Skip to content

Workflow file for this run

# This workflow will install Python dependencies, run tests and lint with a single version of Python
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
# The full GCP authentication setup is described in this nice blog post: https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions
# Here you see how to push to google cloud artifact registry: https://roger-that-dev.medium.com/push-code-with-github-actions-to-google-clouds-artifact-registry-60d256f8072f
# Here you see how to deploy a cloudrun: https://github.com/google-github-actions/deploy-cloudrun
# Or more generically, setup gcloud: https://github.com/google-github-actions/setup-gcloud
name: GCP app deployment
on:
push:
branches: [ deployment/dev, deployment/prd ]
# pull_request:
# branches: [ master ]
#virtualenv venv
#source venv/bin/activate
#pip install -r ./requirements.txt
#
#gcloud auth configure-docker europe-west1-docker.pkg.dev
#docker build -t europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app .
#OR
#docker buildx build --platform linux/arm64/v8,linux/amd64 -t europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app .
#docker tag europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test1
#docker push europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test1
#docker run -it -e PORT=8080 -p 8080:8080 --rm europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test
## Cloudrun deployment
# gcloud run deploy tom-toolkit-instance-dev-b614bde8 --image europe-west1-docker.pkg.dev/tom-toolkit-dev-hxm/remote-observatory-tom-repo/tom_app:test1 --update-labels ^,^managed-by=manual_deploy,commit-sha=XXXXXXXXXXXXXXX --format json --region europe-west1 --project tom-toolkit-dev-hxm
# gcloud run services proxy tom-toolkit-instance-dev-b614bde8 --port=8080 --project=tom-toolkit-dev-hxm --region=europe-west1
# cloud-sql-proxy --auto-iam-authn tom-toolkit-dev-hxm:europe-west1:tom-toolkit-instance-dev-ae78f371
#Then go to http://localhost:8080
#env:
# IMAGE_NAME: ''
# PROJECT_ID: ''
# AR_REPO_LOCATION: ''
# AR_URL: ''
# SERVICE_ACCOUNT: ''
# WORKLOAD_IDENTITY_PROVIDER: ''
# CLOUDRUN_INSTANCE_NAME: ''
jobs:
push_push_deploy:
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
runs-on: ubuntu-latest
environment: |-
${{ github.ref_name == 'deployment/dev' && 'dev'
|| github.ref_name == 'deployment/prd' && 'prd' }}
env:
GOOGLE_CLOUD_PROJECT: ${{ vars.PROJECT_ID }}
DEBUG: True
steps:
# - shell: bash
# run: |
# echo "YOUR WIP is ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }} "
- uses: 'actions/checkout@v4'
- id: 'auth' # The exact debug procedure is described here: https://cloud.google.com/iam/docs/audit-logging/examples-workload-identity#exchange-federated
uses: 'google-github-actions/auth@v2' # https://github.com/google-github-actions/auth
with:
token_format: access_token
project_id: ${{ vars.PROJECT_ID }}
workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ vars.SERVICE_ACCOUNT }}
- id: 'docker-auth'
uses: 'docker/login-action@v3'
with:
username: 'oauth2accesstoken'
password: '${{ steps.auth.outputs.access_token }}'
registry: '${{ vars.AR_REPO_LOCATION }}-docker.pkg.dev'
# - id: 'Set up Cloud SDK'
# uses: 'google-github-actions/setup-gcloud@v2'
# with:
# version: '>= 363.0.0'
- id: 'build_and_push'
run: |-
echo "skipx"
# docker buildx build --platform linux/amd64 -t ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }} .
# docker tag ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }} ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }}:${{ github.sha }}
# #gcloud auth configure-docker ${{ vars.AR_REPO_LOCATION }}-docker.pkg.dev
# docker push ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }}:${{ github.sha }}
- id: 'setup_python'
uses: actions/setup-python@v2
with:
python-version: "3.11.7"
- id: 'install_dependencies'
run: |
python -m pip install --upgrade pip
python -m pip install poetry
poetry install
- id: 'migrate_db'
run: |- # see https://github.com/GoogleCloudPlatform/cloud-sql-proxy/issues/1989
curl -o ./cloud-sql-proxy https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.13.0/cloud-sql-proxy.linux.amd64
chmod +x ./cloud-sql-proxy
nohup ./cloud-sql-proxy --auto-iam-authn ${{ vars.PROJECT_ID }}:${{ vars.CLOUDSQL_LOCATION }}:${{vars.CLOUDSQL_INSTANCE_NAME }} > cloud-sql-proxy.out 2> cloud-sql-proxy.err < /dev/null &
echo $!
echo CLOUD_SQL_PROXY_PID=$(echo $!) >> $GITHUB_ENV
export USE_CLOUD_SQL_AUTH_PROXY=true
poetry run python manage.py migrate
- id: 'collect_static'
run: |-
echo yes | poetry run python manage.py collectstatic
# Deploy comes from https://github.com/google-github-actions/deploy-cloudrun
- id: 'deploy'
uses: 'google-github-actions/deploy-cloudrun@v2'
with:
service: ${{ vars.CLOUDRUN_INSTANCE_NAME }}
image: ${{ vars.AR_URL }}/${{ vars.IMAGE_NAME }}:${{ github.sha }}
project_id: ${{ vars.PROJECT_ID }}
region: ${{ vars.AR_REPO_LOCATION }}
env_vars_update_strategy: merge # will be changed from terraform
# env_vars: |-
# FRUIT=apple
# SENTENCE=" this will retain leading and trailing spaces "
# env_vars_file:
secrets_update_strategy: merge # will be changed from terraform
# - name: 'Use output'
# run: 'curl "${{ steps.deploy.outputs.url }}"'