Skip to content

Commit 925522b

Browse files
stdavisstdavis
committed
ci: set up deploy cloudrun composite action
1 parent bb5b52a commit 925522b

File tree

4 files changed

+161
-196
lines changed

4 files changed

+161
-196
lines changed

.github/actions/deploy-cloudrun/action.yml

+116
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,116 @@
1+
name: Deploy
2+
description: Deploy to GCP
3+
inputs:
4+
project_id:
5+
description: 'The GCP project ID'
6+
required: true
7+
identity_provider:
8+
description: 'The identity provider for the workload identity'
9+
required: true
10+
service_account_email:
11+
description: 'The service account email'
12+
required: true
13+
pause_schedule_job:
14+
description: 'Pause the scheduler job'
15+
required: false
16+
default: 'no'
17+
github_token:
18+
description: 'The GitHub token'
19+
required: true
20+
21+
runs:
22+
using: composite
23+
steps:
24+
- name: Set globals
25+
id: globals
26+
shell: bash
27+
run: |
28+
echo "TOPIC_NAME=backup-topic" >> "${GITHUB_OUTPUT}"
29+
echo "CRON=0 4 * * *" >> "${GITHUB_OUTPUT}"
30+
echo "JOB_NAME=nightly" >> "${GITHUB_OUTPUT}"
31+
echo "JOB_DESCRIPTION=Trigger the backup job every evening at 10 PM MDT" >> "${GITHUB_OUTPUT}"
32+
33+
- name: 🗝️ Authenticate to Google Cloud
34+
id: auth
35+
uses: google-github-actions/auth@v2
36+
with:
37+
token_format: access_token
38+
workload_identity_provider: ${{ inputs.identity_provider }}
39+
service_account: ${{ inputs.service_account_email }}
40+
41+
- name: 🐳 Set up Docker Buildx
42+
id: builder
43+
uses: docker/setup-buildx-action@v3
44+
45+
- name: 🗝️ Authenticate Docker to Google Cloud
46+
uses: docker/login-action@v3
47+
with:
48+
registry: us-central1-docker.pkg.dev
49+
username: oauth2accesstoken
50+
password: ${{ steps.auth.outputs.access_token }}
51+
52+
- name: 🏷️ Extract tags from GitHub
53+
id: meta
54+
uses: docker/metadata-action@v5
55+
with:
56+
github-token: ${{ inputs.github_token }}
57+
images: us-central1-docker.pkg.dev/${{ inputs.project_id }}/images/job
58+
tags: |
59+
type=ref,suffix=-{{sha}},event=branch
60+
type=ref,prefix=pr-,suffix=-{{sha}},event=pr
61+
type=semver,pattern={{version}}
62+
latest
63+
64+
- name: 📦 Build and push image
65+
uses: docker/build-push-action@v6
66+
with:
67+
builder: ${{ steps.builder.outputs.name }}
68+
tags: ${{ steps.meta.outputs.tags }}
69+
context: ./jobs
70+
file: ./Dockerfile
71+
push: true
72+
cache-from: type=gha
73+
cache-to: type=gha,mode=max
74+
provenance: false
75+
76+
- name: 🚀 Deploy Main Cloud Run Job
77+
id: deploy
78+
uses: google-github-actions/deploy-cloudrun@v2
79+
with:
80+
job: ${{ steps.globals.outputs.JOB_NAME }}
81+
image: us-central1-docker.pkg.dev/${{ inputs.project_id }}/images/job:latest
82+
timeout: 60m
83+
secrets: |
84+
/secrets/app/secrets.json=secrets:latest
85+
flags: |
86+
--memory=512Mi
87+
--service-account=cloud-run-sa@${{ inputs.project_id }}.iam.gserviceaccount.com
88+
89+
- name: 🕰️ Create Main Cloud Scheduler
90+
shell: bash
91+
run: |
92+
if [ ! "$(gcloud scheduler jobs list --location=us-central1 | grep ${{ steps.globals.outputs.JOB_NAME }})" ]; then
93+
gcloud scheduler jobs create http "${{ steps.globals.outputs.JOB_NAME }}" \
94+
--description="${{ steps.globals.outputs.JOB_DESCRIPTION }}" \
95+
--schedule="${{ steps.globals.outputs.CRON }}" \
96+
--time-zone=America/Denver \
97+
--location=us-central1 \
98+
--uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ inputs.project_id }}/jobs/${{ steps.globals.outputs.JOB_NAME }}:run" \
99+
--oauth-service-account-email=scheduler-sa@${{ inputs.project_id }}.iam.gserviceaccount.com \
100+
--quiet
101+
else
102+
gcloud scheduler jobs update http "${{ steps.globals.outputs.JOB_NAME }}" \
103+
--description="${{ steps.globals.outputs.JOB_DESCRIPTION }}" \
104+
--schedule="${{ steps.globals.outputs.CRON }}" \
105+
--time-zone=America/Denver \
106+
--location=us-central1 \
107+
--uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ inputs.project_id }}/jobs/${{ steps.globals.outputs.JOB_NAME }}:run" \
108+
--oauth-service-account-email=scheduler-sa@${{ inputs.project_id }}.iam.gserviceaccount.com \
109+
--quiet
110+
fi
111+
112+
- name: 🙅 Pause Scheduler Job
113+
shell: bash
114+
if: inputs.pause_schedule_job != 'no'
115+
run: |
116+
gcloud scheduler jobs pause "${{ steps.globals.outputs.JOB_NAME }}" --location=us-central1 --quiet

.github/workflows/push.yml

+26
Original file line numberDiff line numberDiff line change
@@ -49,3 +49,29 @@ jobs:
4949
build-command: npm run build -- --mode dev
5050
env:
5151
VITE_FIREBASE_CONFIG: ${{ secrets.FIREBASE_CONFIG }}
52+
53+
deploy-cloudrun-dev:
54+
name: Deploy Cloud Run to dev
55+
runs-on: ubuntu-latest
56+
if: github.ref_name == 'dev'
57+
environment:
58+
name: dev
59+
permissions:
60+
id-token: write
61+
contents: read
62+
63+
steps:
64+
- name: ⬇️ Set up code
65+
uses: actions/checkout@v4
66+
with:
67+
show-progress: false
68+
69+
- name: 🚀 Deploy
70+
uses: ./.github/actions/deploy-cloudrun
71+
timeout-minutes: 15
72+
with:
73+
project_id: ${{ secrets.PROJECT_ID }}
74+
identity_provider: ${{ secrets.IDENTITY_PROVIDER }}
75+
service_account_email: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
76+
pause_schedule_job: 'yes'
77+
github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

+10-195
Original file line numberDiff line numberDiff line change
@@ -9,215 +9,30 @@ concurrency:
99
cancel-in-progress: true
1010

1111
jobs:
12-
deploy-python-dev:
13-
name: Deploy python to staging
14-
needs: test
15-
runs-on: ubuntu-latest
16-
if: github.ref == 'refs/heads/dev'
17-
environment:
18-
name: dev
19-
permissions:
20-
id-token: write
21-
contents: read
22-
23-
steps:
24-
- name: ⬇️ Checkout code
25-
uses: actions/checkout@v4
26-
with:
27-
show-progress: false
28-
29-
- name: 🗝️ Authenticate to Google Cloud
30-
id: auth
31-
uses: google-github-actions/auth@v2
32-
with:
33-
workload_identity_provider: ${{ secrets.IDENTITY_PROVIDER }}
34-
service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
35-
token_format: 'access_token'
36-
37-
- name: 🐳 Set up Docker Buildx
38-
id: builder
39-
uses: docker/setup-buildx-action@v3
40-
41-
- name: 🗝️ Authenticate Docker to Google Cloud
42-
uses: docker/login-action@v3
43-
with:
44-
registry: us-central1-docker.pkg.dev
45-
username: oauth2accesstoken
46-
password: ${{ steps.auth.outputs.access_token }}
47-
48-
- name: 🏷️ Extract tags from GitHub
49-
id: meta
50-
uses: docker/metadata-action@v5
51-
with:
52-
github-token: ${{ secrets.GITHUB_TOKEN }}
53-
images: us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job
54-
tags: |
55-
type=ref,suffix=-{{sha}},event=branch
56-
type=ref,prefix=pr-,suffix=-{{sha}},event=pr
57-
type=semver,pattern={{version}}
58-
latest
59-
60-
- name: 📦 Build and push image
61-
uses: docker/build-push-action@v6
62-
with:
63-
builder: ${{ steps.builder.outputs.name }}
64-
tags: ${{ steps.meta.outputs.tags }}
65-
context: .
66-
file: ./Dockerfile
67-
push: true
68-
cache-from: type=gha
69-
cache-to: type=gha,mode=max
70-
provenance: false
71-
72-
- name: ☁️ Set up Cloud SDK
73-
uses: google-github-actions/setup-gcloud@v2
74-
75-
- name: 🚀 Deploy to Cloud Run Job
76-
uses: google-github-actions/deploy-cloudrun@v2
77-
with:
78-
project_id: secrets.PROJECT_ID
79-
region: us-central1
80-
image: us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job:latest
81-
job: default
82-
secrets: /secrets/app/secrets.json=skid-secrets:latest
83-
timeout: 3h
84-
flags: >
85-
'--cpu=1
86-
--memory=3Gi
87-
--service-account=cloud-run-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
88-
--timeout=3h
89-
--max-instances=1
90-
--max-retries=0
91-
--parallelism=0'
92-
93-
- name: 🕰️ Create Cloud Scheduler
94-
run: |
95-
if [ ! "$(gcloud scheduler jobs list --location=us-central1 | grep saturday-evening)" ]; then
96-
gcloud scheduler jobs create http saturday-evening \
97-
--description="Trigger the nfhl-skid bot once a week on saturday evening" \
98-
--schedule="0 3 * * 6" \
99-
--time-zone=America/Denver \
100-
--location=us-central1 \
101-
--uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ secrets.PROJECT_ID }}/jobs/default:run" \
102-
--oauth-service-account-email=scheduler-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
103-
else
104-
gcloud scheduler jobs update http saturday-evening \
105-
--description="Trigger the nfhl-skid bot once a week on saturday evening" \
106-
--schedule="0 3 * * 6" \
107-
--time-zone=America/Denver \
108-
--location=us-central1 \
109-
--uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ secrets.PROJECT_ID }}/jobs/default:run" \
110-
--oauth-service-account-email=scheduler-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
111-
fi
112-
113-
deploy-python-prod:
12+
deploy-cloudrun-prod:
11413
name: Deploy python production
115-
needs: test
11614
runs-on: ubuntu-latest
117-
if: github.ref == 'refs/heads/main'
15+
if: github.ref_name == 'main'
11816
environment:
11917
name: prod
12018
permissions:
12119
id-token: write
12220
contents: read
12321

12422
steps:
125-
- name: ⬇️ Checkout code
23+
- name: ⬇️ Set up code
12624
uses: actions/checkout@v4
12725
with:
12826
show-progress: false
12927

130-
- name: 🗝️ Authenticate to Google Cloud
131-
id: auth
132-
uses: google-github-actions/auth@v2
133-
with:
134-
workload_identity_provider: ${{ secrets.IDENTITY_PROVIDER }}
135-
service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
136-
token_format: 'access_token'
137-
138-
- name: 🐳 Set up Docker Buildx
139-
id: builder
140-
uses: docker/setup-buildx-action@v3
141-
142-
- name: 🗝️ Authenticate Docker to Google Cloud
143-
uses: docker/login-action@v3
144-
with:
145-
registry: us-central1-docker.pkg.dev
146-
username: oauth2accesstoken
147-
password: ${{ steps.auth.outputs.access_token }}
148-
149-
- name: 🏷️ Extract tags from GitHub
150-
id: meta
151-
uses: docker/metadata-action@v5
152-
with:
153-
github-token: ${{ secrets.GITHUB_TOKEN }}
154-
images: us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job
155-
tags: |
156-
type=ref,suffix=-{{sha}},event=branch
157-
type=ref,prefix=pr-,suffix=-{{sha}},event=pr
158-
type=semver,pattern={{version}}
159-
latest
160-
161-
- name: 📦 Build and push image
162-
uses: docker/build-push-action@v6
28+
- name: 🚀 Deploy
29+
uses: ./.github/actions/deploy-cloudrun
30+
timeout-minutes: 15
16331
with:
164-
builder: ${{ steps.builder.outputs.name }}
165-
tags: ${{ steps.meta.outputs.tags }}
166-
context: .
167-
file: ./Dockerfile
168-
push: true
169-
cache-from: type=gha
170-
cache-to: type=gha,mode=max
171-
provenance: false
172-
173-
- name: ☁️ Set up Cloud SDK
174-
uses: google-github-actions/setup-gcloud@v2
175-
176-
- name: 🚀 Deploy to Cloud Run Job
177-
run: |
178-
if [ ! "$(gcloud run jobs list | grep default)" ]; then
179-
gcloud run jobs create default \
180-
--region us-central1 \
181-
--image us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job:latest \
182-
--service-account cloud-run-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com \
183-
--memory=3Gi \
184-
--cpu=1 \
185-
--max-retries 0 \
186-
--parallelism 0 \
187-
--set-secrets=/secrets/app/secrets.json=skid-secrets:latest \
188-
--task-timeout 3h
189-
else
190-
gcloud run jobs update default \
191-
--region us-central1 \
192-
--image us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job:latest \
193-
--service-account cloud-run-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com \
194-
--memory=3Gi \
195-
--cpu=1 \
196-
--max-retries 0 \
197-
--parallelism 0 \
198-
--set-secrets=/secrets/app/secrets.json=skid-secrets:latest \
199-
--task-timeout 3h
200-
fi
201-
202-
- name: 🕰️ Create Cloud Scheduler
203-
run: |
204-
if [ ! "$(gcloud scheduler jobs list --location=us-central1 | grep saturday-evening)" ]; then
205-
gcloud scheduler jobs create http saturday-evening \
206-
--description="Trigger the nfhl-skid bot once a week on saturday evening" \
207-
--schedule="0 3 * * 6" \
208-
--time-zone=America/Denver \
209-
--location=us-central1 \
210-
--uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ secrets.PROJECT_ID }}/jobs/default:run" \
211-
--oauth-service-account-email=scheduler-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
212-
else
213-
gcloud scheduler jobs update http saturday-evening \
214-
--description="Trigger the nfhl-skid bot once a week on saturday evening" \
215-
--schedule="0 3 * * 6" \
216-
--time-zone=America/Denver \
217-
--location=us-central1 \
218-
--uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ secrets.PROJECT_ID }}/jobs/default:run" \
219-
--oauth-service-account-email=scheduler-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
220-
fi
32+
project_id: ${{ secrets.PROJECT_ID }}
33+
identity_provider: ${{ secrets.IDENTITY_PROVIDER }}
34+
service_account_email: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
35+
github_token: ${{ secrets.GITHUB_TOKEN }}
22136

22237
deploy-ui-prod:
22338
name: Deploy UI to production

.vscode/settings.json

+9-1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,13 @@
11
{
2-
"cSpell.words": ["fromitem", "instafail", "orgid"],
2+
"cSpell.words": [
3+
"accesstoken",
4+
"Buildx",
5+
"cloudrun",
6+
"fromitem",
7+
"gserviceaccount",
8+
"instafail",
9+
"orgid"
10+
],
311
"editor.formatOnSave": true,
412
"editor.rulers": [120],
513
"coverage-gutters.showGutterCoverage": false,

0 commit comments

Comments
 (0)