add gated release to production (#12)

verbanicm · web-flow · commit 8468a1de2bac · 2023-02-01T14:55:06.000-05:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -128,7 +128,7 @@ jobs:
           gcloud run services update ${{ env.INTEGRATION_SERVICE_NAME }} \
             --project="${{ env.INTEGRATION_PROJECT_ID }}" \
             --region="${{ env.INTEGRATION_REGION }}" \
-            --image="${{ env.DOCKER_REPO }}/github-metrics-aggregator-server:${{ env.DOCKER_TAG }}"
+            --image="${{ env.DOCKER_REPO }}/github-metrics-aggregator-server:${{ env.DOCKER_TAG }}-amd64"
 
   integration:
     runs-on: 'ubuntu-latest'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -19,10 +19,13 @@ on:
     tags:
       - 'v*'
 env:
-  SOURCE_DOCKER_IMAGE: 'us-docker.pkg.dev/github-metrics-ci/ci-images/github-metrics-aggregator-server:${{ github.sha }}'
-  DEST_DOCKER_REPO: 'us-docker.pkg.dev/abcxyz-artifacts/docker-images/github-metrics-aggregator-server:${{ github.ref_name }}'
   WIF_PROVIDER: 'projects/138221849759/locations/global/workloadIdentityPools/github-pool-ac8f/providers/github-provider'
   WIF_SERVICE_ACCOUNT: 'github-metrics-ac8f-ci-sa@github-metrics-ci.iam.gserviceaccount.com'
+  SOURCE_DOCKER_IMAGE: 'us-docker.pkg.dev/github-metrics-ci/ci-images/github-metrics-aggregator-server:${{ github.sha }}'
+  TARGET_DOCKER_IMAGE: 'us-docker.pkg.dev/abcxyz-artifacts/docker-images/github-metrics-aggregator-server:${{ github.ref_name }}'
+  PROD_PROJECT_ID: 'github-metrics-prod'
+  PROD_REGION: 'us-central1'
+  PROD_SERVICE_NAME: 'github-metrics-webhook-51e3'
 
 # Don't cancel in progress since we don't want to have half-baked releases.
 concurrency: '${{ github.workflow }}-${{ github.head_ref || github.ref }}-release'
@@ -58,3 +61,29 @@ jobs:
           docker pull ${{ env.SOURCE_DOCKER_IMAGE }}-arm64
           docker tag ${{ env.SOURCE_DOCKER_IMAGE }}-arm64 ${{ env.TARGET_DOCKER_IMAGE }}-arm64
           docker push ${{ env.TARGET_DOCKER_IMAGE }}-arm64
+
+  production:
+    runs-on: 'ubuntu-latest'
+    environment: 'production'
+    needs:
+      - 'image-release'
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    steps:
+      - name: 'Checkout'
+        uses: 'actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c' # ratchet:actions/checkout@v3
+      - id: 'auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d' # ratchet:google-github-actions/auth@v1
+        with:
+          workload_identity_provider: '${{ env.WIF_PROVIDER }}'
+          service_account: '${{ env.WIF_SERVICE_ACCOUNT }}'
+      - name: 'Setup gcloud'
+        uses: 'google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce' # ratchet:google-github-actions/setup-gcloud@v1
+      - name: 'Deploy to Cloud Run'
+        run: |-
+          gcloud run services update ${{ env.PROD_SERVICE_NAME }} \
+            --project="${{ env.PROD_PROJECT_ID }}" \
+            --region="${{ env.PROD_REGION }}" \
+            --image="${{ env.TARGET_DOCKER_IMAGE }}-amd64"
diff --git a/.goreleaser.docker.yaml b/.goreleaser.docker.yaml
@@ -82,8 +82,7 @@ dockers:
       - '--label=org.opencontainers.image.version={{ .Version }}'
 
 docker_manifests:
-  - name_template: '{{ .Env.DOCKER_REPO }}/github-metrics-aggregator-server:{{ .Env.DOCKER_TAG }}'
-    image_templates:
+  - image_templates:
       - '{{ .Env.DOCKER_REPO }}/github-metrics-aggregator-server:{{ .Env.DOCKER_TAG }}-amd64'
       - '{{ .Env.DOCKER_REPO }}/github-metrics-aggregator-server:{{ .Env.DOCKER_TAG }}-arm64'
 
