-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
OPS: Use reusable deployment workflow
- Loading branch information
1 parent
83722f6
commit 3e68879
Showing
2 changed files
with
10 additions
and
120 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,126 +11,16 @@ on: | |
default: "false" | ||
|
||
jobs: | ||
info: | ||
deploy: | ||
if: "!contains(github.event.head_commit.message, 'skipci')" | ||
runs-on: ubuntu-latest | ||
|
||
timeout-minutes: 5 | ||
|
||
permissions: | ||
contents: read | ||
|
||
outputs: | ||
branch_tag_kebab: ${{ steps.get-deployment-info.outputs.branch_tag_kebab }} | ||
branch_tag_screaming: ${{ steps.get-deployment-info.outputs.branch_tag_screaming}} | ||
image_latest_artifact: ${{ steps.get-deployment-info.outputs.image_latest_artifact}} | ||
image_latest_tag: ${{ steps.get-deployment-info.outputs.image_latest_tag }} | ||
image_version_artifact: ${{ steps.get-deployment-info.outputs.image_version_artifact}} | ||
image_version_tag: ${{ steps.get-deployment-info.outputs.image_version_tag }} | ||
short_sha: ${{ steps.get-deployment-info.outputs.short_sha }} | ||
gcp_project_name: ${{ steps.get-deployment-info.outputs.gcp_project_name}} | ||
gcp_project_number: ${{ steps.get-deployment-info.outputs.gcp_project_number}} | ||
gcp_region: ${{ steps.get-deployment-info.outputs.gcp_region}} | ||
gcp_resource_affix: ${{ steps.get-deployment-info.outputs.gcp_resource_affix}} | ||
gcp_service_name: ${{ steps.get-deployment-info.outputs.gcp_service_name}} | ||
version: ${{ steps.get-deployment-info.outputs.version }} | ||
revision_tag: ${{ steps.get-deployment-info.outputs.revision_tag }} | ||
revision_tag_slug: ${{ steps.get-deployment-info.outputs.revision_tag_slug }} | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
|
||
- name: Install poetry | ||
uses: snok/install-poetry@v1 | ||
|
||
- name: Get deployment info | ||
id: get-deployment-info | ||
uses: octue/[email protected] | ||
with: | ||
gcp_project_name: octue-sdk-python | ||
gcp_project_number: 437801218871 | ||
gcp_region: europe-west1 | ||
gcp_resource_affix: octue | ||
gcp_service_name: example-service-cloud-run | ||
|
||
build: | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 60 | ||
needs: info | ||
uses: octue/workflows/.github/workflows/deploy-cloud-run-service.yml@main | ||
permissions: | ||
id-token: write | ||
contents: read | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v2 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v2 | ||
|
||
- name: Authenticate with GCP Workload Identity | ||
id: auth | ||
uses: google-github-actions/auth@v2 | ||
with: | ||
# NOTE: If setting create_credentials_file=true, .dockerignore file must include `gha-creds-*.json` to avoid baking these credentials into build | ||
create_credentials_file: true | ||
workload_identity_provider: projects/${{ needs.info.outputs.gcp_project_number }}/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider | ||
service_account: github-actions@${{ needs.info.outputs.gcp_project_name }}.iam.gserviceaccount.com | ||
|
||
- name: Setup gcloud | ||
uses: "google-github-actions/setup-gcloud@v2" | ||
|
||
- name: Configure Docker for GCP | ||
run: gcloud auth configure-docker ${{ needs.info.outputs.gcp_region }}-docker.pkg.dev | ||
|
||
- name: Setup tmate session [DEBUG] | ||
if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled == 'true'}} | ||
uses: mxschmitt/action-tmate@v3 | ||
|
||
- name: Get default Octue Cloud Run Dockerfile | ||
run: wget https://raw.githubusercontent.com/octue/octue-sdk-python/main/octue/cloud/deployment/google/cloud_run/Dockerfile | ||
|
||
- name: Build and push container with latest and version tags | ||
# Note: We don't push containers with shas because we'd end up with terabytes in storage (an image for every commit) | ||
uses: docker/build-push-action@v2 | ||
with: | ||
context: . | ||
platforms: linux/amd64 | ||
file: ./Dockerfile | ||
push: true | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max | ||
tags: | | ||
${{ needs.info.outputs.image_version_artifact}} | ||
${{ needs.info.outputs.image_latest_artifact}} | ||
- name: Deploy to Cloud Run service | ||
id: deploy-service | ||
uses: google-github-actions/deploy-cloudrun@v2 | ||
with: | ||
env_vars: | | ||
OCTUE_SERVICE_NAMESPACE=${{ needs.info.outputs.gcp_resource_affix }} | ||
OCTUE_SERVICE_NAME=${{ needs.info.outputs.gcp_service_name }} | ||
OCTUE_SERVICE_REVISION_TAG=${{ needs.info.outputs.revision_tag }} | ||
COMPUTE_PROVIDER=GOOGLE_CLOUD_RUN | ||
service: ${{ needs.info.outputs.gcp_resource_affix }}-${{ needs.info.outputs.gcp_service_name }} | ||
image: ${{ needs.info.outputs.image_version_artifact }} | ||
region: ${{ needs.info.outputs.gcp_region }} | ||
tag: v${{ needs.info.outputs.revision_tag_slug }} | ||
flags: "--allow-unauthenticated" | ||
|
||
- name: Show deployed service URL | ||
run: echo "${{ steps.deploy-service.outputs.url }}" | ||
|
||
- name: Create service revision push subscription | ||
uses: octue/[email protected] | ||
with: | ||
project_name: ${{ needs.info.outputs.gcp_project_name }} | ||
service_namespace: ${{ needs.info.outputs.gcp_resource_affix }} | ||
service_name: ${{ needs.info.outputs.gcp_service_name }} | ||
service_revision_tag: ${{ needs.info.outputs.revision_tag }} | ||
push_endpoint: ${{ steps.deploy-service.outputs.url }} | ||
with: | ||
gcp_project_name: octue-sdk-python | ||
gcp_project_number: 437801218871 | ||
gcp_region: europe-west1 | ||
gcp_resource_affix: octue | ||
gcp_service_name: example-service-cloud-run | ||
cloud_run_flags: "--ingress=all --allow-unauthenticated" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
[tool.poetry] | ||
name = "example-service-cloud-run" | ||
version = "0.4.0" | ||
version = "0.4.1" | ||
description = "An example Octue service for deploying to Google Cloud Run." | ||
authors = ["Marcus Lugg <[email protected]>"] | ||
license = "MIT" | ||
|