Canary deploy to GCP #65
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Canary deploy to GCP | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| IMAGE: europe-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/backend/k33-backend | |
| jobs: | |
| build-push-deploy: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: "read" | |
| id-token: "write" | |
| steps: | |
| - name: Checkout the Repository | |
| uses: actions/checkout@v3 | |
| - name: Setup jdk 20 | |
| uses: actions/setup-java@v3 | |
| with: | |
| distribution: "temurin" | |
| java-version: "21.0.1" | |
| cache: "gradle" | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x gradlew | |
| - name: Load secrets | |
| uses: 1password/load-secrets-action@v1 | |
| with: | |
| # Export loaded secrets as environment variables | |
| export-env: true | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| GCP_PROJECT_ID: op://env/prod/gcp/GCP_PROJECT_ID | |
| # stripe | |
| STRIPE_PRODUCT_ID_RESEARCH_TWIC: op://env/prod/stripe/STRIPE_PRODUCT_ID_RESEARCH_TWIC | |
| STRIPE_PRODUCT_ID_RESEARCH_NN: op://env/prod/stripe/STRIPE_PRODUCT_ID_RESEARCH_NN | |
| STRIPE_PRODUCT_ID_RESEARCH_AOC: op://env/prod/stripe/STRIPE_PRODUCT_ID_RESEARCH_AOC | |
| STRIPE_PRODUCT_ID_RESEARCH_PRO: op://env/prod/stripe/STRIPE_PRODUCT_ID_RESEARCH_PRO | |
| STRIPE_COUPON_CORPORATE_PLAN: op://env/prod/stripe/STRIPE_COUPON_CORPORATE_PLAN | |
| # slack | |
| SLACK_ALERTS_CHANNEL_ID: op://env/prod/slack/SLACK_ALERTS_CHANNEL_ID | |
| SLACK_GENERAL_CHANNEL_ID: op://env/prod/slack/SLACK_GENERAL_CHANNEL_ID | |
| SLACK_INVEST_CHANNEL_ID: op://env/prod/slack/SLACK_INVEST_CHANNEL_ID | |
| SLACK_PRODUCT_CHANNEL_ID: op://env/prod/slack/SLACK_PRODUCT_CHANNEL_ID | |
| SLACK_PROFESSIONAL_INVESTORS_CHANNEL_ID: op://env/prod/slack/SLACK_PROFESSIONAL_INVESTORS_CHANNEL_ID | |
| SLACK_RESEARCH_CHANNEL_ID: op://env/prod/slack/SLACK_RESEARCH_CHANNEL_ID | |
| SLACK_RESEARCH_EVENTS_CHANNEL_ID: op://env/prod/slack/SLACK_RESEARCH_EVENTS_CHANNEL_ID | |
| # sendgrid | |
| SENDGRID_TEMPLATE_ID_WELCOME_TO_K33: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33 | |
| SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH | |
| SENDGRID_UNSUBSCRIBE_GROUP_ID_K33: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33 | |
| SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH | |
| ## TWIC | |
| SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC_TRIAL: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC_TRIAL | |
| SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC | |
| SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_TWIC: op://env/prod/sendgrid/SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_TWIC | |
| SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_TWIC: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_TWIC | |
| ## NN | |
| SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN_TRIAL: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN_TRIAL | |
| SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN | |
| SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_NN: op://env/prod/sendgrid/SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_NN | |
| SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_NN: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_NN | |
| ## AOC | |
| SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC_TRIAL: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC_TRIAL | |
| SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC | |
| SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_AOC: op://env/prod/sendgrid/SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_AOC | |
| SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_AOC: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_AOC | |
| ## PRO | |
| SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO_TRIAL: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO_TRIAL | |
| SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO | |
| SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_PRO: op://env/prod/sendgrid/SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_PRO | |
| SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_PRO: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_PRO | |
| # ga | |
| GOOGLE_ANALYTICS_FIREBASE_APP_ID: op://env/prod/analytics/GOOGLE_ANALYTICS_FIREBASE_APP_ID | |
| GOOGLE_ANALYTICS_MEASUREMENT_ID: op://env/prod/analytics/GOOGLE_ANALYTICS_MEASUREMENT_ID | |
| # invest | |
| INVEST_DENIED_COUNTRY_CODE_LIST: op://env/prod/invest/INVEST_DENIED_COUNTRY_CODE_LIST | |
| INVEST_EMAIL_FROM: op://env/prod/invest/INVEST_EMAIL_FROM | |
| INVEST_EMAIL_TO_LIST: op://env/prod/invest/INVEST_EMAIL_TO_LIST | |
| INVEST_EMAIL_CC_LIST: op://env/prod/invest/INVEST_EMAIL_CC_LIST | |
| INVEST_EMAIL_BCC_LIST: op://env/prod/invest/INVEST_EMAIL_BCC_LIST | |
| # gcp | |
| GCP_WORKLOAD_IDENTITY_PROVIDER: op://env/github/gcp/GCP_WORKLOAD_IDENTITY_PROVIDER | |
| GCP_SERVICE_ACCOUNT: op://env/github/gcp/GCP_SERVICE_ACCOUNT | |
| - name: Google auth | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ env.GCP_SERVICE_ACCOUNT }} | |
| - name: Setup gcloud | |
| uses: google-github-actions/setup-gcloud@v1 | |
| with: | |
| project_id: ${{ env.GCP_PROJECT_ID }} | |
| - name: Authorize Docker push | |
| run: gcloud auth configure-docker europe-docker.pkg.dev | |
| - name: Build with Gradle | |
| run: ./gradlew --no-daemon :apps:k33-backend:installDist --parallel | |
| - name: Build docker image | |
| run: docker image build -t "$IMAGE":${GITHUB_SHA::12} apps/k33-backend | |
| - name: Push docker image | |
| run: docker image push "$IMAGE":${GITHUB_SHA::12} | |
| - name: Canary deploy to GCP Cloud Run | |
| run: |- | |
| gcloud run deploy k33-backend \ | |
| --region europe-west1 \ | |
| --image "${IMAGE}":${GITHUB_SHA::12} \ | |
| --cpu=1 \ | |
| --memory=1Gi \ | |
| --min-instances=1 \ | |
| --max-instances=1 \ | |
| --concurrency=1000 \ | |
| --set-env-vars=GCP_PROJECT_ID="${GCP_PROJECT_ID}" \ | |
| --set-env-vars=GOOGLE_CLOUD_PROJECT="${GCP_PROJECT_ID}" \ | |
| --set-env-vars=STRIPE_PRODUCT_ID_RESEARCH_TWIC="${STRIPE_PRODUCT_ID_RESEARCH_TWIC}" \ | |
| --set-env-vars=STRIPE_PRODUCT_ID_RESEARCH_NN="${STRIPE_PRODUCT_ID_RESEARCH_NN}" \ | |
| --set-env-vars=STRIPE_PRODUCT_ID_RESEARCH_AOC="${STRIPE_PRODUCT_ID_RESEARCH_AOC}" \ | |
| --set-env-vars=STRIPE_PRODUCT_ID_RESEARCH_PRO="${STRIPE_PRODUCT_ID_RESEARCH_PRO}" \ | |
| --set-env-vars=STRIPE_COUPON_CORPORATE_PLAN="${STRIPE_COUPON_CORPORATE_PLAN}" \ | |
| --set-env-vars=SLACK_ALERTS_CHANNEL_ID="${SLACK_ALERTS_CHANNEL_ID}" \ | |
| --set-env-vars=SLACK_GENERAL_CHANNEL_ID="${SLACK_GENERAL_CHANNEL_ID}" \ | |
| --set-env-vars=SLACK_INVEST_CHANNEL_ID="${SLACK_INVEST_CHANNEL_ID}" \ | |
| --set-env-vars=SLACK_PRODUCT_CHANNEL_ID="${SLACK_PRODUCT_CHANNEL_ID}" \ | |
| --set-env-vars=SLACK_PROFESSIONAL_INVESTORS_CHANNEL_ID="${SLACK_PROFESSIONAL_INVESTORS_CHANNEL_ID}" \ | |
| --set-env-vars=SLACK_RESEARCH_CHANNEL_ID="${SLACK_RESEARCH_CHANNEL_ID}" \ | |
| --set-env-vars=SLACK_RESEARCH_EVENTS_CHANNEL_ID="${SLACK_RESEARCH_EVENTS_CHANNEL_ID}" \ | |
| --set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33}" \ | |
| --set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH}" \ | |
| --set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33}" \ | |
| --set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH}" \ | |
| --set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC_TRIAL="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC_TRIAL}" \ | |
| --set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC}" \ | |
| --set-env-vars=SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_TWIC="${SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_TWIC}" \ | |
| --set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_TWIC="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_TWIC}" \ | |
| --set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN_TRIAL="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN_TRIAL}" \ | |
| --set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN}" \ | |
| --set-env-vars=SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_NN="${SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_NN}" \ | |
| --set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_NN="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_NN}" \ | |
| --set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC_TRIAL="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC_TRIAL}" \ | |
| --set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC}" \ | |
| --set-env-vars=SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_AOC="${SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_AOC}" \ | |
| --set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_AOC="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_AOC}" \ | |
| --set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO_TRIAL="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO_TRIAL}" \ | |
| --set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO}" \ | |
| --set-env-vars=SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_PRO="${SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_PRO}" \ | |
| --set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_PRO="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_PRO}" \ | |
| --set-env-vars=GOOGLE_ANALYTICS_FIREBASE_APP_ID="${GOOGLE_ANALYTICS_FIREBASE_APP_ID}" \ | |
| --set-env-vars=GOOGLE_ANALYTICS_MEASUREMENT_ID="${GOOGLE_ANALYTICS_MEASUREMENT_ID}" \ | |
| --set-env-vars=^:^INVEST_DENIED_COUNTRY_CODE_LIST="${INVEST_DENIED_COUNTRY_CODE_LIST}" \ | |
| --set-env-vars=INVEST_EMAIL_FROM="${INVEST_EMAIL_FROM}" \ | |
| --set-env-vars=^:^INVEST_EMAIL_TO_LIST="${INVEST_EMAIL_TO_LIST}" \ | |
| --set-env-vars=^:^INVEST_EMAIL_CC_LIST="${INVEST_EMAIL_CC_LIST}" \ | |
| --set-env-vars=^:^INVEST_EMAIL_BCC_LIST="${INVEST_EMAIL_BCC_LIST}" \ | |
| --service-account k33-backend@"${GCP_PROJECT_ID}".iam.gserviceaccount.com \ | |
| --no-allow-unauthenticated \ | |
| --port=8080 \ | |
| --tag canary \ | |
| --no-traffic \ | |
| --platform=managed |