From efff4964cff1b2e888714aadcf5c60b093659545 Mon Sep 17 00:00:00 2001 From: happy-juny <38745815+Istiopaxx@users.noreply.github.com> Date: Sun, 7 May 2023 21:22:40 +0900 Subject: [PATCH] [Feat]: add gcp ci/cd (#36) --- .github/workflows/app-gcp-CI.yml | 71 ++++++++++++++++++++++++++++ .github/workflows/app-gcp-deploy.yml | 57 ++++++++++++++++++++++ 2 files changed, 128 insertions(+) create mode 100644 .github/workflows/app-gcp-CI.yml create mode 100644 .github/workflows/app-gcp-deploy.yml diff --git a/.github/workflows/app-gcp-CI.yml b/.github/workflows/app-gcp-CI.yml new file mode 100644 index 0000000..40f5cb9 --- /dev/null +++ b/.github/workflows/app-gcp-CI.yml @@ -0,0 +1,71 @@ +name: CI + +on: + workflow_dispatch: + pull_request: + paths: 'api/**' + +jobs: + CI: + name: CI + permissions: + contents: 'read' + id-token: 'write' + + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./api/ + + strategy: + matrix: + node-version: [18.x] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v3 + with: + node-version: ${{ matrix.node-version }} + cache: 'npm' + cache-dependency-path: api/package-lock.json + + - name: install dependency + run: npm ci + + - name: build api-bundled + run: npm run build api-bundled + + - name: run test + run: npm test + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Google Auth + id: auth + uses: 'google-github-actions/auth@v0' + with: + token_format: 'access_token' + workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider + service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com + + # Authenticate Docker to Google Cloud Artifact Registry + - name: Docker Auth + id: docker-auth + uses: 'docker/login-action@v1' + with: + username: 'oauth2accesstoken' + password: '${{ steps.auth.outputs.access_token }}' + registry: '${{ secrets.GAR_LOCATION }}-docker.pkg.dev' + + - name: Build and push + uses: docker/build-push-action@v4 + with: + context: '{{defaultContext}}:api' + push: true + tags: '${{ secrets.DOCKER_IMAGE_TAG }}' + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/.github/workflows/app-gcp-deploy.yml b/.github/workflows/app-gcp-deploy.yml new file mode 100644 index 0000000..5270fd9 --- /dev/null +++ b/.github/workflows/app-gcp-deploy.yml @@ -0,0 +1,57 @@ +name: deploy + +on: + workflow_dispatch: + push: + branches: [master] + paths: 'api/**' + +env: + REGION: ${{ secrets.REGION }} + SERVICE: ${{ secrets.CLOUD_RUN_SERVICE}} + +jobs: + deploy: + name: gcp-deploy + permissions: + contents: 'read' + id-token: 'write' + + runs-on: ubuntu-latest + environment: gcp-deploy + defaults: + run: + working-directory: ./api/ + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Google Auth + id: auth + uses: 'google-github-actions/auth@v1' + with: + workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider + service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com + + - name: Deploy to Cloud Run + id: deploy + uses: google-github-actions/deploy-cloudrun@v1 + with: + service: ${{ env.SERVICE }} + region: ${{ env.REGION }} + env_vars: | + DATABASE_URI=${{ secrets.DATABASE_URI }} + JWT_SECRET=${{ secrets.JWT_SECRET }} + JWT_EXPIRES_IN=${{ secrets.JWT_EXPIRES_IN }} + JWT_REFRESH_EXPIRES_IN=${{ secrets.JWT_REFRESH_EXPIRES_IN }} + AWS_REGION=${{ secrets.AWS_REGION }} + AWS_S3_IMAGE_MAIN_BUCKET=${{ secrets.AWS_S3_IMAGE_MAIN_BUCKET }} + image: ${{ secrets.DOCKER_IMAGE_TAG }} + + # If required, use the Cloud Run url output in later steps + - name: Show Output + run: echo ${{ steps.deploy.outputs.url }}