Skip to content

Automate library sync when new version is pushed #300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
prestoncabe merged 3 commits into from
Mar 4, 2026
Merged

Automate library sync when new version is pushed #300

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fed2a5b
Automate library sync when new version is pushed
prestoncabe Feb 26, 2026
79a0240
Add notes to clarify separate GCP steps for syncing library metadata
prestoncabe Mar 4, 2026
35d5e96
Refactor how builder-api is restarted upon library sync
prestoncabe Mar 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .github/workflows/deploy-library-api.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,3 +122,8 @@ jobs:
echo "Service URL: ${{ steps.deploy.outputs.url }}"
echo "Version: v${{ steps.extract_version.outputs.version }}"
echo "Revision: ${{ env.API_NAME }}-v${{ steps.extract_version.outputs.revision_version }}"

sync-metadata:
needs: deploy
uses: ./.github/workflows/load-library-metadata.yml
secrets: inherit
29 changes: 28 additions & 1 deletion .github/workflows/load-library-metadata.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,19 @@ name: Load Library API Metadata

on:
workflow_dispatch:
workflow_call:

env:
PROJECT_ID: benefit-decision-toolkit-play
REGION: us-central1
WORKLOAD_IDENTITY_PROVIDER: projects/1034049717668/locations/global/workloadIdentityPools/github-actions-google-cloud/providers/github

jobs:
run-script:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write

steps:
- name: Checkout repo
Expand All @@ -16,7 +25,8 @@ jobs:
with:
python-version: "3.11"

- name: Create GCP credentials file
# use a specific service account for sync script
- name: Create GCP credentials file (for sync script)
run: |
echo '${{ secrets.GCP_SERVICE_ACCOUNT_KEY }}' > bin/library/gcp-key.json

Expand All @@ -30,3 +40,20 @@ jobs:

- name: Cleanup credentials
run: rm bin/library/gcp-key.json

# Use a different service account with permissions to restart builder-api
- name: Authenticate to Google Cloud (for restarting builder-api)
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }}
service_account: cicd-build-deploy-api@${{ env.PROJECT_ID }}.iam.gserviceaccount.com
project_id: ${{ env.PROJECT_ID }}

- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2

- name: Restart builder-api with updated library metadata
Comment thread
prestoncabe marked this conversation as resolved.
run: |
gcloud run services update builder-api \
--region ${{ env.REGION }} \
--update-env-vars LIBRARY_SYNC_TIMESTAMP=$(date -u +%Y%m%dT%H%M%SZ)