diff --git a/.github/workflows/google-cloudrun-docker.yml b/.github/workflows/google-cloudrun-docker.yml new file mode 100644 index 0000000..cda746d --- /dev/null +++ b/.github/workflows/google-cloudrun-docker.yml @@ -0,0 +1,107 @@ +# This workflow builds and pushes Docker containers to Google Artifact Registry +# and deploys both backend and frontend on Cloud Run when a commit is pushed to the "production" +# branch. + +name: 'Build and Deploy QueryPal to Cloud Run' + +on: + push: + branches: + - 'production' + workflow_dispatch: + +env: + PROJECT_ID: 'gen-lang-client-0698668474' + REGION: 'europe-west1' + BACKEND_SERVICE: 'querypal-backend' + FRONTEND_SERVICE: 'querypal-frontend' + WORKLOAD_IDENTITY_PROVIDER: 'projects/gen-lang-client-0698668474/locations/global/workloadIdentityPools/github-actions-pool/providers/github-provider' + +jobs: + deploy: + runs-on: 'ubuntu-latest' + + permissions: + contents: 'read' + id-token: 'write' + + steps: + - name: 'Checkout' + uses: 'actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332' # actions/checkout@v4 + + # Configure Workload Identity Federation and generate an access token. + - id: 'auth' + name: 'Authenticate to Google Cloud' + uses: 'google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2' # google-github-actions/auth@v2 + with: + workload_identity_provider: '${{ env.WORKLOAD_IDENTITY_PROVIDER }}' + + # BEGIN - Docker auth and build + - name: 'Docker Auth' + uses: 'docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567' # docker/login-action@v3 + with: + username: 'oauth2accesstoken' + password: '${{ steps.auth.outputs.auth_token }}' + registry: '${{ env.REGION }}-docker.pkg.dev' + + # Build and Push Backend Container + - name: 'Build and Push Backend Container' + run: |- + cd backend + DOCKER_TAG="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.BACKEND_SERVICE }}:${{ github.sha }}" + docker build --tag "${DOCKER_TAG}" --platform linux/amd64 . + docker push "${DOCKER_TAG}" + + # Deploy Backend to Cloud Run + - id: 'deploy-backend' + name: 'Deploy Backend to Cloud Run' + uses: 'google-github-actions/deploy-cloudrun@33553064113a37d688aa6937bacbdc481580be17' # google-github-actions/deploy-cloudrun@v2 + with: + service: '${{ env.BACKEND_SERVICE }}' + region: '${{ env.REGION }}' + image: '${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.BACKEND_SERVICE }}:${{ github.sha }}' + env_vars: | + AZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }} + AZURE_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }} + ARM_SCOPE=https://management.azure.com/.default + GEMINI_API_KEY=${{ secrets.GEMINI_API_KEY }} + DB_USER=${{ secrets.DB_USER }} + DB_PASS=${{ secrets.DB_PASS }} + DB_NAME=querypal + DB_UNIX_SOCKET=/cloudsql/gen-lang-client-0698668474:europe-west1:querypal-db + flags: | + --port=8000 + --add-cloudsql-instances=gen-lang-client-0698668474:europe-west1:querypal-db + --allow-unauthenticated + + # Build and Push Frontend Container + - name: 'Build and Push Frontend Container' + run: |- + cd frontend + DOCKER_TAG="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.FRONTEND_SERVICE }}:${{ github.sha }}" + docker build --tag "${DOCKER_TAG}" --platform linux/amd64 \ + --build-arg VITE_API_BASE_URL=${{ steps.deploy-backend.outputs.url }} \ + --build-arg VITE_AZURE_REDIRECT_URI=https://${{ env.FRONTEND_SERVICE }}-zynyyoxona-ew.a.run.app \ + . + docker push "${DOCKER_TAG}" + + # Deploy Frontend to Cloud Run + - id: 'deploy-frontend' + name: 'Deploy Frontend to Cloud Run' + uses: 'google-github-actions/deploy-cloudrun@33553064113a37d688aa6937bacbdc481580be17' # google-github-actions/deploy-cloudrun@v2 + with: + service: '${{ env.FRONTEND_SERVICE }}' + region: '${{ env.REGION }}' + image: '${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.FRONTEND_SERVICE }}:${{ github.sha }}' + env_vars: | + PORT=4000 + flags: | + --port=4000 + --allow-unauthenticated + + # Show output URLs + - name: 'Show deployment URLs' + run: |- + echo "Backend URL: ${{ steps.deploy-backend.outputs.url }}" + echo "Frontend URL: ${{ steps.deploy-frontend.outputs.url }}"