fix(cignal-pin): code smell fixes, fix bug on message sending #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: GCP Cloud Run CI Prod | |
on: | |
push: | |
branches: | |
- main | |
env: | |
DEVELOPMENT_SYNC_BRANCH: development | |
PROJECT_ID: fpi-sms-api | |
REGISTRY: asia-east1-docker.pkg.dev | |
GHUB_REPO_NAME: fpi-load-api | |
SERVICE: fpi-load-api-v1 | |
REGION: asia-east1 | |
SONAR_PROJECT_KEY: vincejv_fpi-load-api | |
NATIVE_IMAGE_BUILDER: quay.io/quarkus/ubi-quarkus-mandrel-builder-image:22.3-java17 | |
SERVICE_CPU: 1000m | |
SERVICE_MEMORY: 512Mi | |
SERVICE_ENV: prod | |
jobs: | |
pre_job: | |
name: Duplicate checks | |
runs-on: ubuntu-latest | |
if: ${{ !contains(github.event.head_commit.message, 'docs-update(') }} # skip for commits containing 'docs-update(' | |
outputs: | |
should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
paths_result: ${{ steps.skip_check.outputs.paths_result }} | |
steps: | |
- name: Skip duplicate actions | |
id: skip_check | |
uses: fkirc/skip-duplicate-actions@v5 | |
with: | |
concurrent_skipping: outdated_runs | |
cancel_others: true | |
versioning: | |
name: Versioning | |
runs-on: ubuntu-latest | |
needs: pre_job | |
if: needs.pre_job.outputs.should_skip != 'true' | |
outputs: | |
new_tag: ${{ steps.tag_version.outputs.new_tag }} | |
changelog: ${{ steps.tag_version.outputs.changelog }} | |
service_image_path: ${{ steps.image_version.outputs.service_image_path }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Bump version and push tag | |
id: tag_version | |
uses: mathieudutour/[email protected] | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Prepare Docker image tag | |
id: image_version | |
run: | | |
echo "service_image_path=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }}:${{ steps.tag_version.outputs.new_tag }}" >> $GITHUB_OUTPUT | |
rebase_dev: | |
name: Sync development branch | |
runs-on: ubuntu-latest | |
needs: versioning | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.repository.default_branch }} | |
fetch-depth: 0 | |
- name: ReSync Branch | |
uses: Joao208/[email protected] | |
with: | |
PERSONAL_TOKEN: ${{ secrets.FPI_BOT_TOKEN }} | |
BRANCH_NAME: ${{ env.DEVELOPMENT_SYNC_BRANCH }} | |
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | |
code_quality_checks: | |
name: Code quality checks | |
runs-on: ubuntu-latest | |
needs: versioning | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v3 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Build and analyze | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=${{ env.SONAR_PROJECT_KEY }} -Dsonar.qualitygate.wait=true | |
github_release: | |
name: Perform Github release | |
runs-on: ubuntu-latest | |
needs: [ versioning, code_quality_checks ] | |
steps: | |
- name: Create a GitHub release | |
uses: ncipollo/release-action@v1 | |
with: | |
tag: ${{ needs.versioning.outputs.new_tag }} | |
name: Release ${{ needs.versioning.outputs.new_tag }} | |
body: ${{ needs.versioning.outputs.changelog }} | |
deploy_to_cloud: | |
name: Deploy to Cloud Run | |
runs-on: ubuntu-latest | |
needs: [ code_quality_checks, versioning ] | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
environment: Production | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 # for jgitver to generate the version | |
# - name: Set up Docker Buildx | |
# uses: docker/setup-buildx-action@v2 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
- name: Generate native image | |
run: mvn -B package -Pnative -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=${{ env.NATIVE_IMAGE_BUILDER }} | |
- name: Google Auth | |
id: gcp-auth | |
uses: google-github-actions/auth@v1 | |
with: | |
token_format: 'access_token' | |
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' | |
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' | |
- name: Login to Google Docker registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: 'oauth2accesstoken' | |
password: ${{ steps.gcp-auth.outputs.access_token }} | |
- name: Check Docker repository | |
id: repository_check | |
continue-on-error: true # will throw an error if repository does not exist | |
run: | | |
gcloud artifacts repositories describe ${{ env.GHUB_REPO_NAME }} --location ${{ env.REGION }} | |
- name: Create Docker repository | |
if: ${{ steps.repository_check.outcome == 'failure' }} # only create if previous step does not exist | |
run: | | |
gcloud artifacts repositories create ${{ env.GHUB_REPO_NAME }} --repository-format=docker --location ${{ env.REGION }} | |
# - name: Extract metadata (tags, labels) for Docker | |
# id: meta | |
# uses: docker/metadata-action@v4 | |
# with: | |
# images: ${{ needs.versioning.outputs.service_image_path }} | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
push: true | |
tags: | # ${{ steps.meta.outputs.tags }} - (For public repositories like docker hub) | |
${{ needs.versioning.outputs.service_image_path }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Deploy to cloud run | |
id: deploy | |
uses: google-github-actions/deploy-cloudrun@v1 | |
with: | |
service: ${{ env.SERVICE }} | |
region: ${{ env.REGION }} | |
image: ${{ needs.versioning.outputs.service_image_path }} | |
project_id: ${{ env.PROJECT_ID }} | |
flags: --cpu ${{ env.SERVICE_CPU }} --memory ${{ env.SERVICE_MEMORY }} --no-cpu-throttling | |
env_vars: | | |
DB_NAME=load-api-prod | |
OIDC_CLIENT_ID=${{ secrets.OIDC_CLIENT_ID }} | |
OIDC_AUTH_URL=${{ secrets.OIDC_AUTH_URL }} | |
GL_REWARDS_API=${{ secrets.GL_REWARDS_API }} | |
GL_APP_ID=${{ secrets.GL_APP_ID }} | |
DTONE_BASEURL=${{ secrets.DTONE_BASEURL }} | |
DTONE_APIKEY=${{ secrets.DTONE_APIKEY }} | |
DTONE_CALLBACK_URL=${{ secrets.DTONE_CALLBACK_URL }} | |
LOGIN_BASE_URI=${{ secrets.LOGIN_BASE_URI }} | |
SMS_BASE_URI=${{ secrets.SMS_BASE_URI }} | |
FPI_APP_TO_APP_USERN=${{ secrets.FPI_APP_TO_APP_USERN }} | |
USER_BASE_URI=${{ secrets.USER_BASE_URI }} | |
MSGR_API_BASE_URI=${{ secrets.MSGR_API_BASE_URI }} | |
TG_API_BASE_URI=${{ secrets.TG_API_BASE_URI }} | |
VIBER_API_BASE_URI=${{ secrets.VIBER_API_BASE_URI }} | |
secrets: | | |
MONGO_CONN_STRING=vbl_mongo_connection_string:latest | |
OIDC_SECRET=oidc_secret_keycloak:latest | |
GL_APP_SEC=gl_app_secret:latest | |
FPI_MO_WEBHOOK_KEY=fpi_mo_incoming_webook_key:latest | |
FPI_DLR_WEBHOOK_KEY=fpi_dlr_incoming_webhook_key:latest | |
FPI_GEN_WEBHOOK_KEY=fpi_gen_incoming_webhook_key:latest | |
DTONE_APISECRET=dtone_api_secret:latest | |
GL_APP_AMAX_TOKEN=gl_app_amax_token:latest | |
FPI_APP_TO_APP_PASSW=fpi_load_api_creds_secret_key:latest | |
labels: | | |
env=${{ env.SERVICE_ENV }} | |
- name: Configure cloud run | |
run: |- | |
gcloud run services add-iam-policy-binding ${{ env.SERVICE }} --member=allUsers --role=roles/run.invoker --region=${{ env.REGION }} | |
- name: Show Output | |
run: echo ${{ steps.deploy.outputs.url }} | |
deploy_to_central: | |
name: Release artifact to central | |
runs-on: ubuntu-latest | |
needs: deploy_to_cloud # only deploy to central if successfully deployed to cloud run environment | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
server-id: ossrh | |
server-username: MAVEN_USERNAME | |
server-password: MAVEN_PASSWORD | |
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
gpg-passphrase: MAVEN_GPG_PASSPHRASE | |
- name: Build and release to central repo | |
env: | |
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
run: mvn -B deploy -Dlib-only -Prelease-for-oss |