feat: ci to build new registry on push to main (#363)

This PR adds a github actions workflow for deploying new revisions of the registry on pushes to main. This means updating the new registry will continue to be as simple as landing a PR in this repo, but it should only take as long as the docker container takes to build to see the updates live :) For now, updates go to dev for manual inspection, but once we're confident in the build process they'll go straight to main as well.
coder · Dec 19, 2024 · 482ed84 · 482ed84
1 parent 32b6901
commit 482ed84
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 1 deletion.
diff --git a/.github/workflows/deploy-registry.yaml b/.github/workflows/deploy-registry.yaml
@@ -0,0 +1,37 @@
+name: deploy-registry
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    # Set id-token permission for gcloud 
+    # Adding a comment because retriggering the build manually hung? I am the lord of devops and you will bend?
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f 
+        with:
+          workload_identity_provider: projects/309789351055/locations/global/workloadIdentityPools/github-actions/providers/github
+          service_account: [email protected]
+
+      - name: Set up Google Cloud SDK
+        uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a 
+
+        # For the time being, let's have the first couple merges to main in modules deploy a new version
+        # to *dev*. Once we review and make sure everything's working, we can deploy a new version to *main*. 
+        # Maybe in the future we could automate this based on the result of E2E tests.
+      - name: Deploy to dev.registry.coder.com
+        run: |
+          gcloud builds triggers run 29818181-126d-4f8a-a937-f228b27d3d34 --branch dev
+  
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,7 @@
 .terraform*
 node_modules
 *.tfstate
-*.tfstate.lock.info
+*.tfstate.lock.info
+
+# Ignore generated credentials from google-github-actions/auth
+gha-creds-*.json