build(deps): bump actions/setup-java from 3 to 4 #196
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: GCP Cloud Run CI Dev | |
on: | |
pull_request: | |
types: [ opened, synchronize, reopened ] | |
env: | |
PROJECT_ID: fpi-sms-api | |
REGISTRY: asia-east1-docker.pkg.dev | |
GHUB_REPO_NAME: fpi-sms-api | |
SERVICE: fpi-sms-api-dev | |
REGION: asia-east1 | |
SONAR_PROJECT_KEY: vincejv_fpi-sms-api | |
SERVICE_CPU: 1000m | |
SERVICE_MEMORY: 512Mi | |
SERVICE_ENV: dev | |
jobs: | |
pre_job: | |
name: Duplicate checks | |
runs-on: ubuntu-latest | |
if: ${{ !contains(github.event.head_commit.message, 'docs-update(') }} # skip for commits containing 'docs-update(' | |
outputs: | |
should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
paths_result: ${{ steps.skip_check.outputs.paths_result }} | |
steps: | |
- name: Skip duplicate actions | |
id: skip_check | |
uses: fkirc/skip-duplicate-actions@v5 | |
with: | |
concurrent_skipping: outdated_runs | |
cancel_others: true | |
code_quality_checks: | |
name: Code quality checks | |
runs-on: ubuntu-latest | |
needs: pre_job | |
if: needs.pre_job.outputs.should_skip != 'true' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v3 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Build and analyze | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=${{ env.SONAR_PROJECT_KEY }} -Dsonar.qualitygate.wait=true -Pallow-snapshots | |
deploy_to_cloud: | |
name: Deploy to Cloud Run | |
runs-on: ubuntu-latest | |
needs: code_quality_checks | |
outputs: | |
artifact_version: ${{ steps.gen_ver.outputs.artifact_version }} | |
service_image_path: ${{ steps.image_version.outputs.service_image_path }} | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
environment: Development | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # for jgitver to generate the version | |
# - name: Set up Docker Buildx | |
# uses: docker/setup-buildx-action@v2 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
- name: Prepare artifact version | |
id: gen_ver | |
run: | | |
echo "artifact_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT | |
- name: Prepare Docker image tag | |
id: image_version | |
run: | | |
echo "service_image_path=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }}:${{ steps.gen_ver.outputs.artifact_version }}" >> $GITHUB_OUTPUT | |
- name: Create JVM package | |
run: mvn -B package -Pallow-snapshots | |
- name: Google Auth | |
id: gcp-auth | |
uses: google-github-actions/auth@v1 | |
with: | |
token_format: 'access_token' | |
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' | |
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' | |
- name: Login to Google Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: 'oauth2accesstoken' | |
password: ${{ steps.gcp-auth.outputs.access_token }} | |
- name: Check Docker repository | |
id: repository_check | |
continue-on-error: true # will throw an error if repository does not exist | |
run: | | |
gcloud artifacts repositories describe ${{ env.GHUB_REPO_NAME }} --location ${{ env.REGION }} | |
- name: Create Docker repository | |
if: ${{ steps.repository_check.outcome == 'failure' }} # only create if previous step does not exist | |
run: | | |
gcloud artifacts repositories create ${{ env.GHUB_REPO_NAME }} --repository-format=docker --location ${{ env.REGION }} | |
# - name: Extract metadata (tags, labels) for Docker | |
# id: meta | |
# uses: docker/metadata-action@v4 | |
# with: | |
# images: ${{ steps.image_version.outputs.service_image_path }} | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: Dockerfile.dev | |
push: true | |
tags: | # ${{ steps.meta.outputs.tags }} - (For public repositories like docker hub) | |
${{ steps.image_version.outputs.service_image_path }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Deploy to cloud run | |
id: deploy | |
uses: google-github-actions/deploy-cloudrun@v1 | |
with: | |
service: ${{ env.SERVICE }} | |
region: ${{ env.REGION }} | |
image: ${{ steps.image_version.outputs.service_image_path }} | |
project_id: ${{ env.PROJECT_ID }} | |
flags: | | |
--set-env-vars ^##^MONGO_CONN_STRING=${{ secrets.MONGO_CONN_STRING }} | |
--set-env-vars OIDC_CLIENT_ID=${{ secrets.OIDC_CLIENT_ID }} | |
--set-env-vars OIDC_AUTH_URL=${{ secrets.OIDC_AUTH_URL }} | |
--set-env-vars OIDC_SECRET=${{ secrets.OIDC_SECRET }} | |
--set-env-vars SMS_API_KEY=${{ secrets.SMS_API_KEY }} | |
--set-env-vars SMS_SID=${{ secrets.SMS_SID }} | |
--set-env-vars M360_BROADCAST_URL=${{ secrets.M360_BROADCAST_URL }} | |
--set-env-vars USER_BASE_URI=${{ secrets.USER_BASE_URI }} | |
--set-env-vars FPI_APP_TO_APP_USERN=${{ secrets.FPI_APP_TO_APP_USERN }} | |
--set-env-vars LOGIN_BASE_URI=${{ secrets.LOGIN_BASE_URI }} | |
--set-env-vars SMS_SECRET=${{ secrets.SMS_SECRET }} | |
--set-env-vars FPI_MO_WEBHOOK_KEY=${{ secrets.FPI_MO_WEBHOOK_KEY }} | |
--set-env-vars FPI_DLR_WEBHOOK_KEY=${{ secrets.FPI_DLR_WEBHOOK_KEY }} | |
--set-env-vars FPI_GEN_WEBHOOK_KEY=${{ secrets.FPI_GEN_WEBHOOK_KEY }} | |
--set-env-vars FPI_APP_TO_APP_PASSW=${{ secrets.FPI_APP_TO_APP_PASSW }} | |
--set-env-vars M360_API_URL=${{ secrets.M360_API_URL }} | |
--set-env-vars DB_NAME=sms-api-dev | |
--cpu ${{ env.SERVICE_CPU }} | |
--memory ${{ env.SERVICE_MEMORY }} | |
--timeout 900 | |
--no-cpu-throttling | |
labels: | | |
env=${{ env.SERVICE_ENV }} | |
- name: Configure cloud run | |
run: |- | |
gcloud run services add-iam-policy-binding ${{ env.SERVICE }} --member=allUsers --role=roles/run.invoker --region=${{ env.REGION }} | |
- name: Show Output | |
run: echo ${{ steps.deploy.outputs.url }} | |
deploy_to_central: | |
name: Release artifact to central | |
runs-on: ubuntu-latest | |
needs: deploy_to_cloud # only deploy to central if successfully deployed to cloud run environment | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
server-id: ossrh | |
server-username: MAVEN_USERNAME | |
server-password: MAVEN_PASSWORD | |
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
gpg-passphrase: MAVEN_GPG_PASSPHRASE | |
- name: Build and release to central repo | |
env: | |
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
run: mvn -B deploy -Dlib-only -Prelease-for-oss,allow-snapshots | |
pr_update: | |
name: Pull request update | |
if: always() | |
needs: [ pre_job, deploy_to_cloud ] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
pull-requests: write # allows job to decorate PRs with analysis results | |
steps: | |
- name: Update PR (Skip message) | |
uses: marocchino/sticky-pull-request-comment@v2 | |
if: ${{ always() && needs.pre_job.outputs.should_skip == 'true' }} | |
with: | |
message: | | |
⚪ Skipped CI/CD as deployment was done in a previous job | |
- name: Update PR (Success message) | |
uses: marocchino/sticky-pull-request-comment@v2 | |
if: ${{ always() && needs.pre_job.outputs.should_skip != 'true' && needs.deploy_to_cloud.outputs.artifact_version != '' }} | |
with: | |
message: | | |
✅ Deployed to DEV environment: `${{ needs.deploy_to_cloud.outputs.artifact_version }}` | |
#### Add to your POM | |
```xml | |
<dependency> | |
<groupId>com.abavilla</groupId> | |
<artifactId>${{ env.GHUB_REPO_NAME }}-lib</artifactId> | |
<version>${{ needs.deploy_to_cloud.outputs.artifact_version }}</version> | |
</dependency> | |
``` | |
- name: Update PR (Failure message) | |
uses: marocchino/sticky-pull-request-comment@v2 | |
if: ${{ always() && needs.pre_job.outputs.should_skip != 'true' && needs.deploy_to_cloud.outputs.artifact_version == '' }} | |
with: | |
message: | | |
❌ CI Build & Deployment failed, please check the [logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details | |
gcr-cleaner: | |
name: Clean-up old artifact registry images | |
needs: deploy_to_cloud | |
runs-on: 'ubuntu-latest' | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Google Auth | |
id: gcp-auth | |
uses: google-github-actions/auth@v1 | |
with: | |
token_format: 'access_token' | |
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' | |
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' | |
- name: Login to Google Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: 'oauth2accesstoken' | |
password: ${{ steps.gcp-auth.outputs.access_token }} | |
- name: Run GCR Cleaner | |
uses: docker://us-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli | |
with: | |
args: >- | |
-repo=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }} | |
-tag-filter-any "." | |
-keep=1 | |
-recursive=true |