api-cd.yml

name: Api Production deploy

on:
  push:
    branches:
      - "main"
    paths:
      - "api/**"
      - ".github/workflows/api-cd.yml"
  workflow_dispatch:

jobs:
  build-api:
    permissions:
      id-token: write
      contents: read
    name: Build and push to Google ACR
    runs-on: ubuntu-latest
    defaults:
      run:
        shell: bash
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - id: 'setup-qemu'
        name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - id: 'docker-buildx-setup'
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - id: 'auth'
        name: 'Authenticate to Google Cloud'
        uses: 'google-github-actions/auth@v2'
        with:
          create_credentials_file: true
          token_format: access_token
          workload_identity_provider: 'projects/5685154754/locations/global/workloadIdentityPools/cd-beerpong/providers/github-actions'
          service_account: 'cd-beerpong@beer-pong-441815.iam.gserviceaccount.com'
      - id: 'login-gar'
        name: "Login to GAR"
        uses: docker/login-action@v3
        with:
          registry: europe-west10-docker.pkg.dev/beer-pong-441815/api-beerpong
          username: oauth2accesstoken
          password: ${{ steps.auth.outputs.access_token }}
      - id: 'build-and-push'
        name: 'Build and Push docker Image'
        uses: docker/build-push-action@v6
        with:
          push: true
          context: api
          file: ./api/Dockerfile
          platforms: linux/amd64
          tags: europe-west10-docker.pkg.dev/beer-pong-441815/api-beerpong/api:${{ github.sha }}

    needs: build-api
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - id: 'auth'
        name: 'Authenticate to Google Cloud'
        uses: 'google-github-actions/auth@v2'
        with:
          create_credentials_file: true
          token_format: access_token
          workload_identity_provider: 'projects/5685154754/locations/global/workloadIdentityPools/cd-beerpong/providers/github-actions'
          service_account: 'cd-beerpong@beer-pong-441815.iam.gserviceaccount.com'
      - id: 'deploy'
        uses: 'google-github-actions/deploy-cloudrun@v2'
        with:
          service: 'api-springboot'
          image: 'europe-west10-docker.pkg.dev/beer-pong-441815/api-beerpong/api:${{ github.sha }}'
          region: europe-west10
          flags: '--port=8080 --add-cloudsql-instances=beer-pong-441815:europe-west10:api-beerpong-pg --no-cpu-throttling --min-instances 0 --max-instances 3 --allow-unauthenticated'
          env_vars: |
            POSTGRES_USER=postgres
            POSTGRES_URL=jdbc:postgresql:///beerpong?cloudSqlInstance=beer-pong-441815:europe-west10:api-beerpong-pg&socketFactory=com.google.cloud.sql.postgres.SocketFactory
            API_BASE_URL=https://beerpong.lb.laurinnotemann.dev
          secrets: |-
            POSTGRES_PASSWORD=api-pg-password:latest

  deploy-api:
    permissions:
      id-token: write
      contents: read
    name: "Deploy staging api on a bare metal server"
    runs-on: ubuntu-latest
    defaults:
      run:
        shell: bash
    needs: build-api
    steps:
      - name: Checkout
        uses: actions/checkout@v4
     
      - name: Set up SSH key
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.SSH_SECRET }}


      - name: Add server to known hosts
        run: |
          mkdir -p ~/.ssh
          ssh-keyscan -H ${{ secrets.SERVER_IP }} >> ~/.ssh/known_hosts

      - name: Deploy to Bare Metal Server
        env:
          SERVER_IP: ${{ secrets.SERVER_IP }}
          SERVER_USER: ${{ secrets.SERVER_USER }}
          FILE_PATH: ${{ secrets.PATH_TO_SERVICE_ACC_JSON }}
          DOCKER_IMAGE: europe-west10-docker.pkg.dev/beer-pong-441815/api-beerpong/api:${{ github.sha }}
        run: |
          ssh $SERVER_USER@$SERVER_IP << EOF
            # Navigate to the Docker Compose directory
            cd ~/docker/beerpong-api-prod

            # Authenticate with Google Cloud (assuming gcloud is installed on the server)
            gcloud auth activate-service-account --key-file=$FILE_PATH
            gcloud auth configure-docker europe-west10-docker.pkg.dev

            # Update the image in the docker-compose.yml file
            sed -i 's|image: .*|image: $DOCKER_IMAGE|' docker-compose.yml

            # Pull the latest image
            docker compose pull

            # Restart the service
            docker compose up -d --force-recreate beerpong-api

            # Clean up old images
            docker image prune -af
          EOF