentityPools/github-actions-google-cloud/providers/github'
jobs:
deploy:
runs-on: 'ubuntu-latest'
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: 'Checkout'
uses: 'actions/checkout@v4'
- name: 'Setup devbox'
uses: ./.github/actions/devbox-setup
# Cache Maven dependencies to speed up builds
- name: 'Cache Maven dependencies'
uses: 'actions/cache@v4'
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('builder-api/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-${{ hashFiles('builder-api/pom.xml') }}
# Configure Workload Identity Federation and generate an access token
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: '${{ env.WORKLOAD_IDENTITY_PROVIDER }}'
service_account: cicd-build-deploy-api@benefit-decision-toolkit-play.iam.gserviceaccount.com
project_id: ${{ env.PROJECT_ID }}
# Configure Docker to use gcloud as a credential helper (using devbox gcloud)
- name: 'Configure Docker'
run: |
devbox run -- gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev
# Build the Quarkus app with Maven using devbox environment
- name: 'Build Quarkus App'
working-directory: builder-api
run: |
devbox run build-builder-api-ci
- name: 'Build and Push Container'
working-directory: builder-api
run: |-
DOCKER_TAG="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.API_NAME }}:latest"
docker build -f src/main/docker/Dockerfile.jvm --tag "${DOCKER_TAG}" .
docker push "${DOCKER_TAG}"
- name: 'Deploy to Cloud Run'
uses: 'google-github-actions/deploy-cloudrun@v2'
with:
service: '${{ env.API_NAME }}'
region: '${{ env.REGION }}'
image: '${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.API_NAME }}:latest'
service_account: 'builder-api-service-account@${{ env.PROJECT_ID }}.iam.gserviceaccount.com'
flags: '--allow-unauthenticated --max-instances=2'
env_vars: |
QUARKUS_GOOGLE_CLOUD_PROJECT_ID=${{ env.PROJECT_ID }}
GCS_BUCKET_NAME=${{ env.PROJECT_ID }}.firebasestorage.app
LIBRARY_API_BASE_URL=https://library-api-1034049717668.us-central1.run.app
# If required, use the Cloud Run URL output in later steps
- name: 'Show output'
run: |
echo ${{ steps.deploy.outputs.url }}