Merge pull request #233 from CodeForPhilly/archive-eligibility-checks #39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow uses devbox for dependency management and builds/deploys the builder API | |
| # to Cloud Run when a commit is pushed to the "main" branch. | |
| name: 'Build and Deploy Builder API to Cloud Run' | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'builder-api/**' | |
| - 'devbox.json' | |
| - 'devbox.lock' | |
| env: | |
| PROJECT_ID: 'benefit-decision-toolkit-play' | |
| REGION: 'us-central1' | |
| SERVICE: 'benefit-decision-toolkit-play' | |
| API_NAME: 'builder-api' | |
| WORKLOAD_IDENTITY_PROVIDER: 'projects/1034049717668/locations/global/workloadIdentityPools/github-actions-google-cloud/providers/github' | |
| jobs: | |
| deploy: | |
| runs-on: 'ubuntu-latest' | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - name: 'Checkout' | |
| uses: 'actions/checkout@v4' | |
| # Devbox needs a .env file to exist, even if it's empty | |
| # TODO: Make this useful in this and other workflows by just consolidating env vars | |
| # here (so that we don't need to manage multiple places) | |
| - name: 'Create .env file' | |
| run: touch .env | |
| # Setup devbox which includes all our dependencies: Maven, JDK 21, Quarkus, etc. | |
| - name: 'Install devbox' | |
| uses: 'jetify-com/[email protected]' | |
| with: | |
| enable-cache: true | |
| # Cache Maven dependencies to speed up builds | |
| - name: 'Cache Maven dependencies' | |
| uses: 'actions/cache@v4' | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('builder-api/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| # Configure Workload Identity Federation and generate an access token | |
| - id: 'auth' | |
| name: 'Authenticate to Google Cloud' | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| workload_identity_provider: '${{ env.WORKLOAD_IDENTITY_PROVIDER }}' | |
| service_account: cicd-build-deploy-api@benefit-decision-toolkit-play.iam.gserviceaccount.com | |
| project_id: ${{ env.PROJECT_ID }} | |
| # Configure Docker to use gcloud as a credential helper (using devbox gcloud) | |
| - name: 'Configure Docker' | |
| run: | | |
| devbox run -- gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev | |
| # Build the Quarkus app with Maven using devbox environment | |
| - name: 'Build Quarkus App' | |
| working-directory: builder-api | |
| run: | | |
| devbox run build-builder-api-ci | |
| - name: 'Build and Push Container' | |
| working-directory: builder-api | |
| run: |- | |
| DOCKER_TAG="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.API_NAME }}:latest" | |
| docker build -f src/main/docker/Dockerfile.jvm --tag "${DOCKER_TAG}" . | |
| docker push "${DOCKER_TAG}" | |
| - name: 'Deploy to Cloud Run' | |
| uses: 'google-github-actions/deploy-cloudrun@v2' | |
| with: | |
| service: '${{ env.API_NAME }}' | |
| region: '${{ env.REGION }}' | |
| image: '${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.API_NAME }}:latest' | |
| service_account: 'builder-api-service-account@${{ env.PROJECT_ID }}.iam.gserviceaccount.com' | |
| flags: '--allow-unauthenticated --max-instances=2' | |
| env_vars: | | |
| QUARKUS_GOOGLE_CLOUD_PROJECT_ID=${{ env.PROJECT_ID }} | |
| GCS_BUCKET_NAME=${{ env.PROJECT_ID }}.firebasestorage.app | |
| # If required, use the Cloud Run URL output in later steps | |
| - name: 'Show output' | |
| run: | | |
| echo ${{ steps.deploy.outputs.url }} |