-
Notifications
You must be signed in to change notification settings - Fork 0
98 lines (94 loc) · 3.89 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
name: 'Deploy'
on:
workflow_dispatch:
env:
SPOTIFY_CLIENT_ID: '${{ secrets.SPOTIFY_CLIENT_ID }}'
SPOTIFY_CLIENT_SECRET: '${{ secrets.SPOTIFY_CLIENT_SECRET }}'
SPOTIFY_REDIRECT_URI: '${{ secrets.SPOTIFY_REDIRECT_URI }}'
SOURCE_PLAYLIST_ID: '${{ secrets.SOURCE_PLAYLIST_ID }}'
DESTINATION_PLAYLIST_ID: '${{ secrets.DESTINATION_PLAYLIST_ID }}'
CLOUD_FUNCTION_NAME: 'dw-saver'
CLOUD_FUNCTION_REGION: 'europe-west3'
CLOUD_FUNCTION_BUCKET_NAME: '${{ vars.CLOUD_FUNCTION_BUCKET_NAME }}'
CLOUD_FUNCTION_FILE_NAME: 'function.zip'
CLOUD_FUNCTION_URL: '${{ vars.CLOUD_FUNCTION_URL }}'
CLOUD_FUNCTION_SERVICE_ACCOUNT: '${{ vars.CLOUD_FUNCTION_SERVICE_ACCOUNT }}'
DEPLOYMENT_SERVICE_ACCOUNT: '${{ vars.DEPLOYMENT_SERVICE_ACCOUNT }}'
DEPLOYMENT_WORKLOAD_IDENTITY_PROVIDER: '${{ vars.DEPLOYMENT_WORKLOAD_IDENTITY_PROVIDER }}'
jobs:
deploy:
runs-on: 'ubuntu-latest'
permissions:
contents: 'read'
id-token: 'write'
concurrency: 'deployment'
steps:
- name: 'Checkout'
uses: 'actions/checkout@v3'
- name: 'Authenticate to Google Cloud'
id: 'auth'
uses: 'google-github-actions/auth@v1'
with:
workload_identity_provider: '${{env.DEPLOYMENT_WORKLOAD_IDENTITY_PROVIDER}}'
service_account: '${{env.DEPLOYMENT_SERVICE_ACCOUNT}}'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v1'
- name: 'Zip function source files'
run: 'zip -qq -r -j ${{env.CLOUD_FUNCTION_BUCKET_NAME}} app'
- name: 'Upload function source zip'
id: 'upload-function-source'
uses: 'google-github-actions/upload-cloud-storage@v1'
with:
path: '${{env.CLOUD_FUNCTION_BUCKET_NAME}}'
destination: '${{env.CLOUD_FUNCTION_BUCKET_NAME}}/${{ github.sha }}'
gzip: false
- name: 'Deploy cloud function'
# not using google-github-actions/deploy-cloud-functions@v1 because it is declarative,
# meaning it will overwrite any existing values in a new deployment
run: |
echo ${{ steps.upload-function-source.outputs.uploaded }}
gcloud functions deploy \
--region=$CLOUD_FUNCTION_REGION \
$CLOUD_FUNCTION_NAME \
--source gs://${{env.CLOUD_FUNCTION_BUCKET_NAME}}/${{ steps.upload-function-source.outputs.uploaded }} \
--update-env-vars SPOTIFY_CLIENT_ID=$SPOTIFY_CLIENT_ID,SPOTIFY_CLIENT_SECRET=$SPOTIFY_CLIENT_SECRET,SPOTIFY_REDIRECT_URI=$SPOTIFY_REDIRECT_URI,SOURCE_PLAYLIST_ID=$SOURCE_PLAYLIST_ID,DESTINATION_PLAYLIST_ID=$DESTINATION_PLAYLIST_ID
test-deployment:
runs-on: 'ubuntu-latest'
permissions:
contents: 'read'
id-token: 'write'
needs: 'deploy'
steps:
- name: 'Checkout'
uses: 'actions/checkout@v3'
- name: 'Authenticate to Google Cloud'
id: 'auth'
uses: 'google-github-actions/auth@v1'
with:
# Get an id(!) token to be able to invoke cloud function
token_format: 'id_token'
workload_identity_provider: '${{env.DEPLOYMENT_WORKLOAD_IDENTITY_PROVIDER}}'
service_account: '${{env.DEPLOYMENT_SERVICE_ACCOUNT}}'
id_token_audience: '${{env.CLOUD_FUNCTION_URL}}'
access_token_subject: '${{env.CLOUD_FUNCTION_SERVICE_ACCOUNT}}'
id_token_include_email: true
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v1'
# - name: 'Test cloud function via gcloud (post)'
# run: 'gcloud functions call --region $CLOUD_FUNCTION_REGION $CLOUD_FUNCTION_NAME --data "{}"'
- name: 'Test cloud function via HTTP'
run: |
response=$(curl \
--silent \
-m 310 \
-X POST \
$CLOUD_FUNCTION_URL \
-H "Authorization: bearer ${{ steps.auth.outputs.id_token }}" \
-H "Content-Type: application/json" \
-d '{}')
if [ "$response" == "OK" ]; then
echo "Response is OK"
else
echo "Response is not OK"
exit 1
fi