forked from arcanetechnology/arcane-platform
-
Notifications
You must be signed in to change notification settings - Fork 1
116 lines (116 loc) · 6.9 KB
/
canary-deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
name: Canary deploy to GCP
on:
workflow_dispatch:
push:
branches:
- main
env:
IMAGE: europe-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/backend/k33-backend
jobs:
build-push-deploy:
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
steps:
- name: Checkout the Repository
uses: actions/checkout@v3
- name: Setup jdk 20
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: "20.0.2"
cache: "gradle"
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
# Export loaded secrets as environment variables
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
GCP_PROJECT_ID: op://env/prod/gcp/GCP_PROJECT_ID
STRIPE_PRODUCT_ID_RESEARCH_PRO: op://env/prod/stripe/STRIPE_PRODUCT_ID_RESEARCH_PRO
STRIPE_COUPON_CORPORATE_PLAN: op://env/prod/stripe/STRIPE_COUPON_CORPORATE_PLAN
SLACK_ALERTS_CHANNEL_ID: op://env/prod/slack/SLACK_ALERTS_CHANNEL_ID
SLACK_GENERAL_CHANNEL_ID: op://env/prod/slack/SLACK_GENERAL_CHANNEL_ID
SLACK_INVEST_CHANNEL_ID: op://env/prod/slack/SLACK_INVEST_CHANNEL_ID
SLACK_PRODUCT_CHANNEL_ID: op://env/prod/slack/SLACK_PRODUCT_CHANNEL_ID
SLACK_PROFESSIONAL_INVESTORS_CHANNEL_ID: op://env/prod/slack/SLACK_PROFESSIONAL_INVESTORS_CHANNEL_ID
SLACK_RESEARCH_CHANNEL_ID: op://env/prod/slack/SLACK_RESEARCH_CHANNEL_ID
SLACK_RESEARCH_EVENTS_CHANNEL_ID: op://env/prod/slack/SLACK_RESEARCH_EVENTS_CHANNEL_ID
SENDGRID_TEMPLATE_ID_WELCOME_TO_K33: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33
SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH
SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO
SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_PRO: op://env/prod/sendgrid/SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_PRO
SENDGRID_UNSUBSCRIBE_GROUP_ID_K33: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33
SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH
SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_PRO: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_PRO
GOOGLE_ANALYTICS_FIREBASE_APP_ID: op://env/prod/analytics/GOOGLE_ANALYTICS_FIREBASE_APP_ID
GOOGLE_ANALYTICS_MEASUREMENT_ID: op://env/prod/analytics/GOOGLE_ANALYTICS_MEASUREMENT_ID
INVEST_DENIED_COUNTRY_CODE_LIST: op://env/prod/invest/INVEST_DENIED_COUNTRY_CODE_LIST
INVEST_EMAIL_FROM: op://env/prod/invest/INVEST_EMAIL_FROM
INVEST_EMAIL_TO_LIST: op://env/prod/invest/INVEST_EMAIL_TO_LIST
INVEST_EMAIL_CC_LIST: op://env/prod/invest/INVEST_EMAIL_CC_LIST
INVEST_EMAIL_BCC_LIST: op://env/prod/invest/INVEST_EMAIL_BCC_LIST
GCP_WORKLOAD_IDENTITY_PROVIDER: op://env/github/gcp/GCP_WORKLOAD_IDENTITY_PROVIDER
GCP_SERVICE_ACCOUNT: op://env/github/gcp/GCP_SERVICE_ACCOUNT
- name: Google auth
uses: google-github-actions/auth@v1
with:
workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GCP_SERVICE_ACCOUNT }}
- name: Setup gcloud
uses: google-github-actions/setup-gcloud@v1
with:
project_id: ${{ env.GCP_PROJECT_ID }}
- name: Authorize Docker push
run: gcloud auth configure-docker europe-docker.pkg.dev
- name: Build with Gradle
run: ./gradlew --no-daemon :apps:k33-backend:installDist --parallel
- name: Build docker image
run: docker image build -t "$IMAGE":${GITHUB_SHA::12} apps/k33-backend
- name: Push docker image
run: docker image push "$IMAGE":${GITHUB_SHA::12}
- name: Canary deploy to GCP Cloud Run
run: |-
gcloud run deploy k33-backend \
--region europe-west1 \
--image "${IMAGE}":${GITHUB_SHA::12} \
--cpu=1 \
--memory=1Gi \
--min-instances=1 \
--max-instances=1 \
--concurrency=1000 \
--set-env-vars=GCP_PROJECT_ID="${GCP_PROJECT_ID}" \
--set-env-vars=GOOGLE_CLOUD_PROJECT="${GCP_PROJECT_ID}" \
--set-env-vars=STRIPE_PRODUCT_ID_RESEARCH_PRO="${STRIPE_PRODUCT_ID_RESEARCH_PRO}" \
--set-env-vars=STRIPE_COUPON_CORPORATE_PLAN="${STRIPE_COUPON_CORPORATE_PLAN}" \
--set-env-vars=SLACK_ALERTS_CHANNEL_ID="${SLACK_ALERTS_CHANNEL_ID}" \
--set-env-vars=SLACK_GENERAL_CHANNEL_ID="${SLACK_GENERAL_CHANNEL_ID}" \
--set-env-vars=SLACK_INVEST_CHANNEL_ID="${SLACK_INVEST_CHANNEL_ID}" \
--set-env-vars=SLACK_PRODUCT_CHANNEL_ID="${SLACK_PRODUCT_CHANNEL_ID}" \
--set-env-vars=SLACK_PROFESSIONAL_INVESTORS_CHANNEL_ID="${SLACK_PROFESSIONAL_INVESTORS_CHANNEL_ID}" \
--set-env-vars=SLACK_RESEARCH_CHANNEL_ID="${SLACK_RESEARCH_CHANNEL_ID}" \
--set-env-vars=SLACK_RESEARCH_EVENTS_CHANNEL_ID="${SLACK_RESEARCH_EVENTS_CHANNEL_ID}" \
--set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33}" \
--set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH}" \
--set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO}" \
--set-env-vars=SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_PRO="${SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_PRO}" \
--set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33}" \
--set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH}" \
--set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_PRO="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_PRO}" \
--set-env-vars=GOOGLE_ANALYTICS_FIREBASE_APP_ID="${GOOGLE_ANALYTICS_FIREBASE_APP_ID}" \
--set-env-vars=GOOGLE_ANALYTICS_MEASUREMENT_ID="${GOOGLE_ANALYTICS_MEASUREMENT_ID}" \
--set-env-vars=^:^INVEST_DENIED_COUNTRY_CODE_LIST="${INVEST_DENIED_COUNTRY_CODE_LIST}" \
--set-env-vars=INVEST_EMAIL_FROM="${INVEST_EMAIL_FROM}" \
--set-env-vars=^:^INVEST_EMAIL_TO_LIST="${INVEST_EMAIL_TO_LIST}" \
--set-env-vars=^:^INVEST_EMAIL_CC_LIST="${INVEST_EMAIL_CC_LIST}" \
--set-env-vars=^:^INVEST_EMAIL_BCC_LIST="${INVEST_EMAIL_BCC_LIST}" \
--service-account k33-backend@"${GCP_PROJECT_ID}".iam.gserviceaccount.com \
--no-allow-unauthenticated \
--port=8080 \
--tag canary \
--no-traffic \
--platform=managed