fix: google cloud storage #702
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
permissions: | |
contents: read | |
concurrency: | |
group: ci-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
jobs: | |
test: | |
if: ${{ github.event_name == 'pull_request' }} | |
strategy: | |
fail-fast: false | |
matrix: | |
command: | |
- 'build' | |
- 'lint:check' | |
- 'format:check' | |
- 'test:unit' | |
runs-on: ubuntu-20.04 | |
name: Test on Node.js 16 ( ${{ matrix.command }} ) | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
with: | |
fetch-depth: 0 | |
- name: Set Up Node.js | |
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 | |
with: | |
node-version: 16 | |
cache: npm | |
- name: Install Dependencies | |
run: npm ci --ignore-scripts | |
- name: Run ${{ matrix.command }} | |
run: npm run ${{ matrix.command }} | |
build: | |
if: ${{ github.event_name == 'push' && github.ref_type == 'branch' }} | |
runs-on: ubuntu-20.04 | |
name: Build | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
with: | |
fetch-depth: 0 | |
- name: Set Up QEMU | |
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 | |
- name: Set Up Docker Buildx | |
id: set-up-buildx | |
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 | |
with: | |
install: true | |
- name: Cache Docker Layers | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Build Docker | |
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 | |
with: | |
builder: ${{ steps.set-up-buildx.outputs.name }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | |
context: . | |
file: .maintain/docker/Dockerfile | |
tags: ${{ github.repository }}:${{ github.sha }} | |
outputs: type=docker,dest=/tmp/docker_image.tar | |
- name: Move Cache Docker Layers | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
- name: Upload Build to Artifact | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 | |
with: | |
name: build_${{ github.sha }} | |
path: | | |
/tmp/docker_image.tar | |
retention-days: 5 | |
release-please: | |
needs: | |
- build | |
runs-on: ubuntu-20.04 | |
name: Release Please | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
with: | |
fetch-depth: 0 | |
- name: Release | |
id: release | |
uses: google-github-actions/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01 | |
with: | |
token: ${{ secrets.PAT }} | |
fork: true | |
release-type: node | |
package-name: ${{ github.event.repository.name }} | |
include-v-in-tag: false | |
outputs: | |
release_created: ${{ steps.release.outputs.release_created }} | |
tag_name: ${{ steps.release.outputs.tag_name }} | |
publish-docker: | |
needs: | |
- release-please | |
runs-on: ubuntu-20.04 | |
name: Publish Docker | |
steps: | |
- name: Login to DockerHub | |
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Download Build from Artifact | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
with: | |
name: build_${{ github.sha }} | |
path: /tmp | |
- name: Load Downloaded Image | |
run: | | |
docker load --input /tmp/docker_image.tar | |
docker images --no-trunc --digests ${{ github.repository }} | |
- name: Tag as Release Version | |
if: ${{ needs.release-please.outputs.release_created }} | |
run: | | |
docker tag ${{ github.repository }}:${{ github.sha }} ${{ github.repository }}:${{ needs.release-please.outputs.tag_name }} | |
docker tag ${{ github.repository }}:${{ github.sha }} ${{ github.repository }}:latest | |
docker images --no-trunc --digests ${{ github.repository }} | |
- name: Push | |
run: docker image push -a ${{ github.repository }} | |
deploy: | |
needs: | |
- release-please | |
- publish-docker | |
permissions: | |
contents: read | |
id-token: write | |
strategy: | |
max-parallel: 1 | |
matrix: | |
is_release: | |
- ${{ needs.release-please.outputs.release_created || false }} | |
environment: | |
- TESTNET | |
- MAINNET | |
exclude: | |
- is_release: false | |
environment: MAINNET | |
environment: ${{ matrix.environment }} | |
runs-on: ubuntu-20.04 | |
name: Deploy to ${{ matrix.environment }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
with: | |
fetch-depth: 0 | |
- name: Authenticate to Google Cloud | |
uses: google-github-actions/auth@f105ef0cdb3b102a020be1767fcc8a974898b7c6 | |
with: | |
workload_identity_provider: ${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_WORKLOAD_IDENTITY_PROVIDER')] }} | |
service_account: ${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_WORKLOAD_IDENTITY_SERVICE_ACCOUNT')] }} | |
- name: Set Up Google Cloud SDK | |
uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b | |
- name: Get GKE Credentials | |
uses: google-github-actions/get-gke-credentials@35ab0d2b2d48792c19f09325413bd185c8d44394 | |
with: | |
cluster_name: ${{ secrets[format('{0}_{1}', matrix.environment, 'GKE_CLUSTER_NAME')] }} | |
location: ${{ secrets[format('{0}_{1}', matrix.environment, 'GKE_LOCATION')] }} | |
use_internal_ip: true | |
- name: Tunneling SSH connections | |
run: | | |
gcloud compute ssh ${{ secrets[format('{0}_{1}', matrix.environment, 'GCE_BASTION_INSTANCE_NAME')] }} \ | |
--project=${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }} \ | |
--zone ${{ secrets[format('{0}_{1}', matrix.environment, 'GCE_BASTION_INSTANCE_ZONE')] }} \ | |
--ssh-flag '-4 -L 8888:127.0.0.1:8888 -N -q -f' \ | |
--tunnel-through-iap \ | |
--quiet | |
- name: Set Up Helm | |
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 | |
with: | |
version: v3.10.0 | |
- name: Perform Deployment | |
run: | | |
helm repo add debionetwork https://charts.debio.network | |
helm repo update | |
HTTPS_PROXY=127.0.0.1:8888 helm upgrade ${{ github.event.repository.name }} debionetwork/debio-app-deployer \ | |
--install \ | |
--set-string nameOverride=${{ github.event.repository.name }} \ | |
--set-string image.repository=${{ github.repository }} \ | |
--set-string image.tag=${{ needs.release-please.outputs.tag_name || github.sha }} \ | |
--set-string serviceAccount.name=${{ github.event.repository.name }} \ | |
--set-string serviceAccount.annotations.'iam\.gke\.io/gcp-service-account'=${{ github.event.repository.name }}@${{ secrets[format('{0}_{1}', matrix.environment, 'GCP_PROJECT_ID')] }}.iam.gserviceaccount.com \ | |
--set config.secretsStore.enabled=true \ | |
--set-string config.secretsStore.providerClass=${{ github.event.repository.name }}-secrets-store-provider \ | |
--set-string config.secretsStore.name=${{ github.event.repository.name }}-secrets-store \ | |
--set containerPort=3000 \ | |
--set service.port=3000 \ | |
--set-string nodeSelector.node_pool=general \ | |
--set-string nodeSelector.'iam\.gke\.io/gke-metadata-server-enabled'='true' | |
HTTPS_PROXY=127.0.0.1:8888 kubectl rollout status deployment/${{ github.event.repository.name }} | |
- name: Clean Up Tunneling SSH Connections | |
if: always() | |
run: | | |
kill -9 $(lsof -ti:8888) | |
gcloud compute os-login ssh-keys remove --key-file=/home/runner/.ssh/google_compute_engine.pub |