change(deps): bump google-github-actions/auth from 1.2.0 to 2.1.7 #155
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'CI & CD' | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request_target: {} | |
| env: | |
| GCLOUD_VERSION: "424.0.0" | |
| jobs: | |
| test: | |
| name: Run tests | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
| with: | |
| go-version-file: "go.mod" | |
| cache: true | |
| - name: Prepare dependencies | |
| run: |- | |
| go mod tidy | |
| - name: Run tests | |
| run: |- | |
| go test -v ./... | |
| docker-build: | |
| name: Build docker image | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| needs: | |
| - test | |
| if: |- | |
| (github.event.pull_request.head.ref || github.ref) == 'refs/heads/master' | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Extract git info | |
| id: gitmeta | |
| env: | |
| GIT_REF: ${{ github.event.pull_request.head.ref || github.ref }} | |
| GIT_SHA: ${{ github.event.pull_request.head.sha || github.sha }} | |
| run: | | |
| echo ::set-output name=GIT_SHA::${GIT_SHA} | |
| echo ::set-output name=GIT_REF::${GIT_REF} | |
| if [[ "$GIT_REF" =~ ^refs/tags/ ]]; then | |
| echo ::set-output name=GIT_TAG::${GIT_REF/refs\/tags\//} | |
| fi | |
| if [[ "$GIT_REF" =~ ^refs/heads/ ]]; then | |
| echo ::set-output name=GIT_BRANCH::${GIT_REF/refs\/heads\//} | |
| fi | |
| - uses: google-github-actions/setup-gcloud@62d4898025f6041e16b1068643bfc5a696863587 # v1.1.0 | |
| with: | |
| version: ${{ env.GCLOUD_VERSION }} | |
| - id: auth | |
| name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 | |
| with: | |
| create_credentials_file: 'true' | |
| workload_identity_provider: projects/205940128872/locations/global/workloadIdentityPools/github-actions/providers/gha-provider | |
| service_account: cloudrun-deployer@atproto-vvvot.iam.gserviceaccount.com | |
| access_token_lifetime: 1200s | |
| - name: gcloud auth login by workload identity | |
| env: | |
| GCLOUD_CREDENTIAL_FILE: ${{ steps.auth.outputs.credentials_file_path }} | |
| run: |- | |
| gcloud auth login --brief --cred-file="${GCLOUD_CREDENTIAL_FILE}" | |
| - name: Build & Push docker image | |
| env: | |
| GIT_TAG: ${{ steps.gitmeta.outputs.GIT_TAG }} | |
| GIT_BRANCH: ${{ steps.gitmeta.outputs.GIT_BRANCH }} | |
| GIT_SHA: ${{ steps.gitmeta.outputs.GIT_SHA }} | |
| GCLOUD_CREDENTIAL_FILE: ${{ steps.auth.outputs.credentials_file_path }} | |
| run: | | |
| gcloud auth configure-docker us-central1-docker.pkg.dev | |
| GCP_PROJECT_ID=$(gcloud config get-value project) | |
| GCP_IMAGE_TAG="us-central1-docker.pkg.dev/${GCP_PROJECT_ID}/server/server:commit-${GIT_SHA}" | |
| docker build . --tag "${GCP_IMAGE_TAG}" | |
| docker push "${GCP_IMAGE_TAG}" | |
| deploy-cloudrun: | |
| name: Deploy to Cloud Run | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| needs: | |
| - test | |
| - docker-build | |
| if: |- | |
| (github.event.pull_request.head.ref || github.ref) == 'refs/heads/master' | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Extract git info | |
| id: gitmeta | |
| env: | |
| GIT_REF: ${{ github.event.pull_request.head.ref || github.ref }} | |
| GIT_SHA: ${{ github.event.pull_request.head.sha || github.sha }} | |
| run: | | |
| echo ::set-output name=GIT_SHA::${GIT_SHA} | |
| echo ::set-output name=GIT_REF::${GIT_REF} | |
| if [[ "$GIT_REF" =~ ^refs/tags/ ]]; then | |
| echo ::set-output name=GIT_TAG::${GIT_REF/refs\/tags\//} | |
| fi | |
| if [[ "$GIT_REF" =~ ^refs/heads/ ]]; then | |
| echo ::set-output name=GIT_BRANCH::${GIT_REF/refs\/heads\//} | |
| fi | |
| - uses: google-github-actions/setup-gcloud@62d4898025f6041e16b1068643bfc5a696863587 # v1.1.0 | |
| with: | |
| version: ${{ env.GCLOUD_VERSION }} | |
| - id: auth | |
| name: Authenticate to Google Cloud for stg | |
| uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 | |
| with: | |
| create_credentials_file: 'true' | |
| workload_identity_provider: projects/205940128872/locations/global/workloadIdentityPools/github-actions/providers/gha-provider | |
| service_account: cloudrun-deployer@atproto-vvvot.iam.gserviceaccount.com | |
| access_token_lifetime: 1200s | |
| - name: gcloud auth login by workload identity | |
| env: | |
| GCLOUD_CREDENTIAL_FILE: ${{ steps.auth.outputs.credentials_file_path }} | |
| run: |- | |
| gcloud auth login --brief --cred-file="${GCLOUD_CREDENTIAL_FILE}" | |
| - name: Deploy | |
| env: | |
| GIT_TAG: ${{ steps.gitmeta.outputs.GIT_TAG }} | |
| GIT_BRANCH: ${{ steps.gitmeta.outputs.GIT_BRANCH }} | |
| GIT_SHA: ${{ github.event.pull_request.head.sha || github.sha }} | |
| GCLOUD_CREDENTIAL_FILE: ${{ steps.auth.outputs.credentials_file_path }} | |
| run: |- | |
| export GIT_SHA="$GITHUB_SHA" | |
| export TAG=master | |
| GCP_PROJECT_ID=$(gcloud config get-value project) | |
| GCP_IMAGE_TAG="us-central1-docker.pkg.dev/${GCP_PROJECT_ID}/server/server:commit-${GIT_SHA}" | |
| export GCP_PROJECT_ID | |
| export GCP_IMAGE_TAG | |
| ./deploy-cloudrun.sh |