|
1 | | -# This workflow build and push a Docker container to Google Artifact Registry |
2 | | -# and deploy it on Cloud Run when a commit is pushed to the "main" |
3 | | -# branch. |
4 | | -# |
5 | | -# To configure this workflow: |
6 | | -# |
7 | | -# 1. Enable the following Google Cloud APIs: |
8 | | -# |
9 | | -# - Artifact Registry (artifactregistry.googleapis.com) |
10 | | -# - Cloud Run (run.googleapis.com) |
11 | | -# - IAM Credentials API (iamcredentials.googleapis.com) |
12 | | -# |
13 | | -# You can learn more about enabling APIs at |
14 | | -# https://support.google.com/googleapi/answer/6158841. |
15 | | -# |
16 | | -# 2. Create and configure a Workload Identity Provider for GitHub: |
17 | | -# https://github.com/google-github-actions/auth#preferred-direct-workload-identity-federation. |
18 | | -# |
19 | | -# Depending on how you authenticate, you will need to grant an IAM principal |
20 | | -# permissions on Google Cloud: |
21 | | -# |
22 | | -# - Artifact Registry Administrator (roles/artifactregistry.admin) |
23 | | -# - Cloud Run Developer (roles/run.developer) |
24 | | -# |
25 | | -# You can learn more about setting IAM permissions at |
26 | | -# https://cloud.google.com/iam/docs/manage-access-other-resources |
27 | | -# |
28 | | -# 3. Change the values in the "env" block to match your values. |
29 | | - |
30 | | -name: 'Build and Deploy to Cloud Run' |
| 1 | +name: Deploy to Cloud Run |
31 | 2 |
|
32 | 3 | on: |
33 | 4 | push: |
34 | 5 | branches: |
35 | | - - '"main"' |
| 6 | + - main |
36 | 7 |
|
37 | 8 | env: |
38 | | - PROJECT_ID: 'my-project' # TODO: update to your Google Cloud project ID |
39 | | - REGION: 'us-central1' # TODO: update to your region |
40 | | - SERVICE: 'my-service' # TODO: update to your service name |
41 | | - WORKLOAD_IDENTITY_PROVIDER: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' # TODO: update to your workload identity provider |
| 9 | + PROJECT_ID: stefan-ai-training # Your GCP project ID |
| 10 | + REGION: us-central1 # Your GCP region |
| 11 | + SERVICE: upload-center # Your Cloud Run service name |
| 12 | + REPOSITORY: upload-center # Artifact Registry repo name |
42 | 13 |
|
43 | 14 | jobs: |
44 | 15 | deploy: |
45 | | - runs-on: 'ubuntu-latest' |
46 | | - |
47 | | - permissions: |
48 | | - contents: 'read' |
49 | | - id-token: 'write' |
| 16 | + runs-on: ubuntu-latest |
50 | 17 |
|
51 | 18 | steps: |
52 | | - - name: 'Checkout' |
53 | | - uses: 'actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332' # actions/checkout@v4 |
54 | | - |
55 | | - # Configure Workload Identity Federation and generate an access token. |
56 | | - # |
57 | | - # See https://github.com/google-github-actions/auth for more options, |
58 | | - # including authenticating via a JSON credentials file. |
59 | | - - id: 'auth' |
60 | | - name: 'Authenticate to Google Cloud' |
61 | | - uses: 'google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2' # google-github-actions/auth@v2 |
62 | | - with: |
63 | | - workload_identity_provider: '${{ env.WORKLOAD_IDENTITY_PROVIDER }}' |
64 | | - |
65 | | - # BEGIN - Docker auth and build |
66 | | - # |
67 | | - # If you already have a container image, you can omit these steps. |
68 | | - - name: 'Docker Auth' |
69 | | - uses: 'docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567' # docker/login-action@v3 |
70 | | - with: |
71 | | - username: 'oauth2accesstoken' |
72 | | - password: '${{ steps.auth.outputs.auth_token }}' |
73 | | - registry: '${{ env.REGION }}-docker.pkg.dev' |
74 | | - |
75 | | - - name: 'Build and Push Container' |
76 | | - run: |- |
77 | | - DOCKER_TAG="$${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }}" |
78 | | - docker build --tag "${DOCKER_TAG}" . |
79 | | - docker push "${DOCKER_TAG}" |
80 | | - - name: 'Deploy to Cloud Run' |
81 | | - |
82 | | - # END - Docker auth and build |
| 19 | + - name: Checkout code |
| 20 | + uses: actions/checkout@v3 |
83 | 21 |
|
84 | | - uses: 'google-github-actions/deploy-cloudrun@33553064113a37d688aa6937bacbdc481580be17' # google-github-actions/deploy-cloudrun@v2 |
| 22 | + - name: Set up Google Cloud SDK |
| 23 | + uses: google-github-actions/setup-gcloud@v1 |
85 | 24 | with: |
86 | | - service: '${{ env.SERVICE }}' |
87 | | - region: '${{ env.REGION }}' |
88 | | - # NOTE: If using a pre-built image, update the image name below: |
89 | | - |
90 | | - image: '${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }}' |
91 | | - # If required, use the Cloud Run URL output in later steps |
92 | | - - name: 'Show output' |
93 | | - run: |2- |
94 | | -
|
95 | | - echo ${{ steps.deploy.outputs.url }} |
| 25 | + project_id: ${{ env.PROJECT_ID }} |
| 26 | + service_account_key: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }} |
| 27 | + |
| 28 | + - name: Configure Docker for Artifact Registry |
| 29 | + run: gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev |
| 30 | + |
| 31 | + - name: Build and Push Docker image |
| 32 | + run: | |
| 33 | + IMAGE="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE }}:${{ github.sha }}" |
| 34 | + docker build -t $IMAGE . |
| 35 | + docker push $IMAGE |
| 36 | +
|
| 37 | + - name: Deploy to Cloud Run |
| 38 | + run: | |
| 39 | + gcloud run deploy ${{ env.SERVICE }} \ |
| 40 | + --image=${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE }}:${{ github.sha }} \ |
| 41 | + --region=${{ env.REGION }} \ |
| 42 | + --platform=managed \ |
| 43 | + --allow-unauthenticated |
0 commit comments