conditionally setting secret 📠 #313
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is used to deploy the frontend at metagame.wtf and test.metagame.wtf | ||
# Eventually we will switch the associated backend deployments over to Google Cloud | ||
# as well, at which time we can just use the single gcp_deploy.yaml file | ||
# for both PR deployments AND our stage/prod environments | ||
name: Update Frontend Deployment on Cloud Run | ||
on: | ||
workflow_dispatch: | ||
inputs: | ||
cache_key: | ||
description: Optional cache key component to force invalidation of the build cache. | ||
required: false | ||
default: "" | ||
push: | ||
branches: | ||
- develop | ||
- master | ||
env: | ||
PROJECT_ID: metagame-thegame | ||
REGISTRY_REGION: us-east4 | ||
REGISTRY_REPO: thegame | ||
DEPLOYMENT_DOMAIN: a.run.app | ||
CLOUDRUN_SUFFIX: mjhnbmqqna-uk | ||
DEPLOYMENT_ENV: ${{github.ref_name}} | ||
FRONTEND_SERVICE: frontend-${{github.ref_name}} | ||
FRONTEND_PORT: 3000 | ||
FRONTEND_TARGET: production | ||
jobs: | ||
start-deployment: | ||
name: Generate Deployment Start Message | ||
runs-on: ubuntu-latest | ||
outputs: | ||
deployment_id: ${{steps.create-message.outputs.deployment_id}} | ||
steps: | ||
- name: Start Deployment | ||
uses: bobheadxi/deployments@v1 | ||
id: create-message | ||
with: | ||
step: start | ||
token: ${{github.token}} | ||
env: ${{env.DEPLOYMENT_ENV}} | ||
desc: "Frontend deployment for #${{github.ref_name}} by ${{github.event.pusher.login}}" | ||
ref: ${{github.head_ref}} | ||
auto_inactive: false | ||
logs: https://github.com/${{github.repository}}/commit/${{github.event.after}}/checks | ||
cancel-previous: | ||
name: Cancel Existing Runs | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Cancel Existing Runs | ||
uses: styfle/[email protected] | ||
with: | ||
access_token: ${{github.token}} | ||
env: | ||
name: Environment Variables | ||
runs-on: ubuntu-latest | ||
needs: [cancel-previous] | ||
outputs: | ||
PROJECT_ID: ${{env.PROJECT_ID}} | ||
REGISTRY_REGION: ${{env.REGISTRY_REGION}} | ||
REGISTRY_REPO: ${{env.REGISTRY_REPO}} | ||
DEPLOYMENT_DOMAIN: ${{env.DEPLOYMENT_DOMAIN}} | ||
CLOUDRUN_SUFFIX: ${{env.CLOUDRUN_SUFFIX}} | ||
FRONTEND_SERVICE: ${{env.FRONTEND_SERVICE}} | ||
FRONTEND_PORT: ${{env.FRONTEND_PORT}} | ||
CLOUDRUN_REGION: ${{env.CLOUDRUN_REGION}} | ||
DOCKER_REGISTRY: ${{env.DOCKER_REGISTRY}} | ||
FRONTEND_URL: ${{env.FRONTEND_URL}} | ||
DOCKER_PATH: ${{env.DOCKER_PATH}} | ||
GRAPHQL_URL: ${{env.GRAPHQL_URL}} | ||
FRONTEND_TAG: ${{env.FRONTEND_TAG}} | ||
APP_ENV: ${{env.APP_ENV}} | ||
GOOGLE_CAL_PROJECT_NUMBER: ${{env.GOOGLE_CAL_PROJECT_NUMBER}} | ||
GOOGLE_CAL_CLIENT_EMAIL: ${{env.GOOGLE_CAL_CLIENT_EMAIL}} | ||
GOOGLE_CAL_CALENDAR_ID: ${{env.GOOGLE_CAL_CALENDAR_ID}} | ||
HASURA_HOST: ${{env.HASURA_HOST}} | ||
HASURA_ADMIN_SECRET: ${{env.HASURA_ADMIN_SECRET}} | ||
steps: | ||
- name: First Interpolation of Variables | ||
id: first | ||
run: | | ||
echo "CLOUDRUN_REGION=${{env.REGISTRY_REGION}}" >> $GITHUB_ENV | ||
echo "DOCKER_REGISTRY=${{env.REGISTRY_REGION}}-docker.pkg.dev" >> $GITHUB_ENV | ||
if [[ ${{github.ref_name}} == 'master' ]]; then | ||
echo "APP_ENV=production" >> $GITHUB_ENV | ||
echo "HASURA_HOST=api.metagame.wtf" >> $GITHUB_ENV | ||
echo "FRONTEND_URL=https://metagame.wtf" >> $GITHUB_ENV | ||
echo "HASURA_ADMIN_SECRET=${{secrets.HASURA_PROD_SECRET}}" >> $GITHUB_ENV | ||
else | ||
echo "APP_ENV=test" >> $GITHUB_ENV | ||
echo "HASURA_HOST=api-staging.metagame.wtf" >> $GITHUB_ENV | ||
echo "FRONTEND_URL=https://test.metagame.wtf" >> $GITHUB_ENV | ||
echo "HASURA_ADMIN_SECRET=${{secrets.HASURA_DEV_SECRET}}" >> $GITHUB_ENV | ||
fi | ||
- name: Those Variables May Now Be Interpolated | ||
id: second | ||
run: | | ||
echo "DOCKER_PATH=\ | ||
${{env.DOCKER_REGISTRY}}/${{env.PROJECT_ID}}/${{env.REGISTRY_REPO}}" >> $GITHUB_ENV | ||
echo "GRAPHQL_URL=\ | ||
https://${{env.HASURA_HOST}}/v1/graphql" >> $GITHUB_ENV | ||
- name: And That Result Again In Another Step | ||
id: third | ||
run: | | ||
echo "FRONTEND_TAG=\ | ||
${{env.DOCKER_PATH}}/frontend:${{github.ref_name}}" >> $GITHUB_ENV | ||
hasura-metadata: | ||
name: Update Hasura Metadata | ||
runs-on: ubuntu-latest | ||
needs: [env] | ||
steps: | ||
- name: Checkout Repository | ||
uses: actions/checkout@v4 | ||
- name: Run `hasura metadata reload` | ||
uses: browniefed/hasura-runner@master | ||
with: | ||
args: metadata reload | ||
env: | ||
HASURA_ENDPOINT: https://${{needs.env.outputs.HASURA_HOST}} | ||
HASURA_GRAPHQL_ADMIN_SECRET: ${{github.ref_name == 'master' && ${{secrets.HASURA_PROD_SECRET}} || ${{secrets.HASURA_DEV_SECRET}}}} | ||
Check failure on line 132 in .github/workflows/gcp-deploy-frontend.yaml GitHub Actions / Update Frontend Deployment on Cloud RunInvalid workflow file
|
||
PATH_TO_HASURA_PROJECT_ROOT: ./hasura | ||
build-frontend: | ||
name: Build Frontend Container Image | ||
runs-on: ubuntu-latest | ||
needs: [env, hasura-metadata] | ||
steps: | ||
- name: Set Up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: "Login to Registry: ${{needs.env.outputs.DOCKER_REGISTRY}}" | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ${{needs.env.outputs.DOCKER_REGISTRY}} | ||
username: _json_key | ||
password: ${{secrets.GCP_SA_KEY}} | ||
- name: "Build & Push Container Image: ${{needs.env.outputs.FRONTEND_TAG}}" | ||
uses: docker/build-push-action@v5 | ||
with: | ||
file: docker/frontend/Dockerfile | ||
tags: ${{needs.env.outputs.FRONTEND_TAG}} | ||
build-args: | | ||
TARGET=${{env.FRONTEND_TARGET}} | ||
APP_ENV=${{env.APP_ENV}} | ||
GRAPHQL_URL=${{needs.env.outputs.GRAPHQL_URL}} | ||
FRONTEND_URL=${{needs.env.outputs.FRONTEND_URL}} | ||
YOUTUBE_API_KEY=${{secrets.YOUTUBE_API_KEY}} | ||
IMGIX_TOKEN=${{secrets.IMGIX_TOKEN}} | ||
HONEYBADGER_API_KEY=${{secrets.HONEYBADGER_API_KEY}} | ||
GOOGLE_ANALYTICS_ID=${{secrets.GOOGLE_ANALYTICS_ID}} | ||
USERBACK_TOKEN=${{secrets.USERBACK_TOKEN}} | ||
WEB3_STORAGE_TOKEN=${{secrets.WEB3_STORAGE_TOKEN}} | ||
OPENSEA_API_KEY=${{secrets.OPENSEA_API_KEY}} | ||
GCAL_PRIVATE_KEY=${{secrets.GCAL_PRIVATE_KEY}} | ||
GCAL_CLIENT_EMAIL=${{secrets.GCAL_CLIENT_EMAIL}} | ||
GCAL_PROJECT_NUMBER=${{secrets.GCAL_PROJECT_NUMBER}} | ||
GCAL_CALENDAR_ID=${{secrets.GCAL_CALENDAR_ID}} | ||
WEB3_STORAGE_DID=${{secrets.WEB3_STORAGE_DID}} | ||
WEB3_STORAGE_PROOF=${{secrets.WEB3_STORAGE_PROOF}} | ||
WEB3_STORAGE_KEY=${{secrets.WEB3_STORAGE_KEY}} | ||
ALCHEMY_MAINNET=${{secrets.ALCHEMY_MAINNET}} | ||
ALCHEMY_OPTIMISM=${{secrets.ALCHEMY_OPTIMISM}} | ||
ALCHEMY_POLYGON=${{secrets.ALCHEMY_POLYGON}} | ||
ALCHEMY_API_KEY=${{secrets.ALCHEMY_API_KEY}} | ||
WALLET_CONNECT_V2_KEY=${{secrets.WALLET_CONNECT_V2_KEY}} | ||
push: true | ||
deploy-frontend: | ||
name: Deploy Frontend | ||
runs-on: ubuntu-latest | ||
needs: [env, build-frontend] | ||
steps: | ||
- name: Set Up gcloud CLI | ||
uses: google-github-actions/[email protected] | ||
with: | ||
project_id: ${{needs.env.outputs.PROJECT_ID}} | ||
service_account_key: ${{secrets.GCP_SA_KEY}} | ||
export_default_credentials: true | ||
- name: "Deploy Container Image: ${{needs.env.outputs.FRONTEND_SERVICE}}" | ||
run: | | ||
gcloud -q run deploy ${{needs.env.outputs.FRONTEND_SERVICE}} \ | ||
--image ${{needs.env.outputs.FRONTEND_TAG}} \ | ||
--region ${{needs.env.outputs.CLOUDRUN_REGION}} \ | ||
--port ${{needs.env.outputs.FRONTEND_PORT}} \ | ||
--cpu 1 \ | ||
--memory 1Gi \ | ||
--ingress all \ | ||
--min-instances 1 \ | ||
--allow-unauthenticated \ | ||
--set-env-vars GCAL_PRIVATE_KEY="${{secrets.GCAL_PRIVATE_KEY}}" \ | ||
--set-env-vars GCAL_PROJECT_NUMBER="${{secrets.GCAL_PROJECT_NUMBER}}" \ | ||
--set-env-vars GCAL_CLIENT_EMAIL="${{secrets.GCAL_CLIENT_EMAIL}}" \ | ||
--set-env-vars OPENSEA_API_KEY="${{secrets.OPENSEA_API_KEY}}" \ | ||
--set-env-vars NEXT_PUBLIC_GCAL_CALENDAR_ID="${{secrets.GCAL_CALENDAR_ID}}" \ | ||
--set-env-vars NEXT_PUBLIC_GOOGLE_ANALYTICS_ID="${{secrets.GOOGLE_ANALYTICS_ID}}" \ | ||
--set-env-vars NEXT_PUBLIC_YOUTUBE_API_KEY="${{secrets.YOUTUBE_API_KEY}}" \ | ||
--set-env-vars NEXT_PUBLIC_WEB3_STORAGE_DID="${{secrets.WEB3_STORAGE_DID}}" \ | ||
--set-env-vars NEXT_PUBLIC_WEB3_STORAGE_PROOF="${{secrets.WEB3_STORAGE_PROOF}}" \ | ||
--set-env-vars NEXT_PUBLIC_WEB3_STORAGE_KEY="${{secrets.WEB3_STORAGE_KEY}}" \ | ||
--set-env-vars NEXT_PUBLIC_ALCHEMY_MAINNET="${{secrets.ALCHEMY_MAINNET}}" \ | ||
--set-env-vars NEXT_PUBLIC_ALCHEMY_OPTIMISM="${{secrets.ALCHEMY_OPTIMISM}}" \ | ||
--set-env-vars NEXT_PUBLIC_ALCHEMY_POLYGON="${{secrets.ALCHEMY_POLYGON}}" \ | ||
--set-env-vars NEXT_PUBLIC_ALCHEMY_API_KEY="${{secrets.ALCHEMY_API_KEY}}" \ | ||
--set-env-vars NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID="${{secrets.WALLET_CONNECT_V2_KEY}}" \ | ||
finish-deployment: | ||
name: Finish Deployment | ||
runs-on: ubuntu-latest | ||
needs: [env, start-deployment, deploy-frontend] | ||
if: always() | ||
env: | ||
result: ${{needs.deploy-frontend.result}} | ||
steps: | ||
- name: Finish Deployment | ||
uses: bobheadxi/deployments@v1 | ||
with: | ||
step: finish | ||
token: ${{github.token}} | ||
env: ${{env.DEPLOYMENT_ENV}} | ||
env_url: ${{needs.env.outputs.FRONTEND_URL}} | ||
status: ${{env.result == 'skipped' && 'cancelled' || env.result}} | ||
deployment_id: ${{needs.start-deployment.outputs.deployment_id}} |