Skip to content

Secure API route get_latest_patient_encounter_by_rfid (#135) #152

Secure API route get_latest_patient_encounter_by_rfid (#135)

Secure API route get_latest_patient_encounter_by_rfid (#135) #152

name: Build and Push API
on:
workflow_dispatch:
push:
branches:
- main
paths:
- 'app/api/**'
- '.github/workflows/build-and-push-api.yaml'
pull_request:
types:
-opened
branches:
- main
paths:
- 'app/api/**'
workflow_run:
workflows: [Production Unit Tests]
types:
- completed
env:
TAG: prod
GAR: ${{ secrets.ARTIFACT_REGISTRY }}
CR_SERVICE: cloudrun-service-api
CR_REGION: northamerica-northeast2
jobs:
build-and-push-api:
name: build-and-push-api
runs-on: ubuntu-20.04
# if: ${{ github.event.workflow_run.conclusion == 'success' }}
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: checkout
name: Checkout
uses: actions/checkout@v2
- id: auth
name: Authenticate with Google Cloud
uses: google-github-actions/auth@v1
with:
token_format: access_token
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.SERVICE_ACCOUNT }}
access_token_lifetime: 300s
- name: Login to Google Artifact Registry
uses: docker/login-action@v2
with:
registry: ${{ secrets.ARTIFACT_REGISTRY }}
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- name: build-tag-push
run: |
export GAR=${{ env.GAR }}
make build-push-api ${{ env.TAG }}
- name: Redeploy Cloudrun Service
run: |
gcloud run services update ${{ env.CR_SERVICE }} --region=${{ env.CR_REGION }} --image=${{ env.GAR }}api:${{ env.TAG }}