build(deps): bump com.abavilla:fpi-msgr-api from 1.6.3 to 1.6.4 #42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: GCP Cloud Run CI Prod | |
on: | |
push: | |
branches: | |
- main | |
env: | |
DEVELOPMENT_SYNC_BRANCH: development | |
PROJECT_ID: fpi-sms-api | |
REGISTRY: asia-east1-docker.pkg.dev | |
GHUB_REPO_NAME: fpi-load-api | |
SERVICE: fpi-load-api-v1 | |
REGION: asia-east1 | |
SONAR_PROJECT_KEY: vincejv_fpi-load-api | |
NATIVE_IMAGE_BUILDER: quay.io/quarkus/ubi-quarkus-mandrel-builder-image:22.3-java17 | |
SERVICE_CPU: 1000m | |
SERVICE_MEMORY: 512Mi | |
SERVICE_ENV: prod | |
jobs: | |
pre_job: | |
name: Duplicate checks | |
runs-on: ubuntu-latest | |
if: ${{ !contains(github.event.head_commit.message, 'docs-update(') }} # skip for commits containing 'docs-update(' | |
outputs: | |
should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
paths_result: ${{ steps.skip_check.outputs.paths_result }} | |
steps: | |
- name: Skip duplicate actions | |
id: skip_check | |
uses: fkirc/skip-duplicate-actions@v5 | |
with: | |
concurrent_skipping: outdated_runs | |
cancel_others: true | |
versioning: | |
name: Versioning | |
runs-on: ubuntu-latest | |
needs: pre_job | |
if: needs.pre_job.outputs.should_skip != 'true' | |
outputs: | |
new_tag: ${{ steps.tag_version.outputs.new_tag }} | |
changelog: ${{ steps.tag_version.outputs.changelog }} | |
service_image_path: ${{ steps.image_version.outputs.service_image_path }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Bump version and push tag | |
id: tag_version | |
uses: mathieudutour/[email protected] | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Prepare Docker image tag | |
id: image_version | |
run: | | |
echo "service_image_path=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }}:${{ steps.tag_version.outputs.new_tag }}" >> $GITHUB_OUTPUT | |
rebase_dev: | |
name: Sync development branch | |
runs-on: ubuntu-latest | |
needs: versioning | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.repository.default_branch }} | |
fetch-depth: 0 | |
- name: ReSync Branch | |
uses: Joao208/[email protected] | |
with: | |
PERSONAL_TOKEN: ${{ secrets.FPI_BOT_TOKEN }} | |
BRANCH_NAME: ${{ env.DEVELOPMENT_SYNC_BRANCH }} | |
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | |
code_quality_checks: | |
name: Code quality checks | |
runs-on: ubuntu-latest | |
needs: versioning | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v3 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Build and analyze | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=${{ env.SONAR_PROJECT_KEY }} -Dsonar.qualitygate.wait=true | |
github_release: | |
name: Perform Github release | |
runs-on: ubuntu-latest | |
needs: [ versioning, code_quality_checks ] | |
steps: | |
- name: Create a GitHub release | |
uses: ncipollo/release-action@v1 | |
with: | |
tag: ${{ needs.versioning.outputs.new_tag }} | |
name: Release ${{ needs.versioning.outputs.new_tag }} | |
body: ${{ needs.versioning.outputs.changelog }} | |
deploy_to_cloud: | |
name: Deploy to Cloud Run | |
runs-on: ubuntu-latest | |
needs: [ code_quality_checks, versioning ] | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
environment: Production | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # for jgitver to generate the version | |
# - name: Set up Docker Buildx | |
# uses: docker/setup-buildx-action@v2 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
- name: Generate native image | |
run: mvn -B package -Pnative -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=${{ env.NATIVE_IMAGE_BUILDER }} | |
- name: Google Auth | |
id: gcp-auth | |
uses: google-github-actions/auth@v1 | |
with: | |
token_format: 'access_token' | |
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' | |
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' | |
- name: Login to Google Docker registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: 'oauth2accesstoken' | |
password: ${{ steps.gcp-auth.outputs.access_token }} | |
- name: Check Docker repository | |
id: repository_check | |
continue-on-error: true # will throw an error if repository does not exist | |
run: | | |
gcloud artifacts repositories describe ${{ env.GHUB_REPO_NAME }} --location ${{ env.REGION }} | |
- name: Create Docker repository | |
if: ${{ steps.repository_check.outcome == 'failure' }} # only create if previous step does not exist | |
run: | | |
gcloud artifacts repositories create ${{ env.GHUB_REPO_NAME }} --repository-format=docker --location ${{ env.REGION }} | |
# - name: Extract metadata (tags, labels) for Docker | |
# id: meta | |
# uses: docker/metadata-action@v4 | |
# with: | |
# images: ${{ needs.versioning.outputs.service_image_path }} | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
push: true | |
tags: | # ${{ steps.meta.outputs.tags }} - (For public repositories like docker hub) | |
${{ needs.versioning.outputs.service_image_path }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Deploy to cloud run | |
id: deploy | |
uses: google-github-actions/deploy-cloudrun@v1 | |
with: | |
service: ${{ env.SERVICE }} | |
region: ${{ env.REGION }} | |
image: ${{ needs.versioning.outputs.service_image_path }} | |
project_id: ${{ env.PROJECT_ID }} | |
flags: | | |
--set-env-vars ^##^MONGO_CONN_STRING=${{ secrets.MONGO_CONN_STRING }} | |
--set-env-vars OIDC_CLIENT_ID=${{ secrets.OIDC_CLIENT_ID }} | |
--set-env-vars OIDC_AUTH_URL=${{ secrets.OIDC_AUTH_URL }} | |
--set-env-vars OIDC_SECRET=${{ secrets.OIDC_SECRET }} | |
--set-env-vars FPI_APP_TO_APP_USERN=${{ secrets.FPI_APP_TO_APP_USERN }} | |
--set-env-vars FPI_MO_WEBHOOK_KEY=${{ secrets.FPI_MO_WEBHOOK_KEY }} | |
--set-env-vars FPI_DLR_WEBHOOK_KEY=${{ secrets.FPI_DLR_WEBHOOK_KEY }} | |
--set-env-vars FPI_GEN_WEBHOOK_KEY=${{ secrets.FPI_GEN_WEBHOOK_KEY }} | |
--set-env-vars FPI_APP_TO_APP_PASSW=${{ secrets.FPI_APP_TO_APP_PASSW }} | |
--set-env-vars USER_BASE_URI=${{ secrets.USER_BASE_URI }} | |
--set-env-vars LOGIN_BASE_URI=${{ secrets.LOGIN_BASE_URI }} | |
--set-env-vars GL_REWARDS_API=${{ secrets.GL_REWARDS_API }} | |
--set-env-vars GL_APP_ID=${{ secrets.GL_APP_ID }} | |
--set-env-vars DTONE_BASEURL=${{ secrets.DTONE_BASEURL }} | |
--set-env-vars DTONE_APIKEY=${{ secrets.DTONE_APIKEY }} | |
--set-env-vars DTONE_CALLBACK_URL=${{ secrets.DTONE_CALLBACK_URL }} | |
--set-env-vars SMS_BASE_URI=${{ secrets.SMS_BASE_URI }} | |
--set-env-vars MSGR_API_BASE_URI=${{ secrets.MSGR_API_BASE_URI }} | |
--set-env-vars TG_API_BASE_URI=${{ secrets.TG_API_BASE_URI }} | |
--set-env-vars VIBER_API_BASE_URI=${{ secrets.VIBER_API_BASE_URI }} | |
--set-env-vars GL_APP_SEC=${{ secrets.GL_APP_SEC }} | |
--set-env-vars DTONE_APISECRET=${{ secrets.DTONE_APISECRET }} | |
--set-env-vars GL_APP_AMAX_TOKEN=${{ secrets.GL_APP_AMAX_TOKEN }} | |
--set-env-vars DB_NAME=load-api-prod | |
--cpu ${{ env.SERVICE_CPU }} | |
--memory ${{ env.SERVICE_MEMORY }} | |
--no-cpu-throttling | |
labels: | | |
env=${{ env.SERVICE_ENV }} | |
- name: Configure cloud run | |
run: |- | |
gcloud run services add-iam-policy-binding ${{ env.SERVICE }} --member=allUsers --role=roles/run.invoker --region=${{ env.REGION }} | |
- name: Show Output | |
run: echo ${{ steps.deploy.outputs.url }} | |
deploy_to_central: | |
name: Release artifact to central | |
runs-on: ubuntu-latest | |
needs: deploy_to_cloud # only deploy to central if successfully deployed to cloud run environment | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
server-id: ossrh | |
server-username: MAVEN_USERNAME | |
server-password: MAVEN_PASSWORD | |
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
gpg-passphrase: MAVEN_GPG_PASSPHRASE | |
- name: Build and release to central repo | |
env: | |
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
run: mvn -B deploy -Dlib-only -Prelease-for-oss | |
gcr-cleaner: | |
name: Clean-up old artifact registry images | |
needs: deploy_to_cloud | |
runs-on: 'ubuntu-latest' | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Google Auth | |
id: gcp-auth | |
uses: google-github-actions/auth@v1 | |
with: | |
token_format: 'access_token' | |
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' | |
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' | |
- name: Login to Google Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: 'oauth2accesstoken' | |
password: ${{ steps.gcp-auth.outputs.access_token }} | |
- name: Run GCR Cleaner | |
uses: docker://us-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli | |
with: | |
args: >- | |
-repo=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }} | |
-tag-filter-any "." | |
-keep=1 | |
-recursive=true |