119 lines
4 KiB
YAML
119 lines
4 KiB
YAML
# GitHub Actions workflow for deploying Gateway to Google Cloud Run
|
|
# Documentation: https://cloud.google.com/run/docs/deploying
|
|
#
|
|
# Required GitHub Secrets:
|
|
# - GCP_PROJECT_ID: Your Google Cloud Project ID
|
|
# - GCP_SA_KEY: Service Account JSON key with Cloud Run Admin and Cloud Build Editor roles
|
|
# - GCP_SERVICE_ACCOUNT_EMAIL: Email of the service account to run Cloud Run service as
|
|
#
|
|
# Required Google Cloud Setup:
|
|
# 1. Create a service account with Cloud Run Admin and Cloud Build Editor roles
|
|
# 2. Create secret "CONFIG_KEY" in Secret Manager with your master key
|
|
# 3. Grant the service account access to Secret Manager secrets
|
|
# 4. Create Cloud SQL instance (if not exists)
|
|
# 5. Create env_gcp.env file with your configuration
|
|
|
|
name: Deploy Gateway to Google Cloud Run
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- 'gateway/**'
|
|
workflow_dispatch:
|
|
inputs:
|
|
environment:
|
|
description: 'Environment to deploy to'
|
|
required: true
|
|
default: 'prod'
|
|
type: choice
|
|
options:
|
|
- prod
|
|
- int
|
|
|
|
env:
|
|
PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
|
|
SERVICE_NAME: gateway-prod
|
|
REGION: europe-west6 # Zurich region
|
|
ENV_FILE: env_gcp.env
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
id-token: write # Required for Workload Identity Federation
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Authenticate to Google Cloud
|
|
uses: google-github-actions/auth@v2
|
|
with:
|
|
credentials_json: ${{ secrets.GCP_SA_KEY }}
|
|
# Alternative: Use Workload Identity Federation (more secure)
|
|
# workload_identity_provider: ${{ secrets.WIF_PROVIDER }}
|
|
# service_account: ${{ secrets.WIF_SERVICE_ACCOUNT }}
|
|
|
|
- name: Set up Cloud SDK
|
|
uses: google-github-actions/setup-gcloud@v2
|
|
|
|
- name: Configure Docker for GCR
|
|
run: |
|
|
gcloud auth configure-docker
|
|
|
|
- name: Set productive environment
|
|
run: |
|
|
cd gateway
|
|
if [ -f "${{ env.ENV_FILE }}" ]; then
|
|
cp ${{ env.ENV_FILE }} .env
|
|
else
|
|
echo "Warning: ${{ env.ENV_FILE }} not found, using env_prod.env as fallback"
|
|
cp env_prod.env .env
|
|
fi
|
|
# Clean up other env files (optional, for security)
|
|
rm -f env_*.env
|
|
|
|
- name: Build and push container image
|
|
working-directory: ./gateway
|
|
run: |
|
|
# Build container image using Cloud Build
|
|
# If Dockerfile exists, it will be used; otherwise Cloud Buildpacks will be used
|
|
gcloud builds submit \
|
|
--tag gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE_NAME }}:${{ github.sha }} \
|
|
--tag gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE_NAME }}:latest \
|
|
--project ${{ env.PROJECT_ID }}
|
|
|
|
- name: Deploy to Cloud Run
|
|
run: |
|
|
gcloud run deploy ${{ env.SERVICE_NAME }} \
|
|
--image gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE_NAME }}:${{ github.sha }} \
|
|
--region ${{ env.REGION }} \
|
|
--platform managed \
|
|
--allow-unauthenticated \
|
|
--project ${{ env.PROJECT_ID }} \
|
|
--set-env-vars "APP_ENV_TYPE=prod" \
|
|
--set-secrets "CONFIG_KEY=CONFIG_KEY:latest" \
|
|
--memory 2Gi \
|
|
--cpu 2 \
|
|
--timeout 300 \
|
|
--max-instances 10 \
|
|
--min-instances 1 \
|
|
--port 8000 \
|
|
--service-account ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }}
|
|
|
|
- name: Get service URL
|
|
id: service-url
|
|
run: |
|
|
SERVICE_URL=$(gcloud run services describe ${{ env.SERVICE_NAME }} \
|
|
--region ${{ env.REGION }} \
|
|
--project ${{ env.PROJECT_ID }} \
|
|
--format 'value(status.url)')
|
|
echo "url=$SERVICE_URL" >> $GITHUB_OUTPUT
|
|
|
|
- name: Output deployment URL
|
|
run: |
|
|
echo "🚀 Deployment successful!"
|
|
echo "Service URL: ${{ steps.service-url.outputs.url }}"
|