Add update_strategy for envvars and secrets #227
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Integration' | |
on: | |
push: | |
branches: | |
- 'main' | |
- 'release/**/*' | |
pull_request: | |
branches: | |
- 'main' | |
- 'release/**/*' | |
workflow_dispatch: | |
concurrency: | |
group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}' | |
cancel-in-progress: true | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
jobs: | |
deploy: | |
if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} | |
runs-on: 'ubuntu-latest' | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- name: 'image' | |
image: 'gcr.io/cloudrun/hello' | |
# - name: 'source' | |
# source: 'example-app' | |
name: 'from_${{ matrix.name }}' | |
steps: | |
- uses: 'actions/checkout@v4' | |
- name: 'Compute service name' | |
run: |- | |
echo "SERVICE_NAME=${GITHUB_JOB}-${{ matrix.name }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}" >> ${GITHUB_ENV} | |
- uses: 'actions/setup-node@v4' | |
with: | |
node-version: '20.x' | |
- run: 'npm ci && npm run build' | |
- uses: 'google-github-actions/auth@v2' | |
with: | |
workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}' | |
service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}' | |
- id: 'deploy-cloudrun' | |
name: 'Deploy' | |
uses: './' | |
with: | |
image: '${{ matrix.image }}' | |
source: '${{ matrix.source }}' | |
service: '${{ env.SERVICE_NAME }}' | |
env_vars: |- | |
FOO=bar | |
ZIP=zap\,with|separators\,and&stuff | |
env_vars_file: './tests/fixtures/env_vars.txt' | |
secrets: |- | |
MY_SECRET=${{ vars.SECRET_NAME }}:latest | |
MY_SECOND_SECRET=${{ vars.SECRET_NAME }}:1 | |
labels: |- | |
label1=value1 | |
label2=value2 | |
skip_default_labels: true | |
flags: '--cpu=2 --concurrency=20' | |
- name: 'Run initial deploy tests' | |
run: 'npm run e2e-tests' | |
env: | |
PROJECT_ID: ${{ vars.PROJECT_ID }} | |
SERVICE: '${{ env.SERVICE_NAME }}' | |
ENV: |- | |
{ | |
"FOO": "bar", | |
"ZIP": "zap,with|separators,and&stuff", | |
"TEXT_FOO": "bar", | |
"TEXT_ZIP": "zap,with|separators,and&stuff" | |
} | |
SECRET_ENV: |- | |
{ | |
"MY_SECRET": "${{ vars.SECRET_NAME }}:latest", | |
"MY_SECOND_SECRET": "${{ vars.SECRET_NAME }}:1" | |
} | |
PARAMS: |- | |
{ | |
"cpu": "2", | |
"containerConcurrency": "20" | |
} | |
LABELS: |- | |
{ | |
"label1": "value1", | |
"label2": "value2" | |
} | |
- id: 'deploy-cloudrun-again' | |
name: 'Deploy again' | |
uses: './' | |
with: | |
image: '${{ matrix.image }}' | |
source: '${{ matrix.source }}' | |
service: '${{ env.SERVICE_NAME }}' | |
env_vars: |- | |
ABC=123 | |
DEF=456 | |
secrets: /api/secrets/my-secret=${{ vars.SECRET_NAME }}:latest | |
- name: 'Run re-deploy tests' | |
run: 'npm run e2e-tests' | |
env: | |
PROJECT_ID: ${{ vars.PROJECT_ID }} | |
SERVICE: '${{ env.SERVICE_NAME }}' | |
ENV: |- | |
{ | |
"FOO": "bar", | |
"ZIP": "zap,with|separators,and&stuff", | |
"TEXT_FOO": "bar", | |
"TEXT_ZIP": "zap,with|separators,and&stuff", | |
"ABC": "123", | |
"DEF": "456" | |
} | |
SECRET_ENV: |- | |
{ | |
"MY_SECRET": "${{ vars.SECRET_NAME }}:latest", | |
"MY_SECOND_SECRET": "${{ vars.SECRET_NAME }}:1" | |
} | |
SECRET_VOLUMES: |- | |
{ | |
"/api/secrets/my-secret": "${{ vars.SECRET_NAME }}:latest" | |
} | |
PARAMS: |- | |
{ | |
"cpu": "2", | |
"containerConcurrency": "20" | |
} | |
LABELS: |- | |
{ | |
"label1": "value1", | |
"label2": "value2", | |
"commit-sha": "${{ github.sha }}", | |
"managed-by": "github-actions" | |
} | |
REVISION_COUNT: 2 | |
# metadata: | |
# if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} | |
# runs-on: 'ubuntu-latest' | |
# steps: | |
# - uses: 'actions/checkout@v4' | |
# - name: 'Compute service name' | |
# run: |- | |
# echo "SERVICE_NAME=${GITHUB_JOB}-metadata-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}" >> ${GITHUB_ENV} | |
# - name: 'Set service name in metadata YAML' | |
# run: |- | |
# sed -i "s/run-full-yaml/${{ env.SERVICE_NAME }}/" ./tests/fixtures/service.yaml | |
# - uses: 'actions/setup-node@v4' | |
# with: | |
# node-version: '20.x' | |
# - run: 'npm ci && npm run build' | |
# - uses: 'google-github-actions/auth@v2' | |
# with: | |
# workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}' | |
# service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}' | |
# - id: 'deploy-cloudrun' | |
# name: 'Deploy' | |
# uses: './' | |
# with: | |
# metadata: './tests/fixtures/service.yaml' | |
# - name: 'Run initial deploy tests' | |
# run: 'npm run e2e-tests' | |
# env: | |
# PROJECT_ID: '${{ vars.PROJECT_ID }}' | |
# SERVICE: '${{ env.SERVICE_NAME }}' | |
# PARAMS: |- | |
# { | |
# "cpu": "2", | |
# "memory": "1Gi", | |
# "containerConcurrency": "20" | |
# } | |
# ANNOTATIONS: |- | |
# { | |
# "run.googleapis.com/cloudsql-instances": "test-project:us-central1:my-test-instance" | |
# } | |
# LABELS: |- | |
# { | |
# "test_label": "test_value" | |
# } | |
# - id: 'deploy-cloudrun-again' | |
# name: 'Deploy again' | |
# uses: './' | |
# with: | |
# image: 'gcr.io/cloudrun/hello' | |
# service: '${{ env.SERVICE_NAME }}' | |
# - name: 'Run re-deploy tests' | |
# run: 'npm run e2e-tests' # Check that config isn't overwritten | |
# env: | |
# PROJECT_ID: '${{ vars.PROJECT_ID }}' | |
# SERVICE: '${{ env.SERVICE_NAME }}' | |
# PARAMS: |- | |
# { | |
# "cpu": "2", | |
# "memory": "1Gi", | |
# "containerConcurrency": "20" | |
# } | |
# ANNOTATIONS: |- | |
# { | |
# "run.googleapis.com/cloudsql-instances": "test-project:us-central1:my-test-instance" | |
# } | |
# REVISION_COUNT: 2 | |
# jobs: | |
# if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} | |
# runs-on: 'ubuntu-latest' | |
# steps: | |
# - uses: 'actions/checkout@v4' | |
# - name: 'Compute job name' | |
# run: |- | |
# echo "JOB_NAME=${GITHUB_JOB}-job-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}" >> ${GITHUB_ENV} | |
# - uses: 'actions/setup-node@v4' | |
# with: | |
# node-version: '20.x' | |
# - run: 'npm ci && npm run build' | |
# - uses: 'google-github-actions/auth@v2' | |
# with: | |
# workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}' | |
# service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}' | |
# - id: 'deploy-cloudrun' | |
# name: 'Deploy' | |
# uses: './' | |
# with: | |
# image: 'gcr.io/cloudrun/hello' | |
# job: '${{ env.JOB_NAME }}' | |
# env_vars: |- | |
# FOO=bar | |
# ZIP=zap\,with|separators\,and&stuff | |
# env_vars_file: './tests/fixtures/env_vars.txt' | |
# secrets: |- | |
# MY_SECRET=${{ vars.SECRET_NAME }}:latest | |
# MY_SECOND_SECRET=${{ vars.SECRET_NAME }}:1 | |
# labels: |- | |
# label1=value1 | |
# label2=value2 | |
# skip_default_labels: true | |
# flags: '--cpu=2' | |
# - name: 'Run initial deploy tests' | |
# run: 'npm run e2e-tests' | |
# env: | |
# PROJECT_ID: ${{ vars.PROJECT_ID }} | |
# JOB: '${{ env.JOB_NAME }}' | |
# ENV: |- | |
# { | |
# "FOO": "bar", | |
# "ZIP": "zap,with|separators,and&stuff", | |
# "TEXT_FOO": "bar", | |
# "TEXT_ZIP": "zap,with|separators,and&stuff" | |
# } | |
# SECRET_ENV: |- | |
# { | |
# "MY_SECRET": "${{ vars.SECRET_NAME }}:latest", | |
# "MY_SECOND_SECRET": "${{ vars.SECRET_NAME }}:1" | |
# } | |
# LABELS: |- | |
# { | |
# "label1": "value1", | |
# "label2": "value2" | |
# } | |
# - id: 'deploy-cloudrun-again' | |
# name: 'Deploy again' | |
# uses: './' | |
# with: | |
# image: 'gcr.io/cloudrun/hello' | |
# job: '${{ env.JOB_NAME }}' | |
# env_vars: |- | |
# ABC=123 | |
# DEF=456 | |
# secrets: /api/secrets/my-secret=${{ vars.SECRET_NAME }}:latest | |
# - name: 'Run re-deploy tests' | |
# run: 'npm run e2e-tests' | |
# env: | |
# PROJECT_ID: ${{ vars.PROJECT_ID }} | |
# JOB: '${{ env.JOB_NAME }}' | |
# ENV: |- | |
# { | |
# "FOO": "bar", | |
# "ZIP": "zap,with|separators,and&stuff", | |
# "TEXT_FOO": "bar", | |
# "TEXT_ZIP": "zap,with|separators,and&stuff", | |
# "ABC": "123", | |
# "DEF": "456" | |
# } | |
# SECRET_VOLUMES: |- | |
# { | |
# "/api/secrets/my-secret": "${{ vars.SECRET_NAME }}:latest" | |
# } | |
# LABELS: |- | |
# { | |
# "label1": "value1", | |
# "label2": "value2", | |
# "commit-sha": "${{ github.sha }}", | |
# "managed-by": "github-actions" | |
# } |