Example of deployments previews per pull-request

[dougnukem]

Question

Does this github action support the Google Cloud Run preview deployments per PR, that is supported with google cloud build?

• https://cloud.google.com/run/docs/tutorials/configure-deployment-previews

My assumption is it's just a wrapper on the gcloud tooling so I would assume it does?

[averikitsch]

This may not work out of the box with GitHub actions due to the container image that is used as a tool to post to the PR. This logic could potentially be updated to use another GitHub action.

Overall, there are 3 different moving parts in this tutorial:

1. Deploy to Cloud Run on push to main
2. Build an image with tooling to post preview to PR
3. Deploy a preview

Prep image

In order to simplify this a bit, I recommend completing the steps Creating tokens and configurations and Creating a new image for Cloud Build as is. It could be ported over to GitHub actions but you'll really only need to build it once.

However to use the image we need to login and push it to GitHub's Container Registry.

docker image tag gcr.io/PROJECT_ID/deployment-previews ghcr.io/USERNAME/deployment-previews
docker push ghcr.io/USERNAME/deployment-previews

Deploying to Cloud Run via main

The workflow would look like:

on:
  push:
    branches:
      - main

name: prod-deploy
env:
  PROJECT_ID: ${{ secrets.GCP_PROJECT }}
  SERVICE: myservice
  REGION: us-central1
  TAG: run-${{ github.run_id }}

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@v2

    - name: Setup Cloud SDK
      uses: google-github-actions/setup-gcloud@v0.2.0
      with:
        project_id: ${{ env.PROJECT_ID }}
        service_account_key: ${{ secrets.GCP_SA_KEY }}

    - name: Authorize Docker push
      run: gcloud auth configure-docker

    - name: Build and Push Container
      run: |-
        docker build -t gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ env.TAG }} .
        docker push gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ env.TAG }}
        
    - name: Deploy to Cloud Run
      id: deploy
      uses: google-github-actions/deploy-cloudrun@v0.6.0
      with:
        service: ${{ env.SERVICE }}
        image: gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ env.TAG }}
        region: ${{ env.REGION }}
        flags: "--allow-unauthenticated"
        tag: ${{ env.TAG }}

    - name: Ensure prod service is live
      uses: google-github-actions/deploy-cloudrun@v0.6.0
      with:
        service: ${{ env.SERVICE }}
        region: ${{ env.REGION }}
        tag_traffic: ${{ env.TAG }}=100

Deploying a preview (not working)

The workflow would look like, though I can't actually get the container image to run correctly:

on: pull_request

name: preview-deploy
env:
  PROJECT_ID: ${{ secrets.GCP_PROJECT }}
  SERVICE: myservice
  REGION: us-central1
  TAG: pr-${{ github.event.number }}

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@v2

    - name: Setup Cloud SDK
      uses: google-github-actions/setup-gcloud@v0.2.0
      with:
        project_id: ${{ env.PROJECT_ID }}
        service_account_key: ${{ secrets.GCP_SA_KEY }}

    - name: Authorize Docker push
      run: gcloud auth configure-docker

    - name: Build and Push Container
      run: |-
        docker build -t gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ env.TAG }} .
        docker push gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ env.TAG }}
        
    - name: Deploy to Cloud Run
      id: deploy
      uses: google-github-actions/deploy-cloudrun@v0.6.0
      with:
        service: ${{ env.SERVICE }}
        image: gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ env.TAG }}
        region: ${{ env.REGION }}
        tag: ${{ env.TAG }}
        no_traffic: true
    
  preview:
    needs: deploy
    runs-on: ubuntu-latest
    container:  
      image: ghcr.io/<YOURUSERNAME>/deployment-previews
      credentials:
        username: ${{ github.actor }}
        password: ${{ secrets.ghcr_token }}
    steps:
    - name: Link revision on pull request # Does not run correctly and could be replace with another action
      run: set --project-id ${{ env.PROJECT_ID }} \
        --region ${{ env.REGION }} \
        --service ${{ env.SERVICE }} \
        --pull-request ${{ github.event.number }} \
        --repo-name ${{ github.repository }}
        --commit-sha ${{ github.sha }}

@glasnt as original tutorial writer

[glasnt]

Here's a version of the preview job section that works:

  preview:
    needs: deploy
    runs-on: ubuntu-latest
    container:  
      image: ghcr.io/YOURUSERNAME/deployment-previews
      credentials:
        username: ${{ github.actor }}
        password: ${{ secrets.ghcr_token }}
    steps:
    - name: Setup Cloud SDK
      uses: google-github-actions/setup-gcloud@v0.2.0
      with:
        project_id: ${{ env.PROJECT_ID }}
        service_account_key: ${{ secrets.GCP_SA_KEY }}
        export_default_credentials: true
    - name: Link revision on pull request
      run: |-
        python3 /app/check_status.py set --project-id ${{ env.PROJECT_ID }} \
          --region ${{ env.REGION }} \
          --service ${{ env.SERVICE }} \
          --pull-request ${{ github.event.number }} \
          --repo-name ${{ github.repository }} \
          --commit-sha ${{ github.event.pull_request.head.sha }}

Notes:

• run commands are run directly in the container shell (docs), so you need to be explicit and add what the Dockerfile's ENTRYPOINT includes for you (hence adding the python3 /app/check_status.py part)
• This job needs authentication to gcloud, but the container uses Client APIs, so it needs the exported credentials (hence adding an additional setup step, with export_default_credentials: true
  • Given the requirement of a custom container base, I think splitting preview into a separate job is cleaner, but this does lead to this step duplication.
• I'm not sure if it's syntax or something else, but I used the multi-line yaml |- to ensure all the parameters were sent to the script.
• The github.sha in this context is a merge commit, and a the commit we can attach a status to. Instead I'm opting to use the head sha on the pull request. This should be conceptually identical to what is intended here.

[dougnukem]

Thanks, I was able to get the build/deploy github action jobs working, but I'm not sure I fully understand what's needed for the preview: job.

I'm confused what is the docker container being referenced in the preview job?

image: ghcr.io/YOURUSERNAME/deployment-previews

Is that a custom Docker container, I also saw it referenced as:

      image: ghcr.io/averikitsch/deployment-previews

From what I understand the purpose of that job is to set the Cloud Run preview URL on the github commit via the github Checks API?

[glasnt]

In @averikitsch's comment, she references the container image she built and hosted on the github container registry, so I removed her name and put a placeholder.

In the original tutorial you build the container from source and host it under your google cloud project. In the "Prep Image" section of Averi's earlier comment, you tag and push that same image to ghci for use in github actions under your username.

Hope this makes sense!

[giraffesyo]

This is high on the google results, so in case anyone is looking for the original tutorial, it has been moved to here https://github.com/GoogleCloudPlatform/devrel-demos/tree/main/app-dev/cloud-run-deployment-previews

[beingminimal]

This is high on the google results, so in case anyone is looking for the original tutorial, it has been moved to here https://github.com/GoogleCloudPlatform/devrel-demos/tree/main/app-dev/cloud-run-deployment-previews

@giraffesyo Thank you.