forked from arcanetechnology/arcane-platform
-
Notifications
You must be signed in to change notification settings - Fork 1
158 lines (158 loc) · 11 KB
/
canary-deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
name: Canary deploy to GCP
on:
workflow_dispatch:
push:
branches:
- main
env:
IMAGE: europe-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/backend/k33-backend
jobs:
build-push-deploy:
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
steps:
- name: Checkout the Repository
uses: actions/checkout@v3
- name: Setup jdk 20
uses: actions/setup-java@v3
with:
distribution: "temurin"
java-version: "21.0.2"
cache: "gradle"
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Load secrets
uses: 1password/load-secrets-action@v1
with:
# Export loaded secrets as environment variables
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
GCP_PROJECT_ID: op://env/prod/gcp/GCP_PROJECT_ID
# stripe
STRIPE_PRODUCT_ID_RESEARCH_TWIC: op://env/prod/stripe/STRIPE_PRODUCT_ID_RESEARCH_TWIC
STRIPE_PRODUCT_ID_RESEARCH_NN: op://env/prod/stripe/STRIPE_PRODUCT_ID_RESEARCH_NN
STRIPE_PRODUCT_ID_RESEARCH_AOC: op://env/prod/stripe/STRIPE_PRODUCT_ID_RESEARCH_AOC
STRIPE_PRODUCT_ID_RESEARCH_PRO: op://env/prod/stripe/STRIPE_PRODUCT_ID_RESEARCH_PRO
STRIPE_COUPON_CORPORATE_PLAN: op://env/prod/stripe/STRIPE_COUPON_CORPORATE_PLAN
# slack
SLACK_ALERTS_CHANNEL_ID: op://env/prod/slack/SLACK_ALERTS_CHANNEL_ID
SLACK_GENERAL_CHANNEL_ID: op://env/prod/slack/SLACK_GENERAL_CHANNEL_ID
SLACK_INVEST_CHANNEL_ID: op://env/prod/slack/SLACK_INVEST_CHANNEL_ID
SLACK_PRODUCT_CHANNEL_ID: op://env/prod/slack/SLACK_PRODUCT_CHANNEL_ID
SLACK_PROFESSIONAL_INVESTORS_CHANNEL_ID: op://env/prod/slack/SLACK_PROFESSIONAL_INVESTORS_CHANNEL_ID
SLACK_RESEARCH_CHANNEL_ID: op://env/prod/slack/SLACK_RESEARCH_CHANNEL_ID
SLACK_RESEARCH_EVENTS_CHANNEL_ID: op://env/prod/slack/SLACK_RESEARCH_EVENTS_CHANNEL_ID
# sendgrid
SENDGRID_TEMPLATE_ID_WELCOME_TO_K33: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33
SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH
SENDGRID_UNSUBSCRIBE_GROUP_ID_K33: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33
SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH
## TWIC
SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC_TRIAL: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC_TRIAL
SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC
SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_TWIC: op://env/prod/sendgrid/SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_TWIC
SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_TWIC: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_TWIC
## NN
SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN_TRIAL: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN_TRIAL
SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN
SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_NN: op://env/prod/sendgrid/SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_NN
SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_NN: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_NN
## AOC
SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC_TRIAL: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC_TRIAL
SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC
SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_AOC: op://env/prod/sendgrid/SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_AOC
SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_AOC: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_AOC
## PRO
SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO_TRIAL: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO_TRIAL
SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO: op://env/prod/sendgrid/SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO
SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_PRO: op://env/prod/sendgrid/SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_PRO
SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_PRO: op://env/prod/sendgrid/SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_PRO
# ga
GOOGLE_ANALYTICS_FIREBASE_APP_ID: op://env/prod/analytics/GOOGLE_ANALYTICS_FIREBASE_APP_ID
GOOGLE_ANALYTICS_MEASUREMENT_ID: op://env/prod/analytics/GOOGLE_ANALYTICS_MEASUREMENT_ID
# invest
INVEST_DENIED_COUNTRY_CODE_LIST: op://env/prod/invest/INVEST_DENIED_COUNTRY_CODE_LIST
INVEST_EMAIL_FROM: op://env/prod/invest/INVEST_EMAIL_FROM
INVEST_EMAIL_TO_LIST: op://env/prod/invest/INVEST_EMAIL_TO_LIST
INVEST_EMAIL_CC_LIST: op://env/prod/invest/INVEST_EMAIL_CC_LIST
INVEST_EMAIL_BCC_LIST: op://env/prod/invest/INVEST_EMAIL_BCC_LIST
# gcp
GCP_WORKLOAD_IDENTITY_PROVIDER: op://env/github/gcp/GCP_WORKLOAD_IDENTITY_PROVIDER
GCP_SERVICE_ACCOUNT: op://env/github/gcp/GCP_SERVICE_ACCOUNT
- name: Google auth
uses: google-github-actions/auth@v1
with:
workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GCP_SERVICE_ACCOUNT }}
- name: Setup gcloud
uses: google-github-actions/setup-gcloud@v1
with:
project_id: ${{ env.GCP_PROJECT_ID }}
- name: Authorize Docker push
run: gcloud auth configure-docker europe-docker.pkg.dev
- name: Build with Gradle
run: ./gradlew --no-daemon :apps:k33-backend:installDist --parallel
- name: Build docker image
run: docker image build -t "$IMAGE":${GITHUB_SHA::12} apps/k33-backend
- name: Push docker image
run: docker image push "$IMAGE":${GITHUB_SHA::12}
- name: Canary deploy to GCP Cloud Run
run: |-
gcloud run deploy k33-backend \
--region europe-west1 \
--image "${IMAGE}":${GITHUB_SHA::12} \
--cpu=1 \
--memory=1Gi \
--min-instances=1 \
--max-instances=1 \
--concurrency=1000 \
--set-env-vars=GCP_PROJECT_ID="${GCP_PROJECT_ID}" \
--set-env-vars=GOOGLE_CLOUD_PROJECT="${GCP_PROJECT_ID}" \
--set-env-vars=STRIPE_PRODUCT_ID_RESEARCH_TWIC="${STRIPE_PRODUCT_ID_RESEARCH_TWIC}" \
--set-env-vars=STRIPE_PRODUCT_ID_RESEARCH_NN="${STRIPE_PRODUCT_ID_RESEARCH_NN}" \
--set-env-vars=STRIPE_PRODUCT_ID_RESEARCH_AOC="${STRIPE_PRODUCT_ID_RESEARCH_AOC}" \
--set-env-vars=STRIPE_PRODUCT_ID_RESEARCH_PRO="${STRIPE_PRODUCT_ID_RESEARCH_PRO}" \
--set-env-vars=STRIPE_COUPON_CORPORATE_PLAN="${STRIPE_COUPON_CORPORATE_PLAN}" \
--set-env-vars=SLACK_ALERTS_CHANNEL_ID="${SLACK_ALERTS_CHANNEL_ID}" \
--set-env-vars=SLACK_GENERAL_CHANNEL_ID="${SLACK_GENERAL_CHANNEL_ID}" \
--set-env-vars=SLACK_INVEST_CHANNEL_ID="${SLACK_INVEST_CHANNEL_ID}" \
--set-env-vars=SLACK_PRODUCT_CHANNEL_ID="${SLACK_PRODUCT_CHANNEL_ID}" \
--set-env-vars=SLACK_PROFESSIONAL_INVESTORS_CHANNEL_ID="${SLACK_PROFESSIONAL_INVESTORS_CHANNEL_ID}" \
--set-env-vars=SLACK_RESEARCH_CHANNEL_ID="${SLACK_RESEARCH_CHANNEL_ID}" \
--set-env-vars=SLACK_RESEARCH_EVENTS_CHANNEL_ID="${SLACK_RESEARCH_EVENTS_CHANNEL_ID}" \
--set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33}" \
--set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH}" \
--set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33}" \
--set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH}" \
--set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC_TRIAL="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC_TRIAL}" \
--set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_TWIC}" \
--set-env-vars=SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_TWIC="${SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_TWIC}" \
--set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_TWIC="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_TWIC}" \
--set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN_TRIAL="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN_TRIAL}" \
--set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_NN}" \
--set-env-vars=SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_NN="${SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_NN}" \
--set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_NN="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_NN}" \
--set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC_TRIAL="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC_TRIAL}" \
--set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_AOC}" \
--set-env-vars=SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_AOC="${SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_AOC}" \
--set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_AOC="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_AOC}" \
--set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO_TRIAL="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO_TRIAL}" \
--set-env-vars=SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO="${SENDGRID_TEMPLATE_ID_WELCOME_TO_K33_RESEARCH_PRO}" \
--set-env-vars=SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_PRO="${SENDGRID_CONTACT_LIST_ID_K33_RESEARCH_PRO}" \
--set-env-vars=SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_PRO="${SENDGRID_UNSUBSCRIBE_GROUP_ID_K33_RESEARCH_PRO}" \
--set-env-vars=GOOGLE_ANALYTICS_FIREBASE_APP_ID="${GOOGLE_ANALYTICS_FIREBASE_APP_ID}" \
--set-env-vars=GOOGLE_ANALYTICS_MEASUREMENT_ID="${GOOGLE_ANALYTICS_MEASUREMENT_ID}" \
--set-env-vars=^:^INVEST_DENIED_COUNTRY_CODE_LIST="${INVEST_DENIED_COUNTRY_CODE_LIST}" \
--set-env-vars=INVEST_EMAIL_FROM="${INVEST_EMAIL_FROM}" \
--set-env-vars=^:^INVEST_EMAIL_TO_LIST="${INVEST_EMAIL_TO_LIST}" \
--set-env-vars=^:^INVEST_EMAIL_CC_LIST="${INVEST_EMAIL_CC_LIST}" \
--set-env-vars=^:^INVEST_EMAIL_BCC_LIST="${INVEST_EMAIL_BCC_LIST}" \
--service-account k33-backend@"${GCP_PROJECT_ID}".iam.gserviceaccount.com \
--no-allow-unauthenticated \
--port=8080 \
--tag canary \
--no-traffic \
--platform=managed