debug CI

Atomsoldat · Dec 29, 2024 · 247e851 · 247e851
1 parent 8614700
commit 247e851
Showing 1 changed file with 21 additions and 9 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -3,12 +3,19 @@ on:
     branches:
       - '*'
 jobs:
-  build:
+  build_website:
+    permissions:
+      # these permissions are needed to authenticate with gcloud
+      contents: 'read'
+      id-token: 'write'
+    env:
+      IMAGE_NAME: lichturm-website
+      IMAGE_TAG: prod
     runs-on: ubuntu-latest
     steps:
 
       - name: Checkout Repo
-        uses: actions/checkout@master
+        uses: actions/checkout@v4
 
       - name: Build Website
       # TODO: pick a version?
@@ -23,39 +30,44 @@ jobs:
           name: website
           path: './public'
 
+      #https://github.com/google-github-actions/auth
       - name: Google Auth
         id: auth
         uses: 'google-github-actions/auth@v2'
         with:
           token_format: 'access_token'
-          project_id: ${{ env.PROJECT_ID }}
-          service_account: ${{ env.SERVICE_ACCOUNT }}
-          workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }}
+          project_id: ${{ secrets.PROJECT_ID }}
+          service_account: ${{ secrets.SERVICE_ACCOUNT }}
+          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
+          #project_id: bob
+          #service_account: 123
+          #workload_identity_provider: xyz
 
       - name: Docker Auth
         id: docker-auth
         uses: 'docker/login-action@v1'
         with:
           username: 'oauth2accesstoken'
           password: '${{ steps.auth.outputs.access_token }}'
-          registry: '${{ env.CONTAINER_REGISTRY_URL }}-docker.pkg.dev'
+          registry: '${{ secrets.CONTAINER_REGISTRY_URL }}-docker.pkg.dev'
 
       - name: Build and Push Container
         run: |-
-          docker build -t "${{ env.AR_URL }}/${{ env.IMAGE_NAME }}:${{ github.sha }}" ./
-          docker push "${{ env.AR_URL }}/${{ env.IMAGE_NAME }}:${{ github.sha }}"
+          docker build -t "${{ secrets.CONTAINER_REGISTRY_URL }}/${{ env.IMAGE_NAME }}:$ {{ env.IMAGE_TAG }}"
+          docker push "${{ secrets.CONTAINER_REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}"
 
-      # upload to s3
       - name: Install s3cmd
         run: |
           pip install s3cmd
+
       - name: Configure s3cmd
         run: |
           echo "[default]" > ~/.s3cfg
           echo "access_key = ${{ secrets.S3_KEY_ID }}" >> ~/.s3cfg
           echo "secret_key = ${{ secrets.S3_SECRET_KEY }}" >> ~/.s3cfg
           echo "host_base = fsn1.your-objectstorage.com" >> ~/.s3cfg
           echo "host_bucket = %(bucket)s.fsn1.your-objectstorage.com" >> ~/.s3cfg
+
       - name: Upload files to Hetzner S3
         # with this configuration, the bucket should be specified as e.g. "s3://bucket1"
         run: |