Manual-Relay-Deploy #14
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Manual-Relay-Deploy | |
| on: | |
| workflow_dispatch: | |
| branches: ['feat_system_cicd_enhancment'] | |
| inputs: | |
| version: | |
| type: string | |
| required: true | |
| env: | |
| type: string | |
| required: true | |
| workflow_call: | |
| inputs: | |
| version: | |
| type: string | |
| required: true | |
| env: | |
| type: string | |
| required: true | |
| # get repo vars before running jobs | |
| env: | |
| REGION: ${{ vars.REGION }} | |
| WIF_PROVIDER: ${{ secrets.WIF_PROVIDER }} | |
| WIF_SERVICE_ACCOUNT: ${{ secrets.WIF_SERVICE_ACCOUNT }} | |
| GAR_LOCATION: ${{ vars.GAR_LOCATION }} | |
| PROJECT_ID: ${{ vars.PROJECT_ID }} | |
| REPOSITORY: ${{ vars.REPOSITORY }} | |
| TWITTER_CLIENT_ID: ${{ secrets.TWITTER_CLIENT_ID }} | |
| TWITTER_CLIENT_KEY: ${{ secrets.TWITTER_CLIENT_KEY }} | |
| jobs: | |
| relay: | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| runs-on: ubuntu-latest | |
| environment: ${{ inputs.env }} | |
| steps: | |
| - name: Production Code | |
| uses: 'actions/checkout@v3' | |
| - name: Authenticate to Google Cloud | |
| id: auth | |
| uses: 'google-github-actions/auth@v1' | |
| with: | |
| token_format: access_token | |
| workload_identity_provider: '${{ env.WIF_PROVIDER }}' | |
| service_account: '${{ env.WIF_SERVICE_ACCOUNT }}' | |
| access_token_lifetime: 300s | |
| ## artifact registry auth setup | |
| - name: Login to Artifact Registry | |
| id: docker-auth | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.auth.outputs.access_token }} | |
| - name: Deploy to Cloud Run | |
| id: deploy | |
| uses: google-github-actions/deploy-cloudrun@v0 | |
| with: | |
| service: ${{ vars.BACKEND_SERVICE }} | |
| region: ${{ env.REGION }} | |
| image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ vars.BACKEND_SERVICE }}:${{ inputs.version }} | |
| # add ENV as below | |
| env_vars: | | |
| TWITTER_CLIENT_ID=${{ env.TWITTER_CLIENT_ID }} | |
| TWITTER_CLIENT_KEY=${{ env.TWITTER_CLIENT_KEY }} | |
| CLIENT_URL=${{ vars.CLIENT_URL }} | |
| APP_ADDRESS=${{ vars.APP_ADDRESS }} | |
| UNIREP_ADDRESS=${{ vars.UNIREP_ADDRESS }} | |
| PRIVATE_KEY=${{ secrets.PRIVATE_KEY }} | |
| GENESIS_BLOCK=${{ vars.GENESIS_BLOCK }} | |
| ETH_PROVIDER_URL=${{ vars.ETH_PROVIDER_URL }} | |
| DB_PATH=${{ secrets.DB_PATH }} | |
| - name: Allow public access | |
| id: unauthenticated | |
| run: gcloud run services add-iam-policy-binding ${{ vars.BACKEND_SERVICE }} --region=${{ env.REGION }} --member="allUsers" --role="roles/run.invoker" | |
| - name: Show Output | |
| run: echo ${{ steps.deploy.outputs.url }} |