Development #277
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: GCP Cloud Run CI Dev | |
on: | |
pull_request: | |
types: [ opened, synchronize, reopened ] | |
env: | |
PROJECT_ID: fpi-sms-api | |
REGISTRY: asia-east1-docker.pkg.dev | |
GHUB_REPO_NAME: fpi-load-api | |
SERVICE: fpi-load-api-dev | |
REGION: asia-east1 | |
SONAR_PROJECT_KEY: vincejv_fpi-load-api | |
SERVICE_CPU: 1000m | |
SERVICE_MEMORY: 512Mi | |
SERVICE_ENV: dev | |
jobs: | |
pre_job: | |
name: Duplicate checks | |
runs-on: ubuntu-latest | |
if: ${{ !contains(github.event.head_commit.message, 'docs-update(') }} # skip for commits containing 'docs-update(' | |
outputs: | |
should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
paths_result: ${{ steps.skip_check.outputs.paths_result }} | |
steps: | |
- name: Skip duplicate actions | |
id: skip_check | |
uses: fkirc/skip-duplicate-actions@v5 | |
with: | |
concurrent_skipping: outdated_runs | |
cancel_others: true | |
code_quality_checks: | |
name: Code quality checks | |
runs-on: ubuntu-latest | |
needs: pre_job | |
if: needs.pre_job.outputs.should_skip != 'true' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v3 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Build and analyze | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=${{ env.SONAR_PROJECT_KEY }} -Dsonar.qualitygate.wait=true -Pallow-snapshots | |
deploy_to_cloud: | |
name: Deploy to Cloud Run | |
runs-on: ubuntu-latest | |
needs: code_quality_checks | |
outputs: | |
artifact_version: ${{ steps.gen_ver.outputs.artifact_version }} | |
service_image_path: ${{ steps.image_version.outputs.service_image_path }} | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
environment: Development | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # for jgitver to generate the version | |
# - name: Set up Docker Buildx | |
# uses: docker/setup-buildx-action@v2 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
- name: Prepare artifact version | |
id: gen_ver | |
run: | | |
echo "artifact_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT | |
- name: Prepare Docker image tag | |
id: image_version | |
run: | | |
echo "service_image_path=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }}:${{ steps.gen_ver.outputs.artifact_version }}" >> $GITHUB_OUTPUT | |
- name: Create JVM package | |
run: mvn -B package -Pallow-snapshots | |
- name: Google Auth | |
id: gcp-auth | |
uses: google-github-actions/auth@v1 | |
with: | |
token_format: 'access_token' | |
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' | |
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' | |
- name: Login to Google Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: 'oauth2accesstoken' | |
password: ${{ steps.gcp-auth.outputs.access_token }} | |
- name: Check Docker repository | |
id: repository_check | |
continue-on-error: true # will throw an error if repository does not exist | |
run: | | |
gcloud artifacts repositories describe ${{ env.GHUB_REPO_NAME }} --location ${{ env.REGION }} | |
- name: Create Docker repository | |
if: ${{ steps.repository_check.outcome == 'failure' }} # only create if previous step does not exist | |
run: | | |
gcloud artifacts repositories create ${{ env.GHUB_REPO_NAME }} --repository-format=docker --location ${{ env.REGION }} | |
# - name: Extract metadata (tags, labels) for Docker | |
# id: meta | |
# uses: docker/metadata-action@v4 | |
# with: | |
# images: ${{ steps.image_version.outputs.service_image_path }} | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: Dockerfile.dev | |
push: true | |
tags: | # ${{ steps.meta.outputs.tags }} - (For public repositories like docker hub) | |
${{ steps.image_version.outputs.service_image_path }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Deploy to cloud run | |
id: deploy | |
uses: google-github-actions/deploy-cloudrun@v1 | |
with: | |
service: ${{ env.SERVICE }} | |
region: ${{ env.REGION }} | |
image: ${{ steps.image_version.outputs.service_image_path }} | |
project_id: ${{ env.PROJECT_ID }} | |
flags: | | |
--set-env-vars ^##^MONGO_CONN_STRING=${{ secrets.MONGO_CONN_STRING }} | |
--set-env-vars OIDC_CLIENT_ID=${{ secrets.OIDC_CLIENT_ID }} | |
--set-env-vars OIDC_AUTH_URL=${{ secrets.OIDC_AUTH_URL }} | |
--set-env-vars OIDC_SECRET=${{ secrets.OIDC_SECRET }} | |
--set-env-vars FPI_APP_TO_APP_USERN=${{ secrets.FPI_APP_TO_APP_USERN }} | |
--set-env-vars FPI_MO_WEBHOOK_KEY=${{ secrets.FPI_MO_WEBHOOK_KEY }} | |
--set-env-vars FPI_DLR_WEBHOOK_KEY=${{ secrets.FPI_DLR_WEBHOOK_KEY }} | |
--set-env-vars FPI_GEN_WEBHOOK_KEY=${{ secrets.FPI_GEN_WEBHOOK_KEY }} | |
--set-env-vars FPI_APP_TO_APP_PASSW=${{ secrets.FPI_APP_TO_APP_PASSW }} | |
--set-env-vars USER_BASE_URI=${{ secrets.USER_BASE_URI }} | |
--set-env-vars LOGIN_BASE_URI=${{ secrets.LOGIN_BASE_URI }} | |
--set-env-vars GL_REWARDS_API=${{ secrets.GL_REWARDS_API }} | |
--set-env-vars GL_APP_ID=${{ secrets.GL_APP_ID }} | |
--set-env-vars DTONE_BASEURL=${{ secrets.DTONE_BASEURL }} | |
--set-env-vars DTONE_APIKEY=${{ secrets.DTONE_APIKEY }} | |
--set-env-vars DTONE_CALLBACK_URL=${{ secrets.DTONE_CALLBACK_URL }} | |
--set-env-vars SMS_BASE_URI=${{ secrets.SMS_BASE_URI }} | |
--set-env-vars MSGR_API_BASE_URI=${{ secrets.MSGR_API_BASE_URI }} | |
--set-env-vars TG_API_BASE_URI=${{ secrets.TG_API_BASE_URI }} | |
--set-env-vars VIBER_API_BASE_URI=${{ secrets.VIBER_API_BASE_URI }} | |
--set-env-vars GL_APP_SEC=${{ secrets.GL_APP_SEC }} | |
--set-env-vars DTONE_APISECRET=${{ secrets.DTONE_APISECRET }} | |
--set-env-vars GL_APP_AMAX_TOKEN=${{ secrets.GL_APP_AMAX_TOKEN }} | |
--set-env-vars DB_NAME=load-api-dev | |
--cpu ${{ env.SERVICE_CPU }} | |
--memory ${{ env.SERVICE_MEMORY }} | |
--timeout 900 | |
--no-cpu-throttling | |
labels: | | |
env=${{ env.SERVICE_ENV }} | |
- name: Configure cloud run | |
run: |- | |
gcloud run services add-iam-policy-binding ${{ env.SERVICE }} --member=allUsers --role=roles/run.invoker --region=${{ env.REGION }} | |
- name: Show Output | |
run: echo ${{ steps.deploy.outputs.url }} | |
deploy_to_central: | |
name: Release artifact to central | |
runs-on: ubuntu-latest | |
needs: deploy_to_cloud # only deploy to central if successfully deployed to cloud run environment | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
server-id: ossrh | |
server-username: MAVEN_USERNAME | |
server-password: MAVEN_PASSWORD | |
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
gpg-passphrase: MAVEN_GPG_PASSPHRASE | |
- name: Build and release to central repo | |
env: | |
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
run: mvn -B deploy -Dlib-only -P release-for-oss,allow-snapshots | |
pr_update: | |
name: Pull request update | |
if: always() | |
needs: [ pre_job, deploy_to_cloud ] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
pull-requests: write # allows job to decorate PRs with analysis results | |
steps: | |
- name: Update PR (Skip message) | |
uses: marocchino/sticky-pull-request-comment@v2 | |
if: ${{ always() && needs.pre_job.outputs.should_skip == 'true' }} | |
with: | |
message: | | |
⚪ Skipped CI/CD as deployment was done in a previous job | |
- name: Update PR (Success message) | |
uses: marocchino/sticky-pull-request-comment@v2 | |
if: ${{ always() && needs.pre_job.outputs.should_skip != 'true' && needs.deploy_to_cloud.outputs.artifact_version != '' }} | |
with: | |
message: | | |
✅ Deployed to DEV environment: `${{ needs.deploy_to_cloud.outputs.artifact_version }}` | |
#### Add to your POM | |
```xml | |
<dependency> | |
<groupId>com.abavilla</groupId> | |
<artifactId>${{ env.GHUB_REPO_NAME }}-lib</artifactId> | |
<version>${{ needs.deploy_to_cloud.outputs.artifact_version }}</version> | |
</dependency> | |
``` | |
- name: Update PR (Failure message) | |
uses: marocchino/sticky-pull-request-comment@v2 | |
if: ${{ always() && needs.pre_job.outputs.should_skip != 'true' && needs.deploy_to_cloud.outputs.artifact_version == '' }} | |
with: | |
message: | | |
❌ CI Build & Deployment failed, please check the [logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details | |
gcr-cleaner: | |
name: Clean-up old artifact registry images | |
needs: deploy_to_cloud | |
runs-on: 'ubuntu-latest' | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Google Auth | |
id: gcp-auth | |
uses: google-github-actions/auth@v1 | |
with: | |
token_format: 'access_token' | |
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' | |
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' | |
- name: Login to Google Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: 'oauth2accesstoken' | |
password: ${{ steps.gcp-auth.outputs.access_token }} | |
- name: Run GCR Cleaner | |
uses: docker://us-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli | |
with: | |
args: >- | |
-repo=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }} | |
-tag-filter-any "." | |
-keep=1 | |
-recursive=true |