|
| 1 | +# This workflow builds and pushes Docker containers to Google Artifact Registry |
| 2 | +# and deploys both backend and frontend on Cloud Run when a commit is pushed to the "production" |
| 3 | +# branch. |
| 4 | + |
| 5 | +name: 'Build and Deploy QueryPal to Cloud Run' |
| 6 | + |
| 7 | +on: |
| 8 | + push: |
| 9 | + branches: |
| 10 | + - 'production' |
| 11 | + workflow_dispatch: |
| 12 | + |
| 13 | +env: |
| 14 | + PROJECT_ID: 'gen-lang-client-0698668474' |
| 15 | + REGION: 'europe-west1' |
| 16 | + BACKEND_SERVICE: 'querypal-backend' |
| 17 | + FRONTEND_SERVICE: 'querypal-frontend' |
| 18 | + WORKLOAD_IDENTITY_PROVIDER: 'projects/gen-lang-client-0698668474/locations/global/workloadIdentityPools/github-actions-pool/providers/github-provider' |
| 19 | + |
| 20 | +jobs: |
| 21 | + deploy: |
| 22 | + runs-on: 'ubuntu-latest' |
| 23 | + |
| 24 | + permissions: |
| 25 | + contents: 'read' |
| 26 | + id-token: 'write' |
| 27 | + |
| 28 | + steps: |
| 29 | + - name: 'Checkout' |
| 30 | + uses: 'actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332' # actions/checkout@v4 |
| 31 | + |
| 32 | + # Configure Workload Identity Federation and generate an access token. |
| 33 | + - id: 'auth' |
| 34 | + name: 'Authenticate to Google Cloud' |
| 35 | + uses: 'google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2' # google-github-actions/auth@v2 |
| 36 | + with: |
| 37 | + workload_identity_provider: '${{ env.WORKLOAD_IDENTITY_PROVIDER }}' |
| 38 | + |
| 39 | + # BEGIN - Docker auth and build |
| 40 | + - name: 'Docker Auth' |
| 41 | + uses: 'docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567' # docker/login-action@v3 |
| 42 | + with: |
| 43 | + username: 'oauth2accesstoken' |
| 44 | + password: '${{ steps.auth.outputs.auth_token }}' |
| 45 | + registry: '${{ env.REGION }}-docker.pkg.dev' |
| 46 | + |
| 47 | + # Build and Push Backend Container |
| 48 | + - name: 'Build and Push Backend Container' |
| 49 | + run: |- |
| 50 | + cd backend |
| 51 | + DOCKER_TAG="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.BACKEND_SERVICE }}:${{ github.sha }}" |
| 52 | + docker build --tag "${DOCKER_TAG}" --platform linux/amd64 . |
| 53 | + docker push "${DOCKER_TAG}" |
| 54 | +
|
| 55 | + # Deploy Backend to Cloud Run |
| 56 | + - id: 'deploy-backend' |
| 57 | + name: 'Deploy Backend to Cloud Run' |
| 58 | + uses: 'google-github-actions/deploy-cloudrun@33553064113a37d688aa6937bacbdc481580be17' # google-github-actions/deploy-cloudrun@v2 |
| 59 | + with: |
| 60 | + service: '${{ env.BACKEND_SERVICE }}' |
| 61 | + region: '${{ env.REGION }}' |
| 62 | + image: '${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.BACKEND_SERVICE }}:${{ github.sha }}' |
| 63 | + env_vars: | |
| 64 | + AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }} |
| 65 | + AZURE_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }} |
| 66 | + AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }} |
| 67 | + ARM_SCOPE=https://management.azure.com/.default |
| 68 | + GEMINI_API_KEY=${{ secrets.GEMINI_API_KEY }} |
| 69 | + DB_USER=${{ secrets.DB_USER }} |
| 70 | + DB_PASS=${{ secrets.DB_PASS }} |
| 71 | + DB_NAME=querypal |
| 72 | + DB_UNIX_SOCKET=/cloudsql/gen-lang-client-0698668474:europe-west1:querypal-db |
| 73 | + flags: | |
| 74 | + --port=8000 |
| 75 | + --add-cloudsql-instances=gen-lang-client-0698668474:europe-west1:querypal-db |
| 76 | + --allow-unauthenticated |
| 77 | +
|
| 78 | + # Build and Push Frontend Container |
| 79 | + - name: 'Build and Push Frontend Container' |
| 80 | + run: |- |
| 81 | + cd frontend |
| 82 | + DOCKER_TAG="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.FRONTEND_SERVICE }}:${{ github.sha }}" |
| 83 | + docker build --tag "${DOCKER_TAG}" --platform linux/amd64 \ |
| 84 | + --build-arg VITE_API_BASE_URL=${{ steps.deploy-backend.outputs.url }} \ |
| 85 | + --build-arg VITE_AZURE_REDIRECT_URI=https://${{ env.FRONTEND_SERVICE }}-zynyyoxona-ew.a.run.app \ |
| 86 | + . |
| 87 | + docker push "${DOCKER_TAG}" |
| 88 | +
|
| 89 | + # Deploy Frontend to Cloud Run |
| 90 | + - id: 'deploy-frontend' |
| 91 | + name: 'Deploy Frontend to Cloud Run' |
| 92 | + uses: 'google-github-actions/deploy-cloudrun@33553064113a37d688aa6937bacbdc481580be17' # google-github-actions/deploy-cloudrun@v2 |
| 93 | + with: |
| 94 | + service: '${{ env.FRONTEND_SERVICE }}' |
| 95 | + region: '${{ env.REGION }}' |
| 96 | + image: '${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.FRONTEND_SERVICE }}:${{ github.sha }}' |
| 97 | + env_vars: | |
| 98 | + PORT=4000 |
| 99 | + flags: | |
| 100 | + --port=4000 |
| 101 | + --allow-unauthenticated |
| 102 | +
|
| 103 | + # Show output URLs |
| 104 | + - name: 'Show deployment URLs' |
| 105 | + run: |- |
| 106 | + echo "Backend URL: ${{ steps.deploy-backend.outputs.url }}" |
| 107 | + echo "Frontend URL: ${{ steps.deploy-frontend.outputs.url }}" |
0 commit comments