-
Notifications
You must be signed in to change notification settings - Fork 33
134 lines (122 loc) · 4.93 KB
/
push_test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: Push Testing for Cloud Run
on:
push:
branches:
- feat/cloud_run
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
PROJECT_ID: policyengine-api
SERVICE_NAME: policyengine-api-cloud-run-test
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
# Temporarily disable
# lint:
# runs-on: ubuntu-latest
# if: |
# (github.repository == 'PolicyEngine/policyengine-uk')
# && (github.event.head_commit.message == 'Update PolicyEngine API')
# steps:
# - name: Checkout repo
# uses: actions/checkout@v3
# - name: Check formatting
# uses: "lgeiger/black-action@master"
# with:
# args: ". -l 79 --check"
# versioning:
# name: Update versioning
# if: |
# (github.repository == 'PolicyEngine/policyengine-api')
# && !(github.event.head_commit.message == 'Update PolicyEngine API')
# runs-on: ubuntu-latest
# steps:
# - name: Checkout repo
# uses: actions/checkout@v3
# with:
# repository: ${{ github.event.pull_request.head.repo.full_name }}
# ref: ${{ github.event.pull_request.head.ref }}
# token: ${{ secrets.POLICYENGINE_GITHUB }}
# - name: Setup Python
# uses: actions/setup-python@v5
# with:
# python-version: "3.10"
# - name: Build changelog
# run: pip install yaml-changelog && make changelog
# - name: Preview changelog update
# run: ".github/get-changelog-diff.sh"
# - name: Update changelog
# uses: EndBug/add-and-commit@v9
# with:
# add: "."
# committer_name: Github Actions[bot]
# author_name: Github Actions[bot]
# message: Update PolicyEngine API
deploy:
name: Deploy API to Cloud Run
runs-on: ubuntu-latest
if: |
(github.repository == 'PolicyEngine/policyengine-api')
&& (github.event.head_commit.message == 'Update PolicyEngine API')
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push Docker image
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Setup Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
with:
project_id: ${{ env.PROJECT_ID }}
service_account_key: ${{ secrets.GCP_SA_KEY }}
- name: Prepare service.yaml
run: |
sed -i 's|${SERVICE_NAME}|${{ env.SERVICE_NAME }}|g' service.yaml
sed -i 's|${REGISTRY}|${{ env.REGISTRY }}|g' service.yaml
sed -i 's|${IMAGE_NAME}|${{ env.IMAGE_NAME }}|g' service.yaml
sed -i 's|${IMAGE_TAG}|${{ github.sha }}|g' service.yaml
- name: Deploy to Cloud Run
run: |
gcloud run services replace service.yaml \
--platform managed \
--region us-central1
- name: Set up secrets in Secret Manager
run: |
echo "${{ secrets.POLICYENGINE_DB_PASSWORD }}" | gcloud secrets create policyengine-db-password --data-file=- || gcloud secrets versions add policyengine-db-password --data-file=-
echo "${{ secrets.POLICYENGINE_GITHUB_MICRODATA_AUTH_TOKEN }}" | gcloud secrets create policyengine-github-microdata-auth-token --data-file=- || gcloud secrets versions add policyengine-github-microdata-auth-token --data-file=-
echo "${{ secrets.ANTHROPIC_API_KEY }}" | gcloud secrets create anthropic-api-key --data-file=- || gcloud secrets versions add anthropic-api-key --data-file=-
echo "${{ secrets.OPENAI_API_KEY }}" | gcloud secrets create openai-api-key --data-file=- || gcloud secrets versions add openai-api-key --data-file=-
# Temporary disable
# docker:
# name: Docker
# runs-on: ubuntu-latest
# steps:
# - name: Checkout repo
# uses: actions/checkout@v3
# - name: Log in to the Container registry
# uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
# with:
# registry: ghcr.io
# username: ${{ github.actor }}
# password: ${{ secrets.POLICYENGINE_DOCKER }}
# - name: Build container
# run: docker build -t ghcr.io/policyengine/policyengine docker
# - name: Push container
# run: docker push ghcr.io/policyengine/policyengine