chasinandrew · chasinandrew · May 23, 2023 · May 23, 2023 · May 23, 2023 · May 23, 2023
diff --git a/.github/workflows/deployment.yaml b/.github/workflows/deployment.yaml
@@ -18,21 +18,33 @@ on:
         type: string
         required: true
         description: The Google Cloud project ID.
-      image_repository:
+      artifact_registry_repo:
         type: string
         required: true
-        description: The container image repository name.
-      image_name:
+        description: The artifact registry repository name.
+      artifact_registry_location:
+        type: string
+        required: true
+        description: The artifact registry region name.
+      docker_image_name:
         type: string
         required: true
         description: The container image name.
+      service_name:
+        type: string
+        required: true
+        description: The container service name.
+      code_directory: 
+        type: string
+        required: true
+        description: The directory where the source code lives. 
+
 jobs:
   cloud-run: 
-    name: "Cloud Run Deployment"
+    name: "Image Build & Cloud Run Deploy"
     runs-on: ubuntu-latest
-    needs: [terraform]
+    environment: ${{ inputs.environment }}
     permissions:
-      pull-requests: write
       id-token: write
       contents: read
     steps:
@@ -54,30 +66,29 @@ jobs:
         with:
           username: 'oauth2accesstoken'
           password: '${{ steps.auth.outputs.access_token }}'
-          registry: '${{ env.GAR_LOCATION }}-docker.pkg.dev'
+          registry: '${{ inputs.artifact_registry_location }}-docker.pkg.dev'
 
       - name: Build and Tag
         id: build-image
         uses: docker/build-push-action@v3
         with:
-          context: ${{ env.CONTAINER_DIRECTORY }}
+          context: ${{ inputs.code_directory }}
           push: true 
-          tags: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.CONTAINER_SERVICE }}:${{ env.IMAGE_TAG }}
+          tags: ${{ inputs.artifact_registry_location }}-docker.pkg.dev/${{ inputs.gcp_project_id }}/${{ inputs.artifact_registry_repo }}/${{ inputs.service_name }}:${{ inputs.ref }}
 
       - name: Docker Push
         run: |-
-          docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.CONTAINER_SERVICE }}:${{ env.IMAGE_TAG }}"
+          docker push "${{ inputs.artifact_registry_location }}-docker.pkg.dev/${{ inputs.gcp_project_id }}/${{ inputs.artifact_registry_repo }}/${{ inputs.service_name }}:${{ inputs.ref }}"
 
       - name: Create Service declaration   
         run: |-
-          export CONTAINER_IMAGE="${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.CONTAINER_SERVICE }}:${{ env.IMAGE_TAG }}"
-          export CONTAINER_SERVICE="${{ env.CONTAINER_SERVICE }}"
-          export PROJECT_ID="${{ env.PROJECT_ID }}"
-          export REVISION_TAG=${{ github.sha }}
-          export CLOUD_RUN_SA=${{ env.CLOUD_RUN_SA }}
+          export CONTAINER_IMAGE="${{ inputs.artifact_registry_location }}-docker.pkg.dev/${{ inputs.gcp_project_id }}/${{ inputs.artifact_registry_repo }}/${{ inputs.service_name }}:${{ inputs.ref }}"
+          export SERVICE_NAME="${{ inputs.service_name }}"
+          export PROJECT_ID="${{ inputs.gcp_project_id }}"
+          export REVISION_TAG=${{ inputs.ref }}
+          export CLOUD_RUN_SA=${{ inputs.cloud_run_sa }}
           envsubst < ./service-yaml/container.yaml > container.yaml
 
       - name: Deploy to Cloud Run
-        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
         run: |- 
-          gcloud run services replace container.yaml --region=${{ env.REGION }}
+          gcloud run services replace container.yaml --region=${{ inputs.artifact_registry_location }}
diff --git a/.github/workflows/env_deployment.yaml b/.github/workflows/env_deployment.yaml
@@ -0,0 +1,76 @@
+name: Build and Deploy to Cloud Run
+on:
+  push:
+    branches:
+    - 'feature/**'
+    - 'develop'
+    - 'qa'
+    - 'main'
+
+jobs: 
+  #TODO: add feature branch unit tests
+  #TODO: add vulnerability scanning
+
+  #DEV
+  dev:
+    if: startsWith(github.ref_name, 'develop')
+    uses: ./.github/workflows/deployment.yaml
+    permissions: 
+      id-token: write
+      contents: read
+    with: 
+      environment: dev
+      ref: ${{ github.sha }}
+      gcp_project_id: arched-inkwell-368821
+      artifact_registry_repo: reference-architectures
+      artifact_registry_location: us-east4
+      docker_image_name: pods
+      service_name: pods
+      code_directory: ./code/Samples.Run.MarkdownPreview.Editor
+    secrets: inherit
+
+  #QA
+  qa:
+    if: startsWith(github.ref_name, 'qa')
+    uses: ./.github/workflows/deployment.yaml
+    permissions: 
+      id-token: write
+      contents: read
+    with: 
+      environment: qa
+      ref: ${{ github.sha }}
+      gcp_project_id: arched-inkwell-368821
+      artifact_registry_repo: reference-architectures
+      artifact_registry_location: us-east4
+      docker_image_name: pods
+      service_name: pods
+      code_directory: ./code/Samples.Run.MarkdownPreview.Editor
+    secrets: inherit
+
+  #PROD
+  prod: 
+    if: startsWith(github.ref_name, 'main')
+    uses: ./.github/workflows/deployment.yaml
+    permissions: 
+      id-token: write
+      contents: read
+    with: 
+      environment: prod
+      ref: ${{ github.sha }}
+      gcp_project_id: arched-inkwell-368821
+      artifact_registry_repo: reference-architectures
+      artifact_registry_location: us-east4
+      docker_image_name: pods
+      service_name: pods
+      code_directory: ./code/Samples.Run.MarkdownPreview.Editor
+    secrets: inherit
+
+# env:
+#   PROJECT_ID: arched-inkwell-368821                             # TODO: update Google Cloud project id
+#   GAR_LOCATION: us-east4                                        # TODO: update Artifact Registry location
+#   REPOSITORY: reference-architectures                           # TODO: update Artifact Registry repository name
+#   CONTAINER_SERVICE: pods                                       # TODO: update Cloud Run service name
+#   REGION: us-east4                                              # TODO: update Cloud Run service region #
+#   IMAGE_TAG: latest
+#   WORKING_DIRECTORY: ./terraform
+#   CLOUD_RUN_SA: cloud-run-sa
diff --git a/.github/workflows/workflow_dispatch.yaml b/.github/workflows/workflow_dispatch.yaml
diff --git a/service-yaml/container.yaml b/service-yaml/container.yaml
@@ -4,11 +4,11 @@ metadata:
   annotations: 
     run.googleapis.com/launch-stage: ALPHA
     run.googleapis.com/ingress: internal-and-cloud-load-balancing 
-  name: ${CONTAINER_SERVICE}
+  name: ${SERVICE_NAME}
 spec:
   template:
     metadata:      
-      name: ${CONTAINER_SERVICE}-${REVISION_TAG} 
+      name: ${SERVICE_NAME}-${REVISION_TAG} 
       annotations:
         run.googleapis.com/execution-environment: gen1
         autoscaling.knative.dev/minScale: '3'
@@ -27,7 +27,7 @@ spec:
       serviceAccountName: ${CLOUD_RUN_SA}
       containers:
       - image: ${CONTAINER_IMAGE}
-        name: ${CONTAINER_SERVICE}
+        name: ${SERVICE_NAME}
         ports: 
         - name: http1
           containerPort: 8080
@@ -38,11 +38,11 @@ spec:
           value: sqluser #TODO: change to true database username 
         - name: DB_NAME 
           value: default #TODO: change to true database name 
-        - name: DB_PASS
-          valueFrom:
-            secretKeyRef:
-              name: TEST #TODO: change to true secret name 
-              key: "3" #TODO: change to true secret key
+        # - name: DB_PASS
+        #   valueFrom:
+        #     secretKeyRef:
+        #       name: TEST #TODO: change to true secret name 
+        #       key: "3" #TODO: change to true secret key
 
       # It is recommended to use the latest version of the Cloud SQL Auth Proxy
       # Make sure to update on a regular schedule!