benefit-decision-toolkit/.github/workflows/deploy-builder-api.yml at e96e017e860173b29c82703915a72ad36e59aabb · CodeForPhilly/benefit-decision-toolkit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# This workflow build and push a Docker container to Google Artifact Registry
# and deploy it on Cloud Run when a commit is pushed to the "main"
# branch.
#
# To configure this workflow:
#
# 1. Enable the following Google Cloud APIs:
#
#    - Artifact Registry (artifactregistry.googleapis.com)
#    - Cloud Run (run.googleapis.com)
#    - IAM Credentials API (iamcredentials.googleapis.com)
#
#    You can learn more about enabling APIs at
#    https://support.google.com/googleapi/answer/6158841.
#
# 2. Create and configure a Workload Identity Provider for GitHub:
#    https://github.com/google-github-actions/auth#preferred-direct-workload-identity-federation.
#
#    Depending on how you authenticate, you will need to grant an IAM principal
#    permissions on Google Cloud:
#
#    - Artifact Registry Administrator (roles/artifactregistry.admin)
#    - Cloud Run Developer (roles/run.developer)
#
#    You can learn more about setting IAM permissions at
#    https://cloud.google.com/iam/docs/manage-access-other-resources
#
# 3. Change the values in the "env" block to match your values.

name: 'Build and Deploy to Cloud Run'

on:
  push:
    branches:
      - main
    # paths:
    #   - 'builder-api/**'

env:
  PROJECT_ID: 'benefit-decision-toolkit-play'
  REGION: 'us-central1'
  SERVICE: 'benefit-decision-toolkit-play'
  API_NAME: 'builder-api'
  WORKLOAD_IDENTITY_PROVIDER: 'projects/1034049717668/locations/global/workloadIdentityPools/github-actions-google-cloud/providers/github'

jobs:
  deploy:
    runs-on: 'ubuntu-latest'

    permissions:
      contents: 'read'
      id-token: 'write'

    steps:
      - name: 'Checkout'
        uses: 'actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332' # actions/checkout@v4


      # Configure Workload Identity Federation and generate an access token.
      #
      # See https://github.com/google-github-actions/auth for more options,
      # including authenticating via a JSON credentials file.
      - id: 'auth'
        name: 'Authenticate to Google Cloud'
        uses: 'google-github-actions/auth@v2'
        with:
          workload_identity_provider: '${{ env.WORKLOAD_IDENTITY_PROVIDER }}'
          service_account: cicd-build-deploy-api@benefit-decision-toolkit-play.iam.gserviceaccount.com
          project_id: ${{ env.PROJECT_ID }}

      - name: 'Set up Cloud SDK'
        uses: 'google-github-actions/setup-gcloud@v2'

      - name: 'Verify Authentication'
        run: |
          gcloud auth list
          gcloud config list project

      # BEGIN - Docker auth and build
      #
      # If you already have a container image, you can omit these steps.
      # - name: 'Docker Auth'
      #   uses: 'docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567' # docker/login-action@v3
      #   with:
      #     username: 'oauth2accesstoken'
      #     password: '${{ steps.auth.outputs.auth_token }}'
      #     registry: '${{ env.REGION }}-docker.pkg.dev'

      # Verify repository access
      - name: 'Verify Repository Access'
        run: |
          gcloud artifacts repositories list --location=${{ env.REGION }}
          gcloud artifacts repositories describe ${{ env.REPOSITORY }} --location=${{ env.REGION }}

      # Configure Docker to use gcloud as a credential helper
      - name: 'Configure Docker'
        run: |
          gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev

      # Download Java version
      - name: Set up Java 21
        uses: actions/setup-java@v3
        with:
          distribution: temurin
          java-version: 21

      # Build the Quarkus app with Maven
      - name: 'Build Quarkus App'
        working-directory: builder-api
        run: |
          ./mvnw package -DskipTests

      - name: 'Build and Push Container'
        working-directory: builder-api
        run: |-
          DOCKER_TAG="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.API_NAME }}:latest"
          docker build -f src/main/docker/Dockerfile.jvm --tag "${DOCKER_TAG}" .
          docker push "${DOCKER_TAG}"

      - name: 'Deploy to Cloud Run'

        # END - Docker auth and build

        uses: 'google-github-actions/deploy-cloudrun@33553064113a37d688aa6937bacbdc481580be17' # google-github-actions/deploy-cloudrun@v2
        with:
          service: '${{ env.SERVICE }}'
          region: '${{ env.REGION }}'
          # NOTE: If using a pre-built image, update the image name below:

          image: '${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.API_NAME }}:latest'
      # If required, use the Cloud Run URL output in later steps
      - name: 'Show output'
        run: |2-

          echo ${{ steps.deploy.outputs.url }}