Skip to content

Commit dadf329

Browse files
brendan-kellambrendan-kellam
committed
s
1 parent 271d52b commit dadf329

File tree

2 files changed

+92
-76
lines changed

2 files changed

+92
-76
lines changed

.github/workflows/_gcp-deploy.yml

Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
name: GCP Deploy
2+
3+
on:
4+
workflow_call:
5+
inputs:
6+
environment:
7+
required: true
8+
description: 'The environment to deploy to'
9+
type: string
10+
11+
jobs:
12+
gcp-deploy:
13+
runs-on: ubuntu-latest
14+
environment: ${{ inputs.environment }}
15+
permissions:
16+
contents: 'read'
17+
# Requird for OIDC auth with GCP.
18+
# @see: https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
19+
id-token: 'write'
20+
env:
21+
IMAGE_PATH: us-west1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/sourcebot/sourcebot-${{ vars.NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT }}
22+
steps:
23+
- name: 'Checkout'
24+
uses: 'actions/checkout@v3'
25+
with:
26+
submodules: "true"
27+
28+
# @see: https://github.com/google-github-actions/auth?tab=readme-ov-file#direct-wif
29+
- name: 'Google auth'
30+
id: 'auth'
31+
uses: 'google-github-actions/auth@v2'
32+
with:
33+
project_id: '${{ secrets.GCP_PROJECT_ID }}'
34+
workload_identity_provider: '${{ secrets.GCP_WIF_PROVIDER }}'
35+
36+
- name: 'Set up Cloud SDK'
37+
uses: 'google-github-actions/setup-gcloud@v1'
38+
with:
39+
project_id: '${{ secrets.GCP_PROJECT_ID }}'
40+
41+
- name: 'Docker auth'
42+
run: |-
43+
gcloud auth configure-docker us-west1-docker.pkg.dev
44+
45+
- name: Configure SSH
46+
run: |
47+
mkdir -p ~/.ssh/
48+
echo "${{ secrets.GCP_SSH_PRIVATE_KEY }}" > ~/.ssh/private.key
49+
chmod 600 ~/.ssh/private.key
50+
echo "${{ secrets.GCP_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
51+
52+
- name: Build Docker image
53+
id: build
54+
uses: docker/build-push-action@v6
55+
with:
56+
context: .
57+
push: true
58+
tags: |
59+
${{ env.IMAGE_PATH }}:${{ github.sha }}
60+
${{ env.IMAGE_PATH }}:latest
61+
build-args: |
62+
NEXT_PUBLIC_SOURCEBOT_VERSION=${{ github.ref_name }}
63+
NEXT_PUBLIC_POSTHOG_PAPIK=${{ vars.NEXT_PUBLIC_POSTHOG_PAPIK }}
64+
NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT=${{ vars.NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT }}
65+
NEXT_PUBLIC_SENTRY_ENVIRONMENT=${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
66+
NEXT_PUBLIC_SENTRY_WEBAPP_DSN=${{ vars.NEXT_PUBLIC_SENTRY_WEBAPP_DSN }}
67+
NEXT_PUBLIC_SENTRY_BACKEND_DSN=${{ vars.NEXT_PUBLIC_SENTRY_BACKEND_DSN }}
68+
69+
70+
- name: Deploy to GCP
71+
run: |
72+
ssh -i ~/.ssh/private.key ${{ secrets.GCP_USERNAME }}@${{ secrets.GCP_HOST }} << 'EOF'
73+
# First pull the new image
74+
docker pull ${{ env.IMAGE_PATH }}:${{ github.sha }}
75+
76+
# Stop and remove any existing container
77+
docker stop -t 60 sourcebot || true
78+
docker rm sourcebot || true
79+
80+
# Run the new container
81+
# @nocheckin: add this back
82+
# -v /mnt/data:/data \
83+
docker run -d \
84+
-p 80:3000 \
85+
--rm \
86+
--env-file .env \
87+
--name sourcebot \
88+
${{ env.IMAGE_PATH }}:${{ github.sha }}
89+
EOF

.github/workflows/scratch-workflow.yml

Lines changed: 3 additions & 76 deletions
Original file line numberDiff line numberDiff line change
@@ -7,79 +7,6 @@ on:
77

88
jobs:
99
scratch:
10-
runs-on: ubuntu-latest
11-
environment: staging
12-
permissions:
13-
contents: 'read'
14-
# Requird for OIDC auth with GCP.
15-
# @see: https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
16-
id-token: 'write'
17-
env:
18-
IMAGE_PATH: us-west1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/sourcebot/sourcebot-${{ vars.NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT }}
19-
steps:
20-
- name: 'Checkout'
21-
uses: 'actions/checkout@v3'
22-
with:
23-
submodules: "true"
24-
25-
# @see: https://github.com/google-github-actions/auth?tab=readme-ov-file#direct-wif
26-
- name: 'Google auth'
27-
id: 'auth'
28-
uses: 'google-github-actions/auth@v2'
29-
with:
30-
project_id: '${{ secrets.GCP_PROJECT_ID }}'
31-
workload_identity_provider: '${{ secrets.GCP_WIF_PROVIDER }}'
32-
33-
- name: 'Set up Cloud SDK'
34-
uses: 'google-github-actions/setup-gcloud@v1'
35-
with:
36-
project_id: '${{ secrets.GCP_PROJECT_ID }}'
37-
38-
- name: 'Docker auth'
39-
run: |-
40-
gcloud auth configure-docker us-west1-docker.pkg.dev
41-
42-
- name: Configure SSH
43-
run: |
44-
mkdir -p ~/.ssh/
45-
echo "${{ secrets.GCP_SSH_PRIVATE_KEY }}" > ~/.ssh/private.key
46-
chmod 600 ~/.ssh/private.key
47-
echo "${{ secrets.GCP_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
48-
49-
- name: Build Docker image
50-
id: build
51-
uses: docker/build-push-action@v6
52-
with:
53-
context: .
54-
push: true
55-
tags: |
56-
${{ env.IMAGE_PATH }}:${{ github.sha }}
57-
${{ env.IMAGE_PATH }}:latest
58-
build-args: |
59-
NEXT_PUBLIC_SOURCEBOT_VERSION=${{ github.ref_name }}
60-
NEXT_PUBLIC_POSTHOG_PAPIK=${{ vars.NEXT_PUBLIC_POSTHOG_PAPIK }}
61-
NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT=${{ vars.NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT }}
62-
NEXT_PUBLIC_SENTRY_ENVIRONMENT=${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
63-
NEXT_PUBLIC_SENTRY_WEBAPP_DSN=${{ vars.NEXT_PUBLIC_SENTRY_WEBAPP_DSN }}
64-
NEXT_PUBLIC_SENTRY_BACKEND_DSN=${{ vars.NEXT_PUBLIC_SENTRY_BACKEND_DSN }}
65-
66-
67-
- name: Deploy to GCP
68-
run: |
69-
ssh -i ~/.ssh/private.key ${{ secrets.GCP_USERNAME }}@${{ secrets.GCP_HOST }} << 'EOF'
70-
# First pull the new image
71-
docker pull ${{ env.IMAGE_PATH }}:${{ github.sha }}
72-
73-
# Stop and remove any existing container
74-
docker stop -t 60 sourcebot || true
75-
docker rm sourcebot || true
76-
77-
# Run the new container
78-
# -v /mnt/data:/data \
79-
docker run -d \
80-
-p 80:3000 \
81-
--rm \
82-
--env-file .env \
83-
--name sourcebot \
84-
${{ env.IMAGE_PATH }}:${{ github.sha }}
85-
EOF
10+
uses: ./.github/workflows/_gcp-deploy.yml
11+
with:
12+
environment: staging

0 commit comments

Comments
 (0)