v0.5.0 #16

Workflow file for this run

.github/workflows/deploy_gcp_admin_app.yaml at b406cd9

	name: Deploy admin_app to GCP

	on:
	push:
	branches:
	- main
	- testing
	paths:
	- "admin_app/**"
	- ".github/workflows/deploy_gcp_admin_app.yaml"
	release:
	types: [released]
	workflow_dispatch:

	jobs:
	set-env:
	runs-on: ubuntu-latest
	outputs:
	env_name: ${{ steps.set-env.outputs.env_name }}
	steps:
	- name: Resolve deployment environment name
	id: set-env
	run: \|
	if [ "${{ github.ref_name }}" == "main" ]; then
	echo "env_name=testing" >> "$GITHUB_OUTPUT"
	else
	echo "env_name=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
	fi

	DeployAdminAppToGCP:
	needs: [set-env]

	runs-on: ubuntu-latest

	permissions:
	contents: "read"
	id-token: "write"

	environment: mc-aaq-${{ needs.set-env.outputs.env_name }}

	env:
	RESOURCE_PREFIX: ${{ secrets.PROJECT_NAME }}-${{ needs.set-env.outputs.env_name }}
	REPO: ${{ secrets.DOCKER_REGISTRY_DOMAIN }}/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.PROJECT_NAME }}-${{ needs.set-env.outputs.env_name }}
	TAG: ${{ github.sha }}

	steps:
	- uses: "actions/checkout@v4"

	- id: "auth"
	name: "Authenticate to Google Cloud"
	uses: "google-github-actions/auth@v2"
	with:
	project_id: ${{ secrets.GCP_PROJECT_ID }}
	workload_identity_provider: projects/${{ secrets.GCP_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{ vars.POOL_ID }}/providers/${{ vars.PROVIDER_ID }}
	service_account: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }}

	- name: Retrieve secrets from Secret Manager
	id: "secrets"
	uses: "google-github-actions/get-secretmanager-secrets@v2"
	with:
	min_mask_length: 4
	secrets: \|- # pragma: allowlist secret
	domain:${{ secrets.GCP_PROJECT_ID }}/${{ env.RESOURCE_PREFIX }}-domain
	google_login_client_id:${{ secrets.GCP_PROJECT_ID }}/${{ env.RESOURCE_PREFIX }}-google-login-client-id

	- name: Configure Docker to use gcloud as a credential helper
	run: \|
	gcloud auth configure-docker ${{ secrets.DOCKER_REGISTRY_DOMAIN}}

	- name: Build and push admin_app image
	working-directory: admin_app
	run: \|
	docker build \
	-t ${{ env.REPO }}/admin_app:latest \
	-t ${{ env.REPO }}/admin_app:${{ env.TAG }} \
	.
	docker image push --all-tags ${{ env.REPO }}/admin_app

	- name: Deploy admin_app container
	id: "compute-ssh"
	uses: "google-github-actions/ssh-compute@v1"
	env:
	REPO: ${{ secrets.DOCKER_REGISTRY_DOMAIN }}/${{ secrets.GCP_PROJECT_ID }}/${{ env.RESOURCE_PREFIX }}
	with:
	instance_name: "${{ secrets.DEPLOYMENT_INSTANCE_NAME }}"
	zone: "${{ secrets.DEPLOYMENT_ZONE }}"
	ssh_private_key: "${{ secrets.GCP_SSH_PRIVATE_KEY }}"
	command: \|
	docker-credential-gcr configure-docker \
	--registries ${{ secrets.DOCKER_REGISTRY_DOMAIN }}
	docker pull \
	${{ env.REPO }}/admin_app:latest
	docker stop admin_app
	docker rm admin_app
	docker run -d \
	--log-driver=gcplogs \
	--restart always \
	--network aaq-network \
	--name admin_app \
	-e NEXT_PUBLIC_BACKEND_URL="https://${{ steps.secrets.outputs.domain }}/api" \
	-e NEXT_PUBLIC_GOOGLE_LOGIN_CLIENT_ID="${{ steps.secrets.outputs.google_login_client_id }}" \
	${{ env.REPO }}/admin_app:latest
	docker system prune -f \|\| true

	- name: Show deployment command output
	run: \|-
	echo '${{ steps.compute-ssh.outputs.stdout }}'
	echo '${{ steps.compute-ssh.outputs.stderr }}'

	- name: Wait for Application to start
	id: wait-for-app
	run: sleep 1m
	shell: bash

	- name: Check if deployment was successful
	id: check-deployment
	run: \|
	curl -f -X 'GET' \
	'https://${{ steps.secrets.outputs.domain }}/api/healthcheck' \
	-H 'accept: application/json'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.5.0 #16

Workflow file

v0.5.0 #16

Jobs

Run details

Workflow file for this run