Liquibase Manual Deploy Action (#687) #737
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy | |
on: | |
# Building on manual dispatch, and pushes to dev / main. But restricting | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
- dev | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
env: | |
DOCKER_BUILDKIT: 1 | |
BUILDKIT_PROGRESS: plain | |
CLOUDSDK_CORE_DISABLE_PROMPTS: 1 | |
# used for generating API | |
SM_DOCKER: australia-southeast1-docker.pkg.dev/sample-metadata/images/server:${{ github.sha }} | |
defaults: | |
run: | |
shell: bash -eo pipefail -l {0} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: "google-cloud-auth" | |
name: "Authenticate to Google Cloud" | |
uses: "google-github-actions/auth@v1" | |
with: | |
workload_identity_provider: "projects/774248915715/locations/global/workloadIdentityPools/gh-deploy-pool/providers/gh-provider" | |
service_account: "[email protected]" | |
- id: "google-cloud-sdk-setup" | |
name: "Set up Cloud SDK" | |
uses: google-github-actions/setup-gcloud@v1 | |
- name: "gcloud docker auth" | |
run: | | |
gcloud auth configure-docker australia-southeast1-docker.pkg.dev | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- uses: actions/setup-java@v3 | |
with: | |
distribution: "temurin" # See 'Supported distributions' for available options | |
java-version: "17" | |
- name: Setup build env | |
run: | | |
pip install -r requirements-dev.txt | |
pip install -r requirements.txt | |
wget https://repo1.maven.org/maven2/org/openapitools/openapi-generator-cli/5.3.0/openapi-generator-cli-5.3.0.jar -O openapi-generator-cli.jar | |
- name: prepare-deployment | |
run: | | |
if [[ $GITHUB_REF == 'refs/heads/main' ]]; then | |
echo DEPLOYMENT_TYPE=prod >> $GITHUB_ENV | |
echo SM_ENVIRONMENT=production >> $GITHUB_ENV | |
else | |
echo DEPLOYMENT_TYPE=dev >> $GITHUB_ENV | |
echo SM_ENVIRONMENT=development >> $GITHUB_ENV | |
pip install bump2version | |
# add | |
bump2version patch \ | |
--no-commit --allow-dirty \ | |
--new-version $(cat deploy/python/version.txt)dev$(echo $(git rev-parse HEAD) | cut -c1-7) | |
fi | |
# we have to build the image first without the web files to | |
# generate the openapi file to then generate the documentation | |
- name: "build image" | |
run: | | |
docker build \ | |
--build-arg SM_ENVIRONMENT=$SM_ENVIRONMENT \ | |
--tag $SM_DOCKER \ | |
-f deploy/api/Dockerfile \ | |
. | |
- name: "build deployable API" | |
run: | | |
export OPENAPI_COMMAND="java -jar openapi-generator-cli.jar" | |
python regenerate_api.py | |
ls -lGh metamist | |
# also copies build artifacts to api/public | |
- name: "build web front-end" | |
run: | | |
set -eo pipefail | |
pushd web | |
# installs package-lock, not what it thinks it should be | |
npm ci | |
npm run build | |
popd | |
# rebuild docker image now that front-end files are in the right place | |
- name: "build image II" | |
run: | | |
docker build --tag $SM_DOCKER -f deploy/api/Dockerfile . | |
- name: Build python package | |
run: python setup.py sdist | |
- name: "push server image" | |
run: | | |
docker push $SM_DOCKER | |
- name: "deploy to Cloud Run" | |
run: | | |
if [[ $GITHUB_REF == 'refs/heads/main' ]]; then | |
gcloud_deploy_name=sample-metadata-api | |
else | |
gcloud_deploy_name=sample-metadata-api-dev | |
fi | |
gcloud run deploy \ | |
$gcloud_deploy_name --image $SM_DOCKER \ | |
--region australia-southeast1 --no-allow-unauthenticated \ | |
--platform managed | |
- name: Publish package | |
if: github.ref == 'refs/heads/main' | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
user: __token__ | |
password: ${{ secrets.PYPI_API_TOKEN }} | |
packages-dir: dist/ | |
skip-existing: true |