Skip to content

ci: gen2 function via deploy@v3 #138

ci: gen2 function via deploy@v3

ci: gen2 function via deploy@v3 #138

Workflow file for this run

name: Push Events
on:
push:
branches:
- main
- dev
pull_request:
branches:
- main
- dev
env:
CLOUD_FUNCTION_MEMORY: 1024M
CLOUD_FUNCTION_RUN_TIMEOUT: 9m
SCHEDULE_NAME: saturday-evening
SCHEDULE_CRON: 0 22 * * 6
SCHEDULE_DESCRIPTION: Trigger the wmrc-skid bot every saturday evening at 10pm
concurrency:
group: "${{ github.head_ref || github.ref }}"
cancel-in-progress: true
jobs:
test:
name: Setup and Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
show-progress: false
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.11
cache: pip
cache-dependency-path: setup.py
- name: Install libkrb5 for Kerberos on Linux
run: |
sudo apt install -y libkrb5-dev
- name: Install module
run: pip install .[tests]
- name: Test with pytest
run: pytest
deploy-dev:
name: Deploy to GCF - dev
needs: test
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/dev'
environment:
name: dev
permissions:
id-token: write
contents: read
steps:
- name: ⬇️ Set up code
uses: actions/checkout@v4
with:
show-progress: false
- name: 🗝️ Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
create_credentials_file: true
token_format: access_token
workload_identity_provider: ${{ secrets.IDENTITY_PROVIDER }}
service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
- name: 🚀 Deploy to Cloud Function
id: deploy
uses: google-github-actions/deploy-cloud-functions@v3
timeout-minutes: 10
with:
name: wmrc-skid
runtime: python311
entry_point: main
source_dir: src/wmrc
service_account: cloud-function-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
event_trigger_type: providers/cloud.pubsub/eventTypes/topic.publish
event_trigger_pubsub_topic: projects/${{ secrets.PROJECT_ID }}/topics/${{ env.SCHEDULE_NAME }}-topic
memory: ${{ env.CLOUD_FUNCTION_MEMORY }}
service_timeout: ${{ env.CLOUD_FUNCTION_RUN_TIMEOUT }}
environment_variables: STORAGE_BUCKET=${{secrets.STORAGE_BUCKET}}
secrets: |
/secrets/app/secrets.json=${{secrets.PROJECT_ID}}/skid-secrets
- name: 📥 Create PubSub topic
run: |
if [ ! "$(gcloud pubsub topics list | grep $SCHEDULE_NAME-topic)" ]; then
gcloud pubsub topics create $SCHEDULE_NAME-topic --quiet
fi
- name: 🕰️ Create Cloud Scheduler
run: |
if [ ! "$(gcloud scheduler jobs list --location=us-central1 | grep $SCHEDULE_NAME)" ]; then
gcloud scheduler jobs create pubsub $SCHEDULE_NAME \
--description="$SCHEDULE_DESCRIPTION" \
--schedule="$SCHEDULE_CRON" \
--time-zone=America/Denver \
--location=us-central1 \
--topic=$SCHEDULE_NAME-topic \
--message-body='{"run": "now"}' \
--quiet
else
gcloud scheduler jobs update pubsub $SCHEDULE_NAME \
--description="$SCHEDULE_DESCRIPTION" \
--schedule="$SCHEDULE_CRON" \
--time-zone=America/Denver \
--location=us-central1 \
--topic=$SCHEDULE_NAME-topic \
--message-body='{"run": "now"}' \
--quiet
fi
deploy-prod:
name: Deploy to GCF - prod
needs: test
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
environment:
name: prod
permissions:
id-token: write
contents: read
steps:
- name: ⬇️ Set up code
uses: actions/checkout@v4
with:
show-progress: false
- name: 🗝️ Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
create_credentials_file: true
token_format: access_token
workload_identity_provider: ${{ secrets.IDENTITY_PROVIDER }}
service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
- name: 🚀 Deploy to Cloud Function
id: deploy
uses: google-github-actions/deploy-cloud-functions@v2
with:
name: wmrc-skid
runtime: python311
entry_point: main
source_dir: src/wmrc
service_account_email: cloud-function-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
event_trigger_type: providers/cloud.pubsub/eventTypes/topic.publish
event_trigger_resource: projects/${{ secrets.PROJECT_ID }}/topics/${{ env.SCHEDULE_NAME }}-topic
deploy_timeout: 600
memory_mb: ${{ env.CLOUD_FUNCTION_MEMORY }}
timeout: ${{ env.CLOUD_FUNCTION_RUN_TIMEOUT }}
env_vars: STORAGE_BUCKET=${{secrets.STORAGE_BUCKET}}
secret_volumes: |
/secrets/app/secrets.json=${{secrets.PROJECT_ID}}/skid-secrets
- name: 📥 Create PubSub topic
run: |
if [ ! "$(gcloud pubsub topics list | grep $SCHEDULE_NAME-topic)" ]; then
gcloud pubsub topics create $SCHEDULE_NAME-topic --quiet
fi
- name: 🕰️ Create Cloud Scheduler
run: |
if [ ! "$(gcloud scheduler jobs list --location=us-central1 | grep $SCHEDULE_NAME)" ]; then
gcloud scheduler jobs create pubsub $SCHEDULE_NAME \
--description="$SCHEDULE_DESCRIPTION" \
--schedule="$SCHEDULE_CRON" \
--time-zone=America/Denver \
--location=us-central1 \
--topic=$SCHEDULE_NAME-topic \
--message-body='{"run": "now"}' \
--quiet
else
gcloud scheduler jobs update pubsub $SCHEDULE_NAME \
--description="$SCHEDULE_DESCRIPTION" \
--schedule="$SCHEDULE_CRON" \
--time-zone=America/Denver \
--location=us-central1 \
--topic=$SCHEDULE_NAME-topic \
--message-body='{"run": "now"}' \
--quiet
fi
- name: 🔔 Create deployment notification
uses: agrc/service-now-worknote-action@v1
with:
repo-token: ${{ github.token }}
username: ${{ secrets.SN_USERNAME }}
password: ${{ secrets.SN_PASSWORD }}
instance-name: ${{ secrets.SN_INSTANCE }}
table-name: ${{ secrets.SN_TABLE }}
system-id: ${{ secrets.SN_SYS_ID }}