Merge pull request #511 from yusuke-suzuki/restore-web-push #10
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Prod | |
on: | |
push: | |
tags: | |
- v* | |
env: | |
PROJECT_ID: qoodish | |
ARTIFACT_REGISTRY: asia-northeast1-docker.pkg.dev | |
SERVICE_NAME: qoodish-api | |
jobs: | |
build-image: | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- id: auth | |
uses: google-github-actions/auth@v1 | |
with: | |
token_format: access_token | |
workload_identity_provider: projects/438842534630/locations/global/workloadIdentityPools/github-actions/providers/github-actions | |
service_account: github-actions@qoodish-common.iam.gserviceaccount.com | |
- name: Setup Docker buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to GAR | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.ARTIFACT_REGISTRY }} | |
username: oauth2accesstoken | |
password: ${{ steps.auth.outputs.access_token }} | |
- name: Extract Docker metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.ARTIFACT_REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.SERVICE_NAME }}/${{ env.SERVICE_NAME }} | |
labels: | | |
org.opencontainers.image.revision=${{ env.GITHUB_SHA }} | |
tags: | | |
type=ref,event=tag,prefix=,suffix= | |
type=sha,prefix=,suffix=,format=long | |
- name: Build and push image | |
id: build-and-push | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
deploy-runner: | |
needs: | |
- build-image | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- id: auth | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: projects/438842534630/locations/global/workloadIdentityPools/github-actions/providers/github-actions | |
service_account: github-actions@qoodish-common.iam.gserviceaccount.com | |
- name: Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@v1 | |
- name: Deploy Job | |
env: | |
CLOUDSDK_CORE_DISABLE_PROMPTS: 1 | |
CLOUD_RUN_SA_NAME: prod-qoodish-api@qoodish-common.iam.gserviceaccount.com | |
GOOGLE_CLIENT_ID: 115356917720757577784 | |
DB_HOST: 10.86.64.3 | |
GOOGLE_IID_ENDPOINT: https://iid.googleapis.com | |
ALLOWED_ENDPOINTS: https://qoodish.com | |
CLOUD_STORAGE_ENDPOINT: https://storage.googleapis.com | |
CLOUD_STORAGE_BUCKET_NAME: qoodish.appspot.com | |
GOOGLE_ACCOUNT_TYPE: service_account | |
run: | | |
gcloud beta run jobs deploy qoodish-runner \ | |
--region=asia-northeast1 \ | |
--project=$PROJECT_ID \ | |
--cpu=1000m \ | |
--memory=512Mi \ | |
--service-account=$CLOUD_RUN_SA_NAME \ | |
--execution-environment=gen2 \ | |
--image=$ARTIFACT_REGISTRY/$PROJECT_ID/$SERVICE_NAME/$SERVICE_NAME:$GITHUB_SHA \ | |
--network=default \ | |
--subnet=default \ | |
--vpc-egress=private-ranges-only \ | |
--set-env-vars "RAILS_ENV=production" \ | |
--set-env-vars "GOOGLE_CLIENT_EMAIL=$CLOUD_RUN_SA_NAME" \ | |
--set-env-vars "GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID" \ | |
--set-env-vars "DB_HOST=$DB_HOST" \ | |
--set-env-vars "DB_PORT=3306" \ | |
--set-env-vars "ALLOWED_ENDPOINTS=$ALLOWED_ENDPOINTS" \ | |
--set-env-vars "CLOUD_STORAGE_ENDPOINT=$CLOUD_STORAGE_ENDPOINT" \ | |
--set-env-vars "CLOUD_STORAGE_BUCKET_NAME=$CLOUD_STORAGE_BUCKET_NAME" \ | |
--set-env-vars "GOOGLE_PROJECT_ID=$PROJECT_ID" \ | |
--set-env-vars "GOOGLE_ACCOUNT_TYPE=$GOOGLE_ACCOUNT_TYPE" \ | |
--set-secrets "GOOGLE_API_KEY_SERVER=QOODISH_API_GOOGLE_API_KEY:latest" \ | |
--set-secrets "RAILS_MASTER_KEY=QOODISH_API_RAILS_MASTER_KEY:latest" \ | |
--set-secrets "GOOGLE_PRIVATE_KEY=QOODISH_API_GOOGLE_PRIVATE_KEY:latest" \ | |
--set-secrets "DB_PASSWORD=QOODISH_API_DB_PASSWORD:latest" \ | |
--set-secrets "DB_USER=QOODISH_API_DB_USER:latest" | |
deploy-api: | |
needs: | |
- build-image | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- id: auth | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: projects/438842534630/locations/global/workloadIdentityPools/github-actions/providers/github-actions | |
service_account: github-actions@qoodish-common.iam.gserviceaccount.com | |
- name: Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@v1 | |
- name: Set release version | |
run: | | |
echo "RELEASE_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV | |
- name: Set Cloud Run tag name | |
run: | | |
echo "CLOUD_RUN_TAG=$(echo ${RELEASE_VERSION} | sed -e "s/\./\-/g")" >> $GITHUB_ENV | |
- name: Deploy revision | |
env: | |
CLOUDSDK_CORE_DISABLE_PROMPTS: 1 | |
CLOUD_RUN_SA_NAME: prod-qoodish-api@qoodish-common.iam.gserviceaccount.com | |
GOOGLE_CLIENT_ID: 115356917720757577784 | |
DB_HOST: 10.86.64.3 | |
ALLOWED_ENDPOINTS: https://qoodish.com | |
CLOUD_STORAGE_ENDPOINT: https://storage.googleapis.com | |
CLOUD_STORAGE_BUCKET_NAME: qoodish.appspot.com | |
GOOGLE_ACCOUNT_TYPE: service_account | |
run: | | |
gcloud beta run deploy qoodish-api \ | |
--platform=managed \ | |
--region=asia-northeast1 \ | |
--project=$PROJECT_ID \ | |
--cpu=1000m \ | |
--cpu-boost \ | |
--memory=512Mi \ | |
--max-instances=2 \ | |
--port=8080 \ | |
--service-account=$CLOUD_RUN_SA_NAME \ | |
--ingress=all \ | |
--allow-unauthenticated \ | |
--execution-environment=gen2 \ | |
--no-traffic \ | |
--tag=${{ env.CLOUD_RUN_TAG }} \ | |
--image=$ARTIFACT_REGISTRY/$PROJECT_ID/$SERVICE_NAME/$SERVICE_NAME:$GITHUB_SHA \ | |
--network=default \ | |
--subnet=default \ | |
--vpc-egress=private-ranges-only \ | |
--set-env-vars "RAILS_ENV=production" \ | |
--set-env-vars "GOOGLE_CLIENT_EMAIL=$CLOUD_RUN_SA_NAME" \ | |
--set-env-vars "GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID" \ | |
--set-env-vars "DB_HOST=$DB_HOST" \ | |
--set-env-vars "DB_PORT=3306" \ | |
--set-env-vars "ALLOWED_ENDPOINTS=$ALLOWED_ENDPOINTS" \ | |
--set-env-vars "CLOUD_STORAGE_ENDPOINT=$CLOUD_STORAGE_ENDPOINT" \ | |
--set-env-vars "CLOUD_STORAGE_BUCKET_NAME=$CLOUD_STORAGE_BUCKET_NAME" \ | |
--set-env-vars "GOOGLE_PROJECT_ID=$PROJECT_ID" \ | |
--set-env-vars "GOOGLE_ACCOUNT_TYPE=$GOOGLE_ACCOUNT_TYPE" \ | |
--set-secrets "GOOGLE_API_KEY_SERVER=QOODISH_API_GOOGLE_API_KEY:latest" \ | |
--set-secrets "RAILS_MASTER_KEY=QOODISH_API_RAILS_MASTER_KEY:latest" \ | |
--set-secrets "GOOGLE_PRIVATE_KEY=QOODISH_API_GOOGLE_PRIVATE_KEY:latest" \ | |
--set-secrets "DB_PASSWORD=QOODISH_API_DB_PASSWORD:latest" \ | |
--set-secrets "DB_USER=QOODISH_API_DB_USER:latest" |