This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will install Python dependencies, run tests and lint with a single version of Python | |
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions | |
# The full GCP authentication setup is described in this nice blog post: https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions | |
# Here you see how to push to google cloud artifact registry: https://roger-that-dev.medium.com/push-code-with-github-actions-to-google-clouds-artifact-registry-60d256f8072f | |
# Here you see how to deploy a cloudrun: https://github.com/google-github-actions/deploy-cloudrun | |
# Or more generically, setup gcloud: https://github.com/google-github-actions/setup-gcloud | |
name: GCP app deployment | |
on: | |
push: | |
branches: [ deployment/dev, deployment/prd ] | |
# pull_request: | |
# branches: [ master ] | |
#virtualenv venv | |
#source venv/bin/activate | |
#pip install -r ./requirements.txt | |
# | |
#gcloud auth configure-docker europe-west1-docker.pkg.dev | |
#docker build -t europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app . | |
#OR | |
#docker buildx build --platform linux/arm64/v8,linux/amd64 -t europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app . | |
#docker tag europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test1 | |
#docker push europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test1 | |
#docker run -it -e PORT=8080 -p 8080:8080 --rm europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test | |
## Cloudrun deployment | |
# gcloud run deploy tom-toolkit-instance-dev-b614bde8 --image europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test1 --update-labels ^,^managed-by=manual_deploy,commit-sha=XXXXXXXXXXXXXXX --format json --region europe-west1 --project tom-toolkit-dev-hxm | |
# gcloud run services proxy tom-toolkit-instance-dev-b614bde8 --port=8080 --project=tom-toolkit-dev-hxm --region=europe-west1 | |
# cloud-sql-proxy --auto-iam-authn tom-toolkit-dev-hxm:europe-west1:tom-toolkit-instance-dev-ae78f371 | |
#Then go to http://localhost:8080 | |
#env: | |
# IMAGE_NAME: '' | |
# PROJECT_ID: '' | |
# AR_REPO_LOCATION: '' | |
# AR_URL: '' | |
# SERVICE_ACCOUNT: '' | |
# WORKLOAD_IDENTITY_PROVIDER: '' | |
# CLOUDRUN_INSTANCE_NAME: '' | |
jobs: | |
push_push_deploy: | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
runs-on: ubuntu-latest | |
environment: |- | |
${{ github.ref_name == 'deployment/dev' && 'dev' | |
|| github.ref_name == 'deployment/prd' && 'prd' }} | |
env: | |
GOOGLE_CLOUD_PROJECT: ${{ vars.PROJECT_ID }} | |
steps: | |
# - shell: bash | |
# run: | | |
# echo "YOUR WIP is ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }} " | |
- uses: 'actions/checkout@v4' | |
- id: 'auth' # The exact debug procedure is described here: https://cloud.google.com/iam/docs/audit-logging/examples-workload-identity#exchange-federated | |
uses: 'google-github-actions/auth@v2' # https://github.com/google-github-actions/auth | |
with: | |
token_format: access_token | |
project_id: ${{ vars.PROJECT_ID }} | |
workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ vars.SERVICE_ACCOUNT }} | |
- id: 'docker-auth' | |
uses: 'docker/login-action@v3' | |
with: | |
username: 'oauth2accesstoken' | |
password: '${{ steps.auth.outputs.access_token }}' | |
registry: '${{ vars.AR_REPO_LOCATION }}-docker.pkg.dev' | |
# - id: 'Set up Cloud SDK' | |
# uses: 'google-github-actions/setup-gcloud@v2' | |
# with: | |
# version: '>= 363.0.0' | |
- id: 'build_and_push' | |
run: |- | |
echo "skipx" | |
# docker buildx build --platform linux/amd64 -t ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }} . | |
# docker tag ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }} ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }}:${{ github.sha }} | |
# #gcloud auth configure-docker ${{ vars.AR_REPO_LOCATION }}-docker.pkg.dev | |
# docker push ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }}:${{ github.sha }} | |
- id: 'setup_python' | |
uses: actions/setup-python@v2 | |
with: | |
python-version: "3.11.7" | |
- id: 'install_dependencies' | |
run: | | |
python -m pip install --upgrade pip | |
python -m pip install poetry | |
poetry install | |
- id: 'migrate_db' | |
run: |- # see https://github.com/GoogleCloudPlatform/cloud-sql-proxy/issues/1989 | |
curl -o ./cloud-sql-proxy https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.13.0/cloud-sql-proxy.linux.amd64 | |
chmod +x ./cloud-sql-proxy | |
nohup ./cloud-sql-proxy --auto-iam-authn ${{ vars.PROJECT_ID }}:${{ vars.CLOUDSQL_LOCATION }}:${{vars.CLOUDSQL_INSTANCE_NAME }} > cloud-sql-proxy.out 2> cloud-sql-proxy.err < /dev/null & | |
echo $! | |
echo CLOUD_SQL_PROXY_PID=$(echo $!) >> $GITHUB_ENV | |
export USE_CLOUD_SQL_AUTH_PROXY=true | |
poetry run python manage.py migrate | |
- id: 'collect_static' | |
run: |- | |
echo yes | poetry run python manage.py collectstatic | |
# Deploy comes from https://github.com/google-github-actions/deploy-cloudrun | |
- id: 'deploy' | |
uses: 'google-github-actions/deploy-cloudrun@v2' | |
with: | |
service: ${{ vars.CLOUDRUN_INSTANCE_NAME }} | |
image: ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }}:${{ github.sha }} | |
project_id: ${{ vars.PROJECT_ID }} | |
region: ${{ vars.AR_REPO_LOCATION }} | |
env_vars_update_strategy: merge # will be changed from terraform | |
# env_vars: |- | |
# FRUIT=apple | |
# SENTENCE=" this will retain leading and trailing spaces " | |
# env_vars_file: | |
secrets_update_strategy: merge # will be changed from terraform | |
# - name: 'Use output' | |
# run: 'curl "${{ steps.deploy.outputs.url }}"' |