Automate library sync when new version is pushed

prestoncabe · prestoncabe · commit fed2a5b85e03 · 2026-03-02T22:08:29.000-05:00
git push origin library-api-vX.X.X ↓ deploy — builds library-api, pushes Docker image, deploys to Cloud Run — waits until new revision is healthy ↓ sync-metadata — calls load-library-metadata.yml (workflow_call) ├─ sync — fetches OpenAPI spec, uploads check metadata to Firebase Storage/Firestore └─ restart — redeploys builder-api:latest to Cloud Run (no rebuild, ~30-60s) — new revision starts, @PostConstruct reads updated metadata Manual trigger (workflow_dispatch) also runs both sync + restart automatically.
diff --git a/.github/workflows/deploy-library-api.yml b/.github/workflows/deploy-library-api.yml
@@ -122,3 +122,8 @@ jobs:
           echo "Service URL: ${{ steps.deploy.outputs.url }}"
           echo "Version: v${{ steps.extract_version.outputs.version }}"
           echo "Revision: ${{ env.API_NAME }}-v${{ steps.extract_version.outputs.revision_version }}"
+
+  sync-metadata:
+    needs: deploy
+    uses: ./.github/workflows/load-library-metadata.yml
+    secrets: inherit
diff --git a/.github/workflows/load-library-metadata.yml b/.github/workflows/load-library-metadata.yml
@@ -2,10 +2,20 @@ name: Load Library API Metadata
 
 on:
   workflow_dispatch:
+  workflow_call:
+
+env:
+  PROJECT_ID: benefit-decision-toolkit-play
+  REGION: us-central1
+  SERVICE: benefit-decision-toolkit-play
+  WORKLOAD_IDENTITY_PROVIDER: projects/1034049717668/locations/global/workloadIdentityPools/github-actions-google-cloud/providers/github
 
 jobs:
   run-script:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
 
     steps:
       - name: Checkout repo
@@ -30,3 +40,19 @@ jobs:
 
       - name: Cleanup credentials
         run: rm bin/library/gcp-key.json
+
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: cicd-build-deploy-api@${{ env.PROJECT_ID }}.iam.gserviceaccount.com
+          project_id: ${{ env.PROJECT_ID }}
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v2
+
+      - name: Restart builder-api with updated library metadata
+        run: |
+          gcloud run deploy builder-api \
+            --image us-central1-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/builder-api:latest \
+            --region ${{ env.REGION }}
