Skip to content

fix: safe auth

fix: safe auth #1002

Workflow file for this run

name: Onboarding API
on:
push:
branches:
- main
paths:
- 'onboarding-api/**'
- '.github/workflows/onboarding-api.yml'
- '.github/actions/deploy-gfunction'
- '.github/actions/build-function'
pull_request:
paths:
- 'onboarding-api/**'
- '.github/workflows/onboarding-api.yml'
- '.github/actions/deploy-gfunction'
- '.github/actions/build-function'
workflow_call:
inputs:
deploy_env:
type: string
required: false
env:
# This needs to match the env: settings in prod-deploy.yml
app_name: onboarding-api
function_handler: onboarding
artifact_name: "onboarding-api${{ inputs.deploy_env && format('-{0}', inputs.deploy_env) }}"
concurrency:
# Fancy concurrency group string to allow for multi-staging deployments
group: 'onboarding-api-${{ inputs.deploy_env || github.event.inputs.deploy_env }} @${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
cancel-in-progress: true
jobs:
build-onboarding-api:
if: ${{ inputs.deploy_env != 'production' }}
runs-on: ubuntu-latest
defaults:
run:
working-directory: onboarding-api
steps:
- name: Checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
- name: prepare env logic
id: prepare
uses: ./.github/actions/prepare-deploy
with:
app_base_name: ${{ env.app_name }}
deploy_to: ${{ inputs.deploy_env }}
- name: build function
uses: ./.github/actions/build-function
with:
app_name: ${{ env.app_name }}
artifact_name: ${{ env.artifact_name }}
- name: Archive staging artifacts
id: archive_staging
if: inputs.deploy_env == 'staging' && github.event_name == 'release'
uses: ./.github/actions/archive-release
with:
name: ${{ env.app_name }}
path: ./${{ env.app_name }}/dist
outputs:
gh_env: ${{ steps.prepare.outputs.gh_env }}
function_name: ${{ steps.prepare.outputs.function_name }}
deploy-onboarding-api:
concurrency:
# Don't try to deploy the same function in parallel
group: deploy-${{ needs.build-onboarding-api.outputs.function_name }}
cancel-in-progress: true
needs: build-onboarding-api
runs-on: ubuntu-latest
environment: ${{ needs.build-onboarding-api.outputs.gh_env }}
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: Checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
path: apps
- name: Deploy Gfunction
id: functionsdeploy
uses: ./apps/.github/actions/deploy-gfunction
with:
app_name: ${{ env.app_name }}
artifact_name: ${{ env.artifact_name }}
GWIP: ${{ secrets.GWIP }}
GSA: ${{ secrets.GSA }}
target: ${{ env.function_handler }}
service_account: "${{ vars.ONBOARDING_FUNCT_SA }}"
gcloud_region: ${{ vars.GCLOUD_REGION }}
deploy_env: ${{ inputs.deploy_env }}