-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
196 additions
and
228 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,145 @@ | ||
| name: Deploy to Cloud Run | ||
| description: Deploy conductor to Cloud Run and Cloud Scheduler | ||
| inputs: | ||
| identity_provider: | ||
| description: gcp federation identity provider | ||
| required: true | ||
| service_account_email: | ||
| description: gcp service account email | ||
| required: true | ||
| project_id: | ||
| description: gcp project id | ||
| required: true | ||
| vcp: | ||
| description: gcp vcp name | ||
| required: true | ||
| repo_token: | ||
| description: GitHub token (e.g. secrets.GITHUB_TOKEN). This is only required if preview == 'yes' or if you are passing a value to service_now_system_id. | ||
| required: false | ||
| service_now_instance: | ||
| description: the sub address to https://{service_now_instance}.service-now.com | ||
| required: false | ||
| service_now_table: | ||
| description: the parent table name to write to | ||
| required: false | ||
| service_now_system_id: | ||
| description: the child record id to write to | ||
| required: false | ||
| service_now_username: | ||
| description: the service account name | ||
| required: false | ||
| service_now_password: | ||
| description: the service account password | ||
| required: false | ||
|
|
||
| runs: | ||
| using: composite | ||
| steps: | ||
| - name: 🗝️ Authenticate to Google Cloud | ||
| id: auth | ||
| uses: google-github-actions/auth@v1 | ||
| with: | ||
| workload_identity_provider: ${{ inputs.identity_provider }} | ||
| service_account: ${{ inputs.service_account_email }} | ||
| create_credentials_file: true | ||
|
|
||
| - name: 🐳 Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v2 | ||
| id: builder | ||
|
|
||
| - name: 🗝️ Authenticate Docker to Google Cloud | ||
| uses: docker/login-action@v2 | ||
| with: | ||
| registry: us-central1-docker.pkg.dev | ||
| username: oauth2accesstoken | ||
| password: ${{ steps.auth.outputs.access_token }} | ||
|
|
||
| - name: 🏷️ Extract tags from GitHub | ||
| uses: docker/metadata-action@v4 | ||
| id: meta | ||
| with: | ||
| images: us-central1-docker.pkg.dev/${{ inputs.project_id }}/conductor | ||
| tags: | | ||
| type=ref,suffix=-{{sha}},event=branch | ||
| type=ref,prefix=pr-,suffix=-{{sha}},event=pr | ||
| type=semver,pattern={{version}} | ||
| type=raw,value=latest | ||
| - name: 📦 Build and push image | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| file: ./Dockerfile | ||
| context: . | ||
| builder: ${{ steps.builder.outputs.name }} | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| push: true | ||
| provenance: false | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
|
|
||
| - name: 🔍️ Set Image Name | ||
| shell: bash | ||
| run: | | ||
| IMAGE_ID=$(echo $DOCKER_METADATA_OUTPUT_TAGS | cut -d ' ' -f 1) | ||
| echo "IMAGE_ID=$IMAGE_ID" >> $GITHUB_ENV | ||
| - name: 🚀 Deploy to Cloud Run | ||
| id: deploy | ||
| uses: google-github-actions/deploy-cloudrun@v1 | ||
| with: | ||
| service: conductor | ||
| image: ${{ env.IMAGE_ID }} | ||
| region: us-central1 | ||
| env_vars: | | ||
| PORTER_DEVELOPMENT=1 | ||
| secrets: | | ||
| /secrets/db/connection=conductor-connections:latest | ||
| /secrets/sheets/service-account=stewardship-sa:latest | ||
| flags: | | ||
| --service-account=conductor-cloud-run@${{ inputs.project_id }}.iam.gserviceaccount.com | ||
| --vpc-connector=${{ inputs.vpc }} | ||
| --vpc-egress=all-traffic | ||
| --max-instances=10 | ||
| --cpu=1000m | ||
| --memory=512Mi | ||
| --timeout=5m | ||
| - name: 🕰️ Create cloud scheduler | ||
| shell: bash | ||
| run: | | ||
| if [ ! "$(gcloud scheduler jobs list | grep conductor)" ]; then | ||
| gcloud scheduler jobs create http conductor \ | ||
| --description="Trigger the conductor bot once a week on monday morning" \ | ||
| --schedule="0 9 * * 1" \ | ||
| --time-zone=America/Denver \ | ||
| --uri=${{ steps.deploy.outputs.url }}/gcp/schedule \ | ||
| --http-method=POST \ | ||
| --max-retry-attempts=3 \ | ||
| --min-backoff=1m \ | ||
| --max-backoff=10m \ | ||
| --oidc-service-account-email=cloud-scheduler@${{ inputs.project_id }}.iam.gserviceaccount.com \ | ||
| --quiet | ||
| else | ||
| gcloud scheduler jobs update http conductor \ | ||
| --description="Trigger the conductor bot once a week on monday morning" \ | ||
| --schedule="0 9 * * 1" \ | ||
| --time-zone=America/Denver \ | ||
| --uri=${{ steps.deploy.outputs.url }}/gcp/schedule \ | ||
| --http-method=POST \ | ||
| --max-retry-attempts=3 \ | ||
| --min-backoff=1m \ | ||
| --max-backoff=10m \ | ||
| --oidc-service-account-email=cloud-scheduler@${{ inputs.project_id }}.iam.gserviceaccount.com \ | ||
| --quiet | ||
| fi | ||
| - name: 🔔 Publish deployment worknote | ||
| uses: agrc/service-now-worknote-action@v1 | ||
| if: ${{ inputs.service_now_system_id != '' inputs.notify == 'yes'}} | ||
| with: | ||
| repo-token: ${{ inputs.repo_token }} | ||
| username: ${{ inputs.service_now_username }} | ||
| password: ${{ inputs.service_now_password }} | ||
| instance-name: ${{ inputs.service_now_instance }} | ||
| table-name: ${{ inputs.service_now_table }} | ||
| system-id: ${{ inputs.service_now_system_id }} |
Oops, something went wrong.