From 70b18a201950b0cb72de86f067e02fbbce494f5b Mon Sep 17 00:00:00 2001 From: nspmx Date: Fri, 24 Mar 2023 00:34:33 -0300 Subject: [PATCH 1/2] update workflows --- .../google-registry-cloudrun-develop.yml | 2 +- .../workflows/google-registry-cloudrun.yml | 2 +- .../workflows/google-registry-gke-develop.yml | 49 +++++++------------ .github/workflows/google-registry-gke.yml | 49 +++++++------------ 4 files changed, 36 insertions(+), 66 deletions(-) diff --git a/.github/workflows/google-registry-cloudrun-develop.yml b/.github/workflows/google-registry-cloudrun-develop.yml index 79e1016..93078e6 100644 --- a/.github/workflows/google-registry-cloudrun-develop.yml +++ b/.github/workflows/google-registry-cloudrun-develop.yml @@ -63,7 +63,7 @@ # Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry # Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege # Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun -name: Build to Artifact Registry and Deploy to Cloud Run +name: [Google Cloud] Build to Artifact Registry and Deploy Dev to Cloud Run on: push: diff --git a/.github/workflows/google-registry-cloudrun.yml b/.github/workflows/google-registry-cloudrun.yml index 5851624..53fb20a 100644 --- a/.github/workflows/google-registry-cloudrun.yml +++ b/.github/workflows/google-registry-cloudrun.yml @@ -63,7 +63,7 @@ # Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry # Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege # Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun -name: Build to Artifact Registry and Deploy to Cloud Run +name: [Google Cloud] Build to Artifact Registry and Deploy to Cloud Run on: push: diff --git a/.github/workflows/google-registry-gke-develop.yml b/.github/workflows/google-registry-gke-develop.yml index 25ba03f..6e09368 100644 --- a/.github/workflows/google-registry-gke-develop.yml +++ b/.github/workflows/google-registry-gke-develop.yml @@ -1,12 +1,12 @@ -# This workflow build and push a Docker container to Google Artifact Registry and deploy it on Cloud Run when a commit is pushed to the "develop" branch +# This workflow build and push a Docker container to Google Artifact Registry and deploy it on Google Kubernetes Engine when a commit is pushed to the "develop" branch # # To configure this workflow: # # 1. Ensure the required Google Cloud APIs are enabled in the project: # -# Cloud Build cloudbuild.googleapis.com -# Cloud Run run.googleapis.com -# Artifact Registry artifactregistry.googleapis.com +# Cloud Build cloudbuild.googleapis.com +# Kubernetes Engine API container.googleapis.com +# Artifact Registry artifactregistry.googleapis.com # # 2. Create a service account (if you don't have one) with the following fields: # @@ -15,12 +15,8 @@ # # 3. Ensure the service account have the required IAM permissions granted: # -# Cloud Build -# roles/cloudbuild.builds.editor (cloud build editor) -# roles/cloudbuild.builds.builder (cloud build service account) -# -# Cloud Run -# roles/run.admin (cloud run admin) +# Kubernetes Engine Developer +# roles/container.developer (kubernetes engine developer) # # Artifact Registry # roles/artifactregistry.repoAdmin (artifact registry repository administrator) @@ -44,34 +40,23 @@ # GCP_ARTIFACT_REGISTRY_NAME (Google Cloud Articaft Registry Repository Name) # GCP_ARTIFACT_REGISTRY_LOCATION (Google Cloud Artifact Registry Reposotiry Location) # -# 5. Ensure you have the following GitHub Vatiables for each environment that you will set up: -# -# GitHub Secrets -# CANON_CMS_DB (Canon CMD DB String) -# FLICKR_API_KEY (Flickr API Key) -# GOOGLE_APPLICATION_CREDENTIALS (Google Credential) +# 5. Ensure you have the following GitHub Variables for each environment that you will set up: # # GitHub Variables # GCP_CLOUDRUN_SERVICE (CloudRun Service Name of the environment) # GCP_CLOUDRUN_REGION (CloudRun Service Region of the environment) -# CANON_API (Canon API Endpoint) -# CANON_CMS_CUBES (Canon Tesseract API Cubes Endpoint) -# CANON_CMS_ENABLE (Canon CMS Enable CMS) -# CANON_CMS_FORCE_HTTPS (Canon CMS Force HTTPS) -# CANON_CMS_LOGGING (Canon CMS Logging) -# CANON_CONST_STORAGE_BUCKET (Google Storage Bucket) -# CANON_GOOGLE_ANALYTICS (Google Analytics Code) -# CANON_LANGUAGES (Canon Languages) -# CANON_LANGUAGE_DEFAULT (Canon Language Default) -# CANON_LOGINS (Canon CMS Logins) +# GKE_APP_NAME (Google Kubernetes Engine Deployment Name) +# GKE_APP_NAMESPACE (Google Kubernetes Engine Deployment Namespace) +# GKE_CLUSTER (Google Kubernetes Engine Cluster Name) +# GKE_ZONE (Google Kubernetes Engine Cluster Zone) # # Further reading: -# Cloud Run IAM permissions - https://cloud.google.com/run/docs/deploying -# Artifact Registry IAM permissions - https://cloud.google.com/artifact-registry/docs/access-control#roles -# Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry -# Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege -# Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun -name: Build to Artifact Registry and Deploy to GKE +# Kubernetes Developer - https://cloud.google.com/iam/docs/understanding-roles#container.developer +# Artifact Registry IAM permissions - https://cloud.google.com/artifact-registry/docs/access-control#roles +# Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry +# Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege +# Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun +name: [Google Cloud] Build to Artifact Registry and Deploy Dev to GKE on: push: diff --git a/.github/workflows/google-registry-gke.yml b/.github/workflows/google-registry-gke.yml index 00535a4..160e078 100644 --- a/.github/workflows/google-registry-gke.yml +++ b/.github/workflows/google-registry-gke.yml @@ -1,12 +1,12 @@ -# This workflow build and push a Docker container to Google Artifact Registry and deploy it on Cloud Run when a commit is pushed to the "main" branch +# This workflow build and push a Docker container to Google Artifact Registry and deploy it on Google Kubernetes Engine when a commit is pushed to the "develop" branch # # To configure this workflow: # # 1. Ensure the required Google Cloud APIs are enabled in the project: # -# Cloud Build cloudbuild.googleapis.com -# Cloud Run run.googleapis.com -# Artifact Registry artifactregistry.googleapis.com +# Cloud Build cloudbuild.googleapis.com +# Kubernetes Engine API container.googleapis.com +# Artifact Registry artifactregistry.googleapis.com # # 2. Create a service account (if you don't have one) with the following fields: # @@ -15,12 +15,8 @@ # # 3. Ensure the service account have the required IAM permissions granted: # -# Cloud Build -# roles/cloudbuild.builds.editor (cloud build editor) -# roles/cloudbuild.builds.builder (cloud build service account) -# -# Cloud Run -# roles/run.admin (cloud run admin) +# Kubernetes Engine Developer +# roles/container.developer (kubernetes engine developer) # # Artifact Registry # roles/artifactregistry.repoAdmin (artifact registry repository administrator) @@ -44,34 +40,23 @@ # GCP_ARTIFACT_REGISTRY_NAME (Google Cloud Articaft Registry Repository Name) # GCP_ARTIFACT_REGISTRY_LOCATION (Google Cloud Artifact Registry Reposotiry Location) # -# 5. Ensure you have the following GitHub Vatiables for each environment that you will set up: -# -# GitHub Secrets -# CANON_CMS_DB (Canon CMD DB String) -# FLICKR_API_KEY (Flickr API Key) -# GOOGLE_APPLICATION_CREDENTIALS (Google Credential) +# 5. Ensure you have the following GitHub Variables for each environment that you will set up: # # GitHub Variables # GCP_CLOUDRUN_SERVICE (CloudRun Service Name of the environment) # GCP_CLOUDRUN_REGION (CloudRun Service Region of the environment) -# CANON_API (Canon API Endpoint) -# CANON_CMS_CUBES (Canon Tesseract API Cubes Endpoint) -# CANON_CMS_ENABLE (Canon CMS Enable CMS) -# CANON_CMS_FORCE_HTTPS (Canon CMS Force HTTPS) -# CANON_CMS_LOGGING (Canon CMS Logging) -# CANON_CONST_STORAGE_BUCKET (Google Storage Bucket) -# CANON_GOOGLE_ANALYTICS (Google Analytics Code) -# CANON_LANGUAGES (Canon Languages) -# CANON_LANGUAGE_DEFAULT (Canon Language Default) -# CANON_LOGINS (Canon CMS Logins) +# GKE_APP_NAME (Google Kubernetes Engine Deployment Name) +# GKE_APP_NAMESPACE (Google Kubernetes Engine Deployment Namespace) +# GKE_CLUSTER (Google Kubernetes Engine Cluster Name) +# GKE_ZONE (Google Kubernetes Engine Cluster Zone) # # Further reading: -# Cloud Run IAM permissions - https://cloud.google.com/run/docs/deploying -# Artifact Registry IAM permissions - https://cloud.google.com/artifact-registry/docs/access-control#roles -# Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry -# Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege -# Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun -name: Build to Artifact Registry and Deploy to GKE +# Kubernetes Developer - https://cloud.google.com/iam/docs/understanding-roles#container.developer +# Artifact Registry IAM permissions - https://cloud.google.com/artifact-registry/docs/access-control#roles +# Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry +# Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege +# Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun +name: [Google Cloud] Build to Artifact Registry and Deploy to GKE on: push: From 1f6365622521c2e14a46a4b6c5ab177f95551658 Mon Sep 17 00:00:00 2001 From: nspmx Date: Fri, 24 Mar 2023 00:47:46 -0300 Subject: [PATCH 2/2] update workflows names --- .github/workflows/google-registry-cloudrun-develop.yml | 2 +- .github/workflows/google-registry-cloudrun.yml | 2 +- .github/workflows/google-registry-gke-develop.yml | 2 +- .github/workflows/google-registry-gke.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/google-registry-cloudrun-develop.yml b/.github/workflows/google-registry-cloudrun-develop.yml index 93078e6..b291f84 100644 --- a/.github/workflows/google-registry-cloudrun-develop.yml +++ b/.github/workflows/google-registry-cloudrun-develop.yml @@ -63,7 +63,7 @@ # Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry # Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege # Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun -name: [Google Cloud] Build to Artifact Registry and Deploy Dev to Cloud Run +name: "[Google Cloud] Build to Artifact Registry and Deploy Dev to Cloud Run" on: push: diff --git a/.github/workflows/google-registry-cloudrun.yml b/.github/workflows/google-registry-cloudrun.yml index 53fb20a..4cc27aa 100644 --- a/.github/workflows/google-registry-cloudrun.yml +++ b/.github/workflows/google-registry-cloudrun.yml @@ -63,7 +63,7 @@ # Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry # Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege # Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun -name: [Google Cloud] Build to Artifact Registry and Deploy to Cloud Run +name: "[Google Cloud] Build to Artifact Registry and Deploy to Cloud Run" on: push: diff --git a/.github/workflows/google-registry-gke-develop.yml b/.github/workflows/google-registry-gke-develop.yml index 6e09368..98ac801 100644 --- a/.github/workflows/google-registry-gke-develop.yml +++ b/.github/workflows/google-registry-gke-develop.yml @@ -56,7 +56,7 @@ # Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry # Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege # Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun -name: [Google Cloud] Build to Artifact Registry and Deploy Dev to GKE +name: "[Google Cloud] Build to Artifact Registry and Deploy Dev to GKE" on: push: diff --git a/.github/workflows/google-registry-gke.yml b/.github/workflows/google-registry-gke.yml index 160e078..a95dcdf 100644 --- a/.github/workflows/google-registry-gke.yml +++ b/.github/workflows/google-registry-gke.yml @@ -56,7 +56,7 @@ # Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry # Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege # Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun -name: [Google Cloud] Build to Artifact Registry and Deploy to GKE +name: "[Google Cloud] Build to Artifact Registry and Deploy to GKE" on: push: