-
Notifications
You must be signed in to change notification settings - Fork 15
167 lines (148 loc) · 5.54 KB
/
cd_prod.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
name: CD Production 🚀
on:
workflow_dispatch:
release:
types: [created]
jobs:
prepyrus_verify:
if: github.repository_owner == 'systemphil'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache/restore@v4
id: prepyrus-cache-restore
with:
path: target/release/prepyrus_runner
key: ${{ runner.os }}-cargo-${{ hashFiles('scripts/prepyrus_runner/Cargo.lock') }}-${{ hashFiles('scripts/prepyrus_runner/src/**') }}
- name: Install Rust
if: steps.prepyrus-cache-restore.outputs.cache-hit != 'true'
uses: actions-rust-lang/setup-rust-toolchain@v1
- name: Install dependencies
if: steps.prepyrus-cache-restore.outputs.cache-hit != 'true'
run: cargo build --release --package prepyrus_runner
- name: Run prepyrus script in VERIFY mode
run: target/release/prepyrus_runner absolute_bibliography.bib content verify
- name: Upload prepyrus for next job
uses: actions/upload-artifact@v4
with:
name: prepyrus_artifact
path: target/release/prepyrus_runner
- name: Save Prepyrus to cache
id: prepyrus-cache-save
if: steps.prepyrus-cache-restore.outputs.cache-hit != 'true'
uses: actions/cache/save@v4
with:
path: target/release/prepyrus_runner
key: ${{ runner.os }}-cargo-${{ hashFiles('scripts/prepyrus_runner/Cargo.lock') }}-${{ hashFiles('scripts/prepyrus_runner/src/**') }}
build_and_deploy:
needs: prepyrus_verify
if: github.repository_owner == 'systemphil'
environment: prod
runs-on: ubuntu-latest
env:
SERVICE: ${{ secrets.SERVICE }}
BUILD_PATH:
SECRETS: >-
DATABASE_URL
AUTH_URL
AUTH_SECRET
AUTH_GITHUB_ID
AUTH_GITHUB_SECRET
AUTH_GOOGLE_ID
AUTH_GOOGLE_SECRET
AUTH_RESEND_KEY
AUTH_EMAIL_FROM
GCP_PRIMARY_BUCKET_NAME
GCP_SECONDARY_BUCKET_NAME
STRIPE_API_KEY
STRIPE_WEBHOOK_SECRET
RESEND_API_KEY
EMAIL_SEND
EMAIL_RECEIVE
PROJECT_ID: ${{ secrets.PROJECT_ID }}
PROJECT_NUMBER: ${{ secrets.PROJECT_NUMBER }}
REGION: ${{ secrets.REGION }}
TAG: latest
DEPLOY_CONFIG: >-
port:8080
execution-environment:gen1
concurrency:80
service-min-instances:default
min-instances:default
max-instances:1
memory:1024Mi
steps:
- name: Check if running in the parent repository
run: |
if [ "${GITHUB_REPOSITORY}" != "systemphil/sphil" ]; then
echo "This workflow is only intended for the parent repository. Skipping deployment."
exit 1
fi
- name: Checkout Code
uses: actions/checkout@v4
with:
repository: ${{ github.repository }}
ref: ${{ github.ref }}
fetch-depth: 1
- name: Download prepyrus artifact
uses: actions/download-artifact@v4
with:
name: prepyrus_artifact
path: target/release/prepyrus_runner
- name: Give execution permissions to prepyrus
run: chmod +x target/release/prepyrus_runner/prepyrus_runner
- name: Run prepyrus in PROCESS mode
run: target/release/prepyrus_runner/prepyrus_runner absolute_bibliography.bib content process
- name: GCP Auth
uses: "google-github-actions/auth@v2"
with:
credentials_json: "${{ secrets.GOOGLE_CREDENTIALS }}"
- name: Set up Cloud SDK
uses: "google-github-actions/setup-gcloud@v2"
with:
install_components: beta
- name: Docker Auth
id: docker-auth
uses: "docker/login-action@v1"
with:
username: _json_key
password: "${{ secrets.GOOGLE_CREDENTIALS }}"
registry: "${{ env.REGION }}-docker.pkg.dev"
- name: Verify Artifact Registry
# Verify artifact registry exists, otherwise create one
run: |
set +e # Temporarily allow errors
gcloud artifacts repositories describe ${{ env.SERVICE }} --location=${{ env.REGION }} --format='value(name)' > /dev/null 2>&1
STATUS=$? # Capture the exit status
set -e # Re-enable exit on error
if [ $STATUS -ne 0 ]; then
echo "🏗️ Artifact Registry not found. Attempting to create one..."
gcloud artifacts repositories create ${{ env.SERVICE }} \
--repository-format=docker \
--location=${{ env.REGION }}
gcloud artifacts repositories set-cleanup-policies ${{ env.SERVICE }} \
--location=${{ env.REGION }} \
--policy=.github/artifact_repository_cleanup_policy.json
else
echo "✅ Artifact Registry already exists."
fi
- name: Build and Push Container
# NEXT_PUBLIC_ env variables have to be set during the build phase.
run: |-
docker build \
--build-arg NEXT_PUBLIC_SITE_ROOT=${{secrets.NEXT_PUBLIC_SITE_ROOT}} \
--build-arg NEXT_PUBLIC_GA_ID=${{secrets.NEXT_PUBLIC_GA_ID}} \
-f Dockerfile \
-t "${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ env.TAG }}" ./
docker push "${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ env.TAG }}"
- name: Deploy to Cloud Run
run: |
chmod +x .github/deploy_script.sh
.github/deploy_script.sh \
${{ env.PROJECT_ID }} \
${{ env.PROJECT_NUMBER }} \
${{ env.REGION }} \
${{ env.SERVICE }} \
${{ env.TAG }} \
"${{ env.SECRETS }}" \
"${{ env.DEPLOY_CONFIG }}"