-
Notifications
You must be signed in to change notification settings - Fork 0
56 lines (46 loc) · 1.86 KB
/
image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
name: Docker Image
on:
push:
branches:
- main
jobs:
build-and-push-image:
name: "Synchro Image"
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
- name: GCP Workload Identity Auth
id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: projects/791837997629/locations/global/workloadIdentityPools/github-actions-pool/providers/gha-id-pool-provider
service_account: [email protected]
- name: "Auth to AR"
run: gcloud auth configure-docker us-east4-docker.pkg.dev
- name: "Build Docker Image"
run: |
docker build . \
-f Dockerfile \
-t us-east4-docker.pkg.dev/surface-420608/stable/synchro-kotlin:${GITHUB_SHA::6} \
-t us-east4-docker.pkg.dev/surface-420608/stable/synchro-kotlin:latest
- name: "Push Docker Image to AR"
run: |
docker push us-east4-docker.pkg.dev/surface-420608/stable/synchro-kotlin:${GITHUB_SHA::6}
docker push us-east4-docker.pkg.dev/surface-420608/stable/synchro-kotlin:latest
- name: "Deploy"
if:
run: |
echo "***DO NOT USE*** THESE VALUES IN PRODUCTION!"
echo "USE SECRETS MANAGER FOR JWT SIGNING KEY, OR A THIRD PARTY PROVIDER LIKE HASHICORP."
echo "DEBUG: surface:*" >> env.yaml
echo "SELF_RPC_HOST: https://surface-demo-app-5v6fvk5ela-uw.a.run.app/" >> env.yaml
echo "JWT_SECRET: sup4h.secr1t.jwt.🔑" >> env.yaml
gcloud run deploy surface-demo-app \
--image "${{ secrets.GCP_AR_PATH }}/app:${GITHUB_SHA::6}" \
--env-vars-file env.yaml \
--service-account ${{ secrets.GCP_APP_SERVICE_ACCOUNT }} \
--region us-west1 \
--allow-unauthenticated