Skip to content
Prod

Merge pull request #511 from yusuke-suzuki/restore-web-push #10

Sign in to view logs

Merge pull request #511 from yusuke-suzuki/restore-web-push

Merge pull request #511 from yusuke-suzuki/restore-web-push #10

Workflow file for this run

.github/workflows/prod.yaml at 2cee486
name: Prod
on:
push:
tags:
- v*
env:
PROJECT_ID: qoodish
ARTIFACT_REGISTRY: asia-northeast1-docker.pkg.dev
SERVICE_NAME: qoodish-api
jobs:
build-image:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: auth
uses: google-github-actions/auth@v1
with:
token_format: access_token
workload_identity_provider: projects/438842534630/locations/global/workloadIdentityPools/github-actions/providers/github-actions
service_account: github-actions@qoodish-common.iam.gserviceaccount.com
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
- name: Login to GAR
uses: docker/login-action@v3
with:
registry: ${{ env.ARTIFACT_REGISTRY }}
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.ARTIFACT_REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.SERVICE_NAME }}/${{ env.SERVICE_NAME }}
labels: |
org.opencontainers.image.revision=${{ env.GITHUB_SHA }}
tags: |
type=ref,event=tag,prefix=,suffix=
type=sha,prefix=,suffix=,format=long
- name: Build and push image
id: build-and-push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
deploy-runner:
needs:
- build-image
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: auth
uses: google-github-actions/auth@v1
with:
workload_identity_provider: projects/438842534630/locations/global/workloadIdentityPools/github-actions/providers/github-actions
service_account: github-actions@qoodish-common.iam.gserviceaccount.com
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v1
- name: Deploy Job
env:
CLOUDSDK_CORE_DISABLE_PROMPTS: 1
CLOUD_RUN_SA_NAME: prod-qoodish-api@qoodish-common.iam.gserviceaccount.com
GOOGLE_CLIENT_ID: 115356917720757577784
DB_HOST: 10.86.64.3
GOOGLE_IID_ENDPOINT: https://iid.googleapis.com
ALLOWED_ENDPOINTS: https://qoodish.com
CLOUD_STORAGE_ENDPOINT: https://storage.googleapis.com
CLOUD_STORAGE_BUCKET_NAME: qoodish.appspot.com
GOOGLE_ACCOUNT_TYPE: service_account
run: |
gcloud beta run jobs deploy qoodish-runner \
--region=asia-northeast1 \
--project=$PROJECT_ID \
--cpu=1000m \
--memory=512Mi \
--service-account=$CLOUD_RUN_SA_NAME \
--execution-environment=gen2 \
--image=$ARTIFACT_REGISTRY/$PROJECT_ID/$SERVICE_NAME/$SERVICE_NAME:$GITHUB_SHA \
--network=default \
--subnet=default \
--vpc-egress=private-ranges-only \
--set-env-vars "RAILS_ENV=production" \
--set-env-vars "GOOGLE_CLIENT_EMAIL=$CLOUD_RUN_SA_NAME" \
--set-env-vars "GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID" \
--set-env-vars "DB_HOST=$DB_HOST" \
--set-env-vars "DB_PORT=3306" \
--set-env-vars "ALLOWED_ENDPOINTS=$ALLOWED_ENDPOINTS" \
--set-env-vars "CLOUD_STORAGE_ENDPOINT=$CLOUD_STORAGE_ENDPOINT" \
--set-env-vars "CLOUD_STORAGE_BUCKET_NAME=$CLOUD_STORAGE_BUCKET_NAME" \
--set-env-vars "GOOGLE_PROJECT_ID=$PROJECT_ID" \
--set-env-vars "GOOGLE_ACCOUNT_TYPE=$GOOGLE_ACCOUNT_TYPE" \
--set-secrets "GOOGLE_API_KEY_SERVER=QOODISH_API_GOOGLE_API_KEY:latest" \
--set-secrets "RAILS_MASTER_KEY=QOODISH_API_RAILS_MASTER_KEY:latest" \
--set-secrets "GOOGLE_PRIVATE_KEY=QOODISH_API_GOOGLE_PRIVATE_KEY:latest" \
--set-secrets "DB_PASSWORD=QOODISH_API_DB_PASSWORD:latest" \
--set-secrets "DB_USER=QOODISH_API_DB_USER:latest"
deploy-api:
needs:
- build-image
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: auth
uses: google-github-actions/auth@v1
with:
workload_identity_provider: projects/438842534630/locations/global/workloadIdentityPools/github-actions/providers/github-actions
service_account: github-actions@qoodish-common.iam.gserviceaccount.com
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v1
- name: Set release version
run: |
echo "RELEASE_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
- name: Set Cloud Run tag name
run: |
echo "CLOUD_RUN_TAG=$(echo ${RELEASE_VERSION} | sed -e "s/\./\-/g")" >> $GITHUB_ENV
- name: Deploy revision
env:
CLOUDSDK_CORE_DISABLE_PROMPTS: 1
CLOUD_RUN_SA_NAME: prod-qoodish-api@qoodish-common.iam.gserviceaccount.com
GOOGLE_CLIENT_ID: 115356917720757577784
DB_HOST: 10.86.64.3
ALLOWED_ENDPOINTS: https://qoodish.com
CLOUD_STORAGE_ENDPOINT: https://storage.googleapis.com
CLOUD_STORAGE_BUCKET_NAME: qoodish.appspot.com
GOOGLE_ACCOUNT_TYPE: service_account
run: |
gcloud beta run deploy qoodish-api \
--platform=managed \
--region=asia-northeast1 \
--project=$PROJECT_ID \
--cpu=1000m \
--cpu-boost \
--memory=512Mi \
--max-instances=2 \
--port=8080 \
--service-account=$CLOUD_RUN_SA_NAME \
--ingress=all \
--allow-unauthenticated \
--execution-environment=gen2 \
--no-traffic \
--tag=${{ env.CLOUD_RUN_TAG }} \
--image=$ARTIFACT_REGISTRY/$PROJECT_ID/$SERVICE_NAME/$SERVICE_NAME:$GITHUB_SHA \
--network=default \
--subnet=default \
--vpc-egress=private-ranges-only \
--set-env-vars "RAILS_ENV=production" \
--set-env-vars "GOOGLE_CLIENT_EMAIL=$CLOUD_RUN_SA_NAME" \
--set-env-vars "GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID" \
--set-env-vars "DB_HOST=$DB_HOST" \
--set-env-vars "DB_PORT=3306" \
--set-env-vars "ALLOWED_ENDPOINTS=$ALLOWED_ENDPOINTS" \
--set-env-vars "CLOUD_STORAGE_ENDPOINT=$CLOUD_STORAGE_ENDPOINT" \
--set-env-vars "CLOUD_STORAGE_BUCKET_NAME=$CLOUD_STORAGE_BUCKET_NAME" \
--set-env-vars "GOOGLE_PROJECT_ID=$PROJECT_ID" \
--set-env-vars "GOOGLE_ACCOUNT_TYPE=$GOOGLE_ACCOUNT_TYPE" \
--set-secrets "GOOGLE_API_KEY_SERVER=QOODISH_API_GOOGLE_API_KEY:latest" \
--set-secrets "RAILS_MASTER_KEY=QOODISH_API_RAILS_MASTER_KEY:latest" \
--set-secrets "GOOGLE_PRIVATE_KEY=QOODISH_API_GOOGLE_PRIVATE_KEY:latest" \
--set-secrets "DB_PASSWORD=QOODISH_API_DB_PASSWORD:latest" \
--set-secrets "DB_USER=QOODISH_API_DB_USER:latest"