Create google.yml #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will build a docker container, publish it to Google Container Registry, and deploy it to GKE when there is a push to the "master" branch. | ||
| # | ||
| # To configure this workflow: | ||
| # | ||
| # 1. Ensure that your repository contains the necessary configuration for your Google Kubernetes Engine cluster, including deployment.yml, kustomization.yml, service.yml, etc. | ||
| # | ||
| # 2. Create and configure a Workload Identity Provider for GitHub (https://github.com/google-github-actions/auth#setting-up-workload-identity-federation) | ||
| # | ||
| # 3. Change the values for the GAR_LOCATION, GKE_ZONE, GKE_CLUSTER, IMAGE, REPOSITORY and DEPLOYMENT_NAME environment variables (below). | ||
| # | ||
| # For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke-kustomize | ||
| name: Build and Deploy to GKE | ||
| on: | ||
| push: | ||
| branches: [ "master" ] | ||
| env: | ||
| PROJECT_ID: ${{ secrets.GKE_PROJECT }} | ||
| GAR_LOCATION: us-central1 # TODO: update region of the Artifact Registry | ||
| GKE_CLUSTER: cluster-1 # TODO: update to cluster name | ||
| GKE_ZONE: us-central1-c # TODO: update to cluster zone | ||
| DEPLOYMENT_NAME: gke-test # TODO: update to deployment name | ||
| REPOSITORY: samples # TODO: update to Artifact Registry docker repository | ||
| IMAGE: static-site | ||
| jobs: | ||
| setup-build-publish-deploy: | ||
| name: Setup, Build, Publish, and Deploy | ||
| runs-on: ubuntu-latest | ||
| environment: production | ||
| permissions: | ||
| contents: 'read' | ||
| id-token: 'write' | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| # Configure Workload Identity Federation and generate an access token. | ||
| - id: 'auth' | ||
| name: 'Authenticate to Google Cloud' | ||
| uses: 'google-github-actions/auth@v0' | ||
| with: | ||
| token_format: 'access_token' | ||
| workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' | ||
| service_account: 'my-service-account@my-project.iam.gserviceaccount.com' | ||
| # Alternative option - authentication via credentials json | ||
| # - id: 'auth' | ||
| # uses: 'google-github-actions/auth@v0' | ||
| # with: | ||
| # credentials_json: '${{ secrets.GCP_CREDENTIALS }}' | ||
| - name: Docker configuration | ||
| run: |- | ||
| echo ${{steps.auth.outputs.access_token}} | docker login -u oauth2accesstoken --password-stdin https://$GAR_LOCATION-docker.pkg.dev | ||
| # Get the GKE credentials so we can deploy to the cluster | ||
| - name: Set up GKE credentials | ||
| uses: google-github-actions/get-gke-credentials@v0 | ||
| with: | ||
| cluster_name: ${{ env.GKE_CLUSTER }} | ||
| location: ${{ env.GKE_ZONE }} | ||
| # Build the Docker image | ||
| - name: Build | ||
| run: |- | ||
| docker build \ | ||
| --tag "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA" \ | ||
| --build-arg GITHUB_SHA="$GITHUB_SHA" \ | ||
| --build-arg GITHUB_REF="$GITHUB_REF" \ | ||
| . | ||
| # Push the Docker image to Google Artifact Registry | ||
| - name: Publish | ||
| run: |- | ||
| docker push "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA" | ||
| # Set up kustomize | ||
| - name: Set up Kustomize | ||
| run: |- | ||
| curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64 | ||
| chmod u+x ./kustomize | ||
| # Deploy the Docker image to the GKE cluster | ||
| - name: Deploy | ||
| run: |- | ||
| # replacing the image name in the k8s template | ||
| ./kustomize edit set image LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY/IMAGE:TAG=$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA | ||
| ./kustomize build . | kubectl apply -f - | ||
| kubectl rollout status deployment/$DEPLOYMENT_NAME | ||
| kubectl get services -o wide | ||
| - name: Armory Continuous Deployment-as-a-Service | ||
| # You may pin to the exact commit or the version. | ||
| # uses: armory/cli-deploy-action@36fc96b3e295e960d22f96513ef781bb9865a87c | ||
| uses: armory/cli-deploy-action@v1.0.0 | ||
| with: | ||
| # Path to the configuration YAML file used to configure your deployment | ||
| path-to-file: | ||
| # extra args to the deployment start command | ||
| applicationName: # optional | ||
| # extra context params to the deployment start command | ||
| addContext: # optional | ||
| # ClientId for Armory Cloud | ||
| clientId: | ||
| # ClientSecret for Armory Cloud | ||
| clientSecret: | ||
| # Intended audience of requests that will use your Armory Cloud authentication token. Is deployHostUrl by default | ||
| audience: # optional, default is https://api.cloud.armory.io | ||
| # Armory Cloud authentication provider url | ||
| tokenIssuerUrl: # optional, default is https://auth.cloud.armory.io/oauth | ||
| # Location of the Armory Cloud API which will handle your deployment | ||
| deployHostUrl: # optional, default is api.cloud.armory.io | ||
| - name: Login to Oracle Cloud Infrastructure Registry (OCIR) | ||
| # You may pin to the exact commit or the version. | ||
| # uses: oracle-actions/login-ocir@f3bf26a0a3fcb7cfe437c605fd5394f05258714f | ||
| uses: oracle-actions/login-ocir@v1.2.1 | ||
| with: | ||
| # Auth token for the OCI user to login with | ||
| auth_token: | ||
| - name: Teleport Setup | ||
| # You may pin to the exact commit or the version. | ||
| # uses: teleport-actions/setup@176c25dfcd19cd31a252f275d579822b243e7b9c | ||
| uses: teleport-actions/setup@v1.0.6 | ||
| with: | ||
| # Specify whether to use the enterprise binaries. | ||
| enterprise: # optional, default is false | ||
| # Specify the Teleport version without the preceding "v" | ||
| version: | ||
| - name: Azure PowerShell Action | ||
| uses: Azure/powershell@v2 | ||
| with: | ||
| # Specify the Az PowerShell script here. | ||
| inlineScript: | ||
| # Azure PS version to be used to execute the script, example: 1.8.0, 2.8.0, 3.4.0. To use the latest version, specify "latest". | ||
| azPSVersion: | ||
| # Select the value of the ErrorActionPreference variable for executing the script. Options: stop, continue, silentlyContinue. Default is Stop. | ||
| errorActionPreference: # optional, default is Stop | ||
| # If this is true, this task will fail if any errors are written to the error pipeline, or if any data is written to the Standard Error stream. | ||
| failOnStandardError: # optional, default is false | ||
| # Used to pull Az module from Azure/az-ps-module-versions. Since there's a default, this is typically not supplied by the user. | ||
| githubToken: # optional, default is ${{ github.token }} | ||
| - name: Install powershell | ||
| # You may pin to the exact commit or the version. | ||
| # uses: cakhanif/action-install-powershell@9287716f19f5547fb975cd59dc23b286fabffdf8 | ||
| uses: cakhanif/action-install-powershell@v1 | ||
