-
Notifications
You must be signed in to change notification settings - Fork 48
108 lines (97 loc) · 3.67 KB
/
build-and-push.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: Build and push to docker
# Controls when the action will run.
on:
# Triggers the workflow on push or pull request events but only for the dev branch
push:
tags:
- release/*
branches:
- master
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
env:
TARGET: ${{ startsWith(github.ref, 'refs/tags/release') && 'production' || 'staging' }}
# Docker tag prefix
RELEASE_TAG: ${{ startsWith(github.ref, 'refs/tags/release') && 'latest' || 'dev' }}
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build-and-push:
# The type of runner that the job will run on
runs-on: ubuntu-latest
strategy:
matrix:
locales:
- locale: en_US
postfix: -en
- locale: zh_TW
postfix: -tw
- locale: ja
postfix: -ja
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Echo RELEASE_TAG
run: 'echo $RELEASE_TAG'
- name: Checkout repo
uses: actions/checkout@v2
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
context: ./
file: ./Dockerfile
push: true
tags: cofacts/rumors-site:${{ env.RELEASE_TAG }}${{ matrix.locales.postfix }}
build-args: |
APP_ID=RUMORS_SITE
LOCALE=${{ matrix.locales.locale }}
# Cache for individual languages
# Ref: https://docs.docker.com/build/cache/backends/gha/#scope
cache-from: type=gha,scope=${{env.GITHUB_REF_NAME}}${{matrix.locales.postfix}}
cache-to: type=gha,mode=max,scope=${{env.GITHUB_REF_NAME}}${{matrix.locales.postfix}}
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
deploy:
permissions: # Required by google-github-actions/auth
contents: 'read'
id-token: 'write'
needs: build-and-push
runs-on: ubuntu-latest
strategy:
matrix:
locales:
- region: asia-east1
postfix: -tw
hostname: cofacts.tw
devHostname: dev.cofacts.tw
- region: us-east4
postfix: -en
hostname: en.cofacts.tw
devHostname: dev-en.cofacts.tw
- region: asia-northeast1
postfix: -ja
hostname: ja.cofacts.tw
devHostname: dev-ja.cofacts.tw
environment:
# environment.name cannot use env
# Ref: https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability
name: ${{ startsWith(github.ref, 'refs/tags/release') && 'production' || 'staging' }}${{ matrix.locales.postfix }}
url: https://${{ env.TARGET == 'production' && matrix.locales.hostname || matrix.locales.devHostname }}
steps:
- uses: 'google-github-actions/auth@v1'
with:
workload_identity_provider: ${{ secrets.GC_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GC_SERVICE_ACCOUNT }}
- uses: 'google-github-actions/deploy-cloudrun@v1'
with:
service: ${{ env.TARGET == 'production' && 'site' || 'site-staging' }}${{ matrix.locales.postfix }}
image: cofacts/rumors-site:${{ env.RELEASE_TAG }}${{ matrix.locales.postfix }}
region: ${{ matrix.locales.region }}