v3.0.14 #147
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: cd | |
on: | |
release: | |
types: | |
- published | |
workflow_dispatch: | |
inputs: | |
run_service_name: | |
description: 'Cloud Run service name' | |
required: true | |
default: 'shuffle-bot-test' | |
jobs: | |
provision: | |
name: 'Provision and deploy' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: 'read' | |
id-token: write | |
env: | |
GCP_REGION: europe-west1 | |
RUN_SERVICE_NAME: ${{ github.event.inputs.run_service_name || vars.GCP_RUN_SERVICE_NAME }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: 'Authenticate with GCP' | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} | |
- name: 'Set up Cloud SDK' | |
uses: google-github-actions/setup-gcloud@v1 | |
with: | |
project_id: ${{ vars.GCP_PROJECT_ID }} | |
- name: 'Authorize Docker push' | |
run: gcloud auth configure-docker | |
- name: Update secrets in GCP Secret Manager | |
uses: nearform-actions/github-action-gcp-secrets@v1 | |
with: | |
secrets: |- | |
shuffle-client-secret:"${{ secrets.ZOOM_CLIENT_SECRET }}" | |
shuffle-bot-jid:"${{ secrets.ZOOM_BOT_JID }}" | |
shuffle-secret-token:"${{ secrets.ZOOM_SECRET_TOKEN }}" | |
- name: 'Deploy to Cloud Run' | |
id: deploy | |
run: >- | |
gcloud run deploy ${{ env.RUN_SERVICE_NAME }} | |
--region=${{ env.GCP_REGION }} | |
--cpu=${{ vars.RUN_CPU }} | |
--memory=${{ vars.RUN_MEM }} | |
--revision-suffix=${{ github.sha }} | |
--source=. | |
--set-env-vars='NODE_ENV=production' | |
--set-env-vars='CLIENT_ID=${{ vars.ZOOM_CLIENT_ID }}' | |
--set-env-vars='REDIRECT_URL=${{ vars.REDIRECT_URL }}' | |
--set-env-vars='FIRESTORE_COLLECTION=${{ vars.FIRESTORE_COLLECTION }}' | |
--set-secrets=' | |
CLIENT_SECRET=shuffle-client-secret:latest, | |
BOT_JID=shuffle-bot-jid:latest, | |
SECRET_TOKEN=shuffle-secret-token:latest' | |
- name: 'Retrieve the Cloud Run service url' | |
run: echo "RUN_URL=$(gcloud run services describe ${{ env.RUN_SERVICE_NAME }} --region=${{ env.GCP_REGION }} --format="value(status.url)")" >> $GITHUB_ENV | |
- name: 'Make the service public' | |
run: >- | |
gcloud run services add-iam-policy-binding ${{ env.RUN_SERVICE_NAME }} | |
--member="allUsers" | |
--role="roles/run.invoker" | |
--region=${{ env.GCP_REGION }} | |
- name: 'Show summary' | |
run: >- | |
echo "App successfully deployed to: ${{ env.RUN_URL }}. | |
Make sure that all settings in Zoom bot's configuration point at this url." |