Skip to content

Commit

Permalink
Build Cloud Run deployments in separate GCP projects
Browse files Browse the repository at this point in the history
  • Loading branch information
var77 committed Apr 26, 2024
1 parent 49d8171 commit c8e280c
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 8 deletions.
13 changes: 6 additions & 7 deletions .github/workflows/build-migrate-deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,15 @@ jobs:
run: |
if [[ ${{ github.ref }} == 'refs/heads/lantern-main' ]]; then
echo "branch=production" >> $GITHUB_OUTPUT
echo "gcr_image=${IMAGE_PRODUCTION}" >> $GITHUB_OUTPUT
else
echo "branch=staging" >> $GITHUB_OUTPUT
echo "gcr_image=${IMAGE_STAGING}" >> $GITHUB_OUTPUT
fi
echo "gcr_image=${IMAGE}" >> $GITHUB_OUTPUT
echo "image=lanterndata/lantern-ubicloud" >> $GITHUB_OUTPUT
env:
IMAGE: ${{ format('{0}-docker.pkg.dev/{1}/lanterndata/lantern-ubicloud', secrets.GCP_REGION, secrets.GCP_PROJECT_ID) }}
IMAGE_STAGING: ${{ format('{0}-docker.pkg.dev/{1}/lanterndata/lantern-ubicloud', secrets.GCP_REGION, secrets.GCP_PROJECT_ID_STAGING) }}
IMAGE_PRODUCTION: ${{ format('{0}-docker.pkg.dev/{1}/lanterndata/lantern-ubicloud', secrets.GCP_REGION, secrets.GCP_PROJECT_ID_PRODUCTION) }}

- name: Checkout code
uses: actions/checkout@v4
Expand All @@ -35,11 +37,8 @@ jobs:
uses: "google-github-actions/auth@v2"
with:
token_format: access_token
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- name: "Set up Cloud SDK"
uses: "google-github-actions/setup-gcloud@v2"

workload_identity_provider: ${{ ( steps.set_env.outputs.branch == 'production' && secrets.GCP_WORKLOAD_IDENTITY_PROVIDER_PRODUCTION) || secrets.GCP_WORKLOAD_IDENTITY_PROVIDER_STAGING }}
service_account: ${{ ( steps.set_env.outputs.branch == 'production' && secrets.GCP_WORKLOAD_IDENTITY_PROVIDER_PRODUCTION) || secrets.GCP_SERVICE_ACCOUNT_STAGING }}
# Build and push image
- name: Login to GCR Container Registry
uses: docker/login-action@v3
Expand Down
2 changes: 1 addition & 1 deletion lib/hosting/gcp_apis.rb
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ def remove_service_account(service_account_email)

def export_service_account_key(service_account_email)
connection = Excon.new("https://iam.googleapis.com", headers: @host[:headers])
response = connection.post(path: "/v1/projects/#{@project}/serviceAccounts/#{service_account_email}/keys", body: JSON.dump({}), expects: [200, 400])
response = connection.post(path: "/v1/projects/#{@project}/serviceAccounts/#{service_account_email}/keys", body: JSON.dump({}), expects: [200, 400, 404, 403])
Hosting::GcpApis.check_errors(response)
data = JSON.parse(response.body)
data["privateKeyData"]
Expand Down

0 comments on commit c8e280c

Please sign in to comment.