-
Notifications
You must be signed in to change notification settings - Fork 2
162 lines (141 loc) · 5.95 KB
/
build-deploy-backend-gcp.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
name: Build and deploy backend to GCP
on:
workflow_dispatch:
inputs:
commit_sha:
description: 'Commit hash to deploy'
default: ''
type: string
dev:
description: 'Deploy to dev'
required: true
type: boolean
prod:
description: 'Deploy to prod'
required: true
type: boolean
push:
paths-ignore:
- frontend**
- .sikkerhet**
- compose.yaml
- README**
branches:
- staging
env:
REGION: europe-north1
DB_URL: 'jdbc:postgresql://regelrett-db:5432/regelrett'
GCP_PROVIDER_URL: https://regelrett-frontend-1024826672490.europe-north1.run.app/api/callback
FRONTEND_URL_HOST: regelrett-frontend-1024826672490.europe-north1.run.app
SIKKERHETSKONTROLLER_WEBHOOK_ID: "ach2vlnWcdxY8Cl3k"
DRIFTSKONTINUITET_WEBHOOK_ID: "achCxVfK6DaWMhchX"
jobs:
build-and-push:
name: Build and push docker image to GAR
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- name: Set repository name
run: echo "IMAGE_NAME=$(echo '${{ github.repository }}' | cut -d'/' -f2)-backend" >> $GITHUB_ENV
- name: Set Docker image URL
run: echo "IMAGE_URL=${{ env.REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/regelrett-artifact-registry/${{ env.IMAGE_NAME }}:latest" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'
architecture: 'x64'
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
- name: Execute Gradle build
working-directory: backend
run: ./gradlew shadowJar
- name: Authenticate to Google Cloud
id: auth
uses: "google-github-actions/auth@v2"
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
- name: "Docker auth"
run: |-
gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev --quiet
- name: Build docker image
working-directory: backend
run: |
docker build -t ${{ env.IMAGE_URL }} .
- name: Push Docker image to GAR
run: |
docker push ${{ env.IMAGE_URL }}
deploy-to-gcp-vm:
name: Build and push docker image to GAR
needs: build-and-push
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set repository name
run: echo "IMAGE_NAME=$(echo '${{ github.repository }}' | cut -d'/' -f2)-backend" >> $GITHUB_ENV
- name: Set Docker image URL
run: echo "IMAGE_URL=${{ env.REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/regelrett-artifact-registry/${{ env.IMAGE_NAME }}:latest" >> $GITHUB_ENV
- name: Debug env variables
run: |
echo "IMAGE_NAME is: ${{ env.IMAGE_NAME }}"
echo "IMAGE_URL IS: ${{ env.IMAGE_URL }}"
- name: Set up Node.js 20
uses: actions/setup-node@v3
with:
node-version: '20'
- name: Authenticate to Google Cloud
id: auth
uses: "google-github-actions/auth@v2"
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
- name: Login to GAR
uses: docker/login-action@v3
with:
registry: ${{ env.REGION }}-docker.pkg.dev
username: _json_key
password: ${{ secrets.GCP_SA_KEY }}
- name: SSH into VM and deploy container
run: |
gcloud compute ssh regelrett-backend-vm --zone ${{ env.REGION }}-b --project ${{ secrets.GCP_PROJECT_ID }} --command "
sudo gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev --quiet &&
sudo docker stop $(sudo docker ps -a -q) || true &&
sudo docker rm $(sudo docker ps -a -q) || true &&
sudo docker network rm container_network || true &&
sudo docker image prune -f || true &&
sudo docker network create container_network &&
sudo docker run --name regelrett-db --network container_network -it \
-e POSTGRES_PASSWORD=pwd \
-e POSTGRES_USER=postgres \
-e POSTGRES_DB=regelrett \
-p 5432:5432 -d postgres:15.4
sudo docker pull '${{ env.REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/regelrett-artifact-registry/${{ env.IMAGE_NAME }}:latest' &&
sudo docker stop '${{ env.IMAGE_NAME }}' || true &&
sudo docker rm '${{ env.IMAGE_NAME }}' || true &&
sudo docker run -d --name '${{ env.IMAGE_NAME }}' --network container_network -p 8080:8080 \
-e AIRTABLE_ACCESS_TOKEN=${{ secrets.AIRTABLE_ACCESS_TOKEN }} \
-e CLIENT_ID=${{ secrets.ENTRA_CLIENT_ID }} \
-e TENANT_ID=${{ secrets.ENTRA_TENANT_ID }} \
-e CLIENT_SECRET=${{ secrets.ENTRA_CLIENT_SECRET }} \
-e DB_URL='${{ env.DB_URL }}' \
-e AUTH_PROVIDER_URL=${{ env.GCP_PROVIDER_URL }} \
-e KEYSTORE_PASSWORD=${{ secrets.KEYSTORE_PASSWORD }} \
-e FRONTEND_URL_HOST=${{ env.FRONTEND_URL_HOST }} \
-e SIKKERHETSKONTROLLER_WEBHOOK_ID=${{ env.SIKKERHETSKONTROLLER_WEBHOOK_ID }} \
-e DRIFTSKONTINUITET_WEBHOOK_ID=${{ env.DRIFTSKONTINUITET_WEBHOOK_ID }} \
-e SIKKERHETSKONTROLLER_WEBHOOK_SECRET=${{ secrets.SIKKERHETSKONTROLLER_WEBHOOK_SECRET_GCP }} \
-e DRIFTSKONTINUITET_WEBHOOK_SECRET=${{ secrets.DRIFTSKONTINUITET_WEBHOOK_SECRET_GCP }} \
-v /etc/regelrett/keystore/keystore.jks:/etc/regelrett/keystore/keystore.jks:ro \
'${{ env.IMAGE_URL }}'
"