Skip to content

CD

CD #411

Workflow file for this run

name: CD
on:
release:
types: [ created ]
schedule:
- cron: '0 6 * * *'
workflow_dispatch:
env:
service_name: todo
concurrency:
group: "cd"
cancel-in-progress: false
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
pages: write
id-token: write
attestations: write
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
- name: Get latest release
id: setup-version
uses: hfhbd/actions/setup-version@main
with:
token: ${{ github.token }}
- uses: actions/checkout@v4
with:
ref: ${{ steps.setup-version.outputs.ref }}
- name: Login to GitHub Container Registry
run: echo "${{ github.token }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: projects/963273362268/locations/global/workloadIdentityPools/github-deployment/providers/github
service_account: github-todo@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
token_format: access_token
- name: Login to Google Container Registry
uses: docker/login-action@v3
with:
registry: europe-west4-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- uses: actions/configure-pages@v5
- uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 21
- uses: gradle/actions/setup-gradle@v4
- name: Push Docker Image to GitHub
run: ./gradlew :backend:jib -PjibImage=ghcr.io/hfhbd/composetodo:${{ steps.setup-version.outputs.version }} --no-configuration-cache
- name: Read GitHub Docker Digest
id: githubDockerDigest
run: echo "digest=$(cat backend/build/jib-image.digest)" >> "$GITHUB_OUTPUT"
- name: Attest
uses: actions/attest-build-provenance@v2
id: attestGitHub
with:
subject-name: ghcr.io/hfhbd/composetodo
subject-digest: ${{ steps.githubDockerDigest.outputs.digest }}
push-to-registry: true
- name: Push Docker Image to Google Container Registry
run: ./gradlew :backend:jib -PjibImage=europe-west4-docker.pkg.dev/${{ secrets.PROJECT_ID }}/composetodo-repo/${{ env.service_name }}:${{ steps.setup-version.outputs.version }} --no-configuration-cache
- name: Read Google Docker Digest
id: googleDockerDigest
run: echo "digest=$(cat backend/build/jib-image.digest)" >> "$GITHUB_OUTPUT"
# - name: Attest
# uses: actions/attest-build-provenance@v2
# id: attestGoogle
# with:
# subject-name: europe-west4-docker.pkg.dev/${{ secrets.PROJECT_ID }}/composetodo-repo/${{ env.service_name }}
# subject-digest: ${{ steps.googleDockerDigest.outputs.digest }}
# push-to-registry: true
- name: Assemble with Gradle
run: ./gradlew :web:jsBrowserDistribution
- uses: actions/upload-pages-artifact@v3
with:
path: web/build/dist/js/productionExecutable
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
googleRun:
needs: build
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- name: Get latest release
id: setup-version
uses: hfhbd/actions/setup-version@main
with:
token: ${{ github.token }}
- uses: actions/checkout@v4
with:
ref: ${{ steps.setup-version.outputs.full-tag }}
- id: auth
uses: google-github-actions/auth@v2
with:
project_id: ${{ secrets.PROJECT_ID }}
workload_identity_provider: projects/963273362268/locations/global/workloadIdentityPools/github-deployment/providers/github
service_account: github-todo@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
- name: Deploy to Cloud Run
id: deploy
uses: google-github-actions/deploy-cloudrun@v2
with:
service: ${{ env.service_name }}
region: europe-west4
image: europe-west4-docker.pkg.dev/${{ secrets.PROJECT_ID }}/composetodo-repo/${{ env.service_name }}:${{ steps.setup-version.outputs.version }}
env_vars: |-
keyID=${{ secrets.CK_KEYID }}
privateKey=${{ secrets.CK_KEY }}