Deploy PDF Service - sandbox #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy PDF Service | |
| run-name: Deploy PDF Service - ${{inputs.environment || 'all'}} | |
| on: | |
| push: | |
| branches: | |
| - master | |
| paths: | |
| - "**" | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: Deployment environment | |
| type: choice | |
| default: all | |
| options: | |
| - sandbox | |
| - prod | |
| - all | |
| permissions: | |
| contents: "read" | |
| id-token: "write" | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and export | |
| uses: docker/build-push-action@v6 | |
| with: | |
| tags: local-image:latest | |
| context: . | |
| file: ./Dockerfile | |
| outputs: type=docker,dest=${{ runner.temp }}/local-image.tar | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: local-image | |
| path: ${{ runner.temp }}/local-image.tar | |
| deploy: | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| env: ${{fromJSON((inputs.environment || 'all') == 'all' && '["sandbox", "prod"]' || format('["{0}"]', inputs.environment))}} | |
| environment: ${{matrix.env}} | |
| env: | |
| GCP_IMAGE_TAG: ${{fromJson(vars.PROPS).gcp.location}}-docker.pkg.dev/${{ fromJson(vars.PROPS).gcp.project_id }}/ar-main/main:${{ github.sha }} | |
| GCP_SA_EMAIL: sa-gha-cicd@${{fromJson(vars.PROPS).gcp.project_id}}.iam.gserviceaccount.com | |
| steps: | |
| - id: "auth" | |
| name: "Authenticate to Google Cloud" | |
| uses: "google-github-actions/auth@v2" | |
| with: | |
| workload_identity_provider: ${{ (matrix.env == 'prod' || matrix.env == 'staging') && vars.GCP_WIDPP_ID_PROD || vars.GCP_WIDPP_ID_DEV }} | |
| service_account: ${{ env.GCP_SA_EMAIL }} | |
| project_id: ${{ fromJson(vars.PROPS).gcp.project_id }} | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: local-image | |
| path: ${{ runner.temp }} | |
| - name: Push Image to artifact registry | |
| shell: bash | |
| run: |- | |
| # Configure docker for artifact registry | |
| gcloud --quiet auth configure-docker ${{ fromJson(vars.PROPS).gcp.location }}-docker.pkg.dev | |
| # Load image from GHA artifacts | |
| docker load --input ${{ runner.temp }}/local-image.tar | |
| # Push image to artifact registry | |
| docker tag local-image:latest ${{ env.GCP_IMAGE_TAG }} | |
| docker push ${{ env.GCP_IMAGE_TAG }} | |
| - name: Deploy image to Cloud Run | |
| uses: google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| service: main | |
| image: ${{ env.GCP_IMAGE_TAG }} | |
| region: ${{ fromJson(vars.PROPS).gcp.location }} | |
| flags: --service-account=sa-main@${{fromJson(vars.PROPS).gcp.project_id}}.iam.gserviceaccount.com |