Skip to content

Merge pull request #124 from systemphil/firegrep/overview #24

Merge pull request #124 from systemphil/firegrep/overview

Merge pull request #124 from systemphil/firegrep/overview #24

Workflow file for this run

name: CD Staging 🥽
on:
workflow_dispatch:
push:
branches:
- main
jobs:
prepyrus_verify:
if: github.repository_owner == 'systemphil'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache/restore@v4
id: prepyrus-cache-restore
with:
path: target/release/prepyrus_runner
key: ${{ runner.os }}-cargo-${{ hashFiles('scripts/prepyrus_runner/Cargo.lock') }}-${{ hashFiles('scripts/prepyrus_runner/src/**') }}
- name: Install Rust
if: steps.prepyrus-cache-restore.outputs.cache-hit != 'true'
uses: actions-rust-lang/setup-rust-toolchain@v1
- name: Install dependencies
if: steps.prepyrus-cache-restore.outputs.cache-hit != 'true'
run: cargo build --release --package prepyrus_runner
- name: Run prepyrus script in VERIFY mode
run: target/release/prepyrus_runner absolute_bibliography.bib content verify
- name: Upload prepyrus for next job
uses: actions/upload-artifact@v4
with:
name: prepyrus_artifact
path: target/release/prepyrus_runner
- name: Save Prepyrus to cache
id: prepyrus-cache-save
if: steps.prepyrus-cache-restore.outputs.cache-hit != 'true'
uses: actions/cache/save@v4
with:
path: target/release/prepyrus_runner
key: ${{ runner.os }}-cargo-${{ hashFiles('scripts/prepyrus_runner/Cargo.lock') }}-${{ hashFiles('scripts/prepyrus_runner/src/**') }}
build_and_deploy:
needs: prepyrus_verify
if: github.repository_owner == 'systemphil'
environment: staging
runs-on: ubuntu-latest
env:
SERVICE: ${{ secrets.SERVICE }}
BUILD_PATH:
# These are set manually for staging:
# AUTH_URL
# AUTH_GITHUB_ID
# AUTH_GITHUB_SECRET
SECRETS: >-
DATABASE_URL
AUTH_SECRET
AUTH_GOOGLE_ID
AUTH_GOOGLE_SECRET
AUTH_RESEND_KEY
AUTH_EMAIL_FROM
GCP_PRIMARY_BUCKET_NAME
GCP_SECONDARY_BUCKET_NAME
STRIPE_API_KEY
STRIPE_WEBHOOK_SECRET
RESEND_API_KEY
EMAIL_SEND
EMAIL_RECEIVE
PROJECT_ID: ${{ secrets.PROJECT_ID }}
PROJECT_NUMBER: ${{ secrets.PROJECT_NUMBER }}
REGION: ${{ secrets.REGION }}
TAG: latest
DEPLOY_CONFIG: >-
port:8080
execution-environment:gen1
concurrency:80
service-min-instances:default
min-instances:default
max-instances:1
steps:
- name: Check if running in the parent repository
run: |
if [ "${GITHUB_REPOSITORY}" != "systemphil/sphil" ]; then
echo "This workflow is only intended for the parent repository. Skipping deployment."
exit 1
fi
- name: Checkout Code
uses: actions/checkout@v4
with:
repository: ${{ github.repository }}
ref: ${{ github.ref }}
fetch-depth: 1
- name: Download prepyrus artifact
uses: actions/download-artifact@v4
with:
name: prepyrus_artifact
path: target/release/prepyrus_runner
- name: Give execution permissions to prepyrus
run: chmod +x target/release/prepyrus_runner/prepyrus_runner
- name: Run prepyrus in PROCESS mode
run: target/release/prepyrus_runner/prepyrus_runner absolute_bibliography.bib content process
- name: GCP Auth
uses: "google-github-actions/auth@v2"
with:
credentials_json: "${{ secrets.GOOGLE_CREDENTIALS }}"
- name: Set up Cloud SDK
uses: "google-github-actions/setup-gcloud@v2"
with:
install_components: beta
- name: Docker Auth
id: docker-auth
uses: "docker/login-action@v1"
with:
username: _json_key
password: "${{ secrets.GOOGLE_CREDENTIALS }}"
registry: "${{ env.REGION }}-docker.pkg.dev"
- name: Verify Artifact Registry
# Verify artifact registry exists, otherwise create one
run: |
set +e # Temporarily allow errors
gcloud artifacts repositories describe ${{ env.SERVICE }} --location=${{ env.REGION }} --format='value(name)' > /dev/null 2>&1
STATUS=$? # Capture the exit status
set -e # Re-enable exit on error
if [ $STATUS -ne 0 ]; then
echo "🏗️ Artifact Registry not found. Attempting to create one..."
gcloud artifacts repositories create ${{ env.SERVICE }} \
--repository-format=docker \
--location=${{ env.REGION }}
gcloud artifacts repositories set-cleanup-policies ${{ env.SERVICE }} \
--location=${{ env.REGION }} \
--policy=.github/artifact_repository_cleanup_policy.json
else
echo "✅ Artifact Registry already exists."
fi
- name: Build and Push Container
# NEXT_PUBLIC_ env variables have to be set during the build phase.
run: |-
docker build \
--build-arg NEXT_PUBLIC_SITE_ROOT=${{secrets.NEXT_PUBLIC_SITE_ROOT}} \
--build-arg NEXT_PUBLIC_GA_ID=${{secrets.NEXT_PUBLIC_GA_ID}} \
-f Dockerfile \
-t "${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ env.TAG }}" ./
docker push "${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ env.TAG }}"
- name: Deploy to Cloud Run
run: |
chmod +x .github/deploy_script.sh
.github/deploy_script.sh \
${{ env.PROJECT_ID }} \
${{ env.PROJECT_NUMBER }} \
${{ env.REGION }} \
${{ env.SERVICE }} \
${{ env.TAG }} \
"${{ env.SECRETS }}" \
"${{ env.DEPLOY_CONFIG }}"