CWV Stats Monthly #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CWV Stats Monthly | |
| on: | |
| # http archive crawl usually starts on the 2nd Tuesday of the month and finishes within ~2weeks usually by the 1st | |
| # of the following month therefore we run the crawl on the 7th to give a full weeks buffer after the crawl finishes. | |
| # https://har.fyi/guides/release-cycle/#running-the-crawl | |
| schedule: | |
| - cron: '0 0 7 * *' # At 00:00 on day-of-month 7 (UTC) | |
| workflow_dispatch: # Allow manual triggering | |
| jobs: | |
| run-cwv-stats-lcp: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - uses: 'google-github-actions/auth@v3' | |
| with: | |
| project_id: 'httparchive' | |
| workload_identity_provider: '${{ secrets.GCP_WIF_PROVIDER}}' | |
| service_account: '${{ secrets.GCP_SA_EMAIL }}' | |
| - name: Build cwv-stats-lcp image | |
| run: docker build . --target cwv-stats-lcp -t cwv-stats-lcp | |
| # Auth writes credentials to a new path each run and sets GOOGLE_APPLICATION_CREDENTIALS for later steps. | |
| # The credentials file generated by the auth step is owned by the github action user therefore we set the user | |
| # of the container to that of the action thereby allowing the container to read the credentials file. | |
| - name: Run cwv-stats-lcp container | |
| env: | |
| GOOGLE_CLOUD_PROJECT: httparchive | |
| run: | | |
| docker run --rm \ | |
| --user "$(id -u):$(id -g)" \ | |
| -e GOOGLE_APPLICATION_CREDENTIALS=/app/application_default_credentials.json \ | |
| -e GOOGLE_CLOUD_PROJECT \ | |
| -v "$GOOGLE_APPLICATION_CREDENTIALS:/app/application_default_credentials.json:ro" \ | |
| cwv-stats-lcp |