chore: prod settings #116
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Test | |
on: | |
push: | |
branches: | |
- main | |
- dev | |
pull_request: | |
branches: | |
- main | |
- dev | |
concurrency: | |
group: "${{ github.head_ref || github.ref }}" | |
cancel-in-progress: true | |
jobs: | |
test: | |
name: Setup and Test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.11" | |
cache: pip | |
cache-dependency-path: setup.py | |
- name: Install libkrb5 for Kerberos on Linux | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libkrb5-dev | |
- name: Install module | |
run: pip install .[tests] | |
- name: Test with pytest | |
run: pytest | |
deploy-dev: | |
name: Deploy to Cloud Run (dev) | |
needs: test | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/dev' | |
environment: | |
name: dev | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: ⬇️ Checkout code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: 🗝️ Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: ${{ secrets.IDENTITY_PROVIDER }} | |
service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }} | |
token_format: "access_token" | |
- name: 🐳 Set up Docker Buildx | |
id: builder | |
uses: docker/setup-buildx-action@v3 | |
- name: 🗝️ Authenticate Docker to Google Cloud | |
uses: docker/login-action@v3 | |
with: | |
registry: us-central1-docker.pkg.dev | |
username: oauth2accesstoken | |
password: ${{ steps.auth.outputs.access_token }} | |
- name: 🏷️ Extract tags from GitHub | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
images: us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job | |
tags: | | |
type=ref,suffix=-{{sha}},event=branch | |
type=ref,prefix=pr-,suffix=-{{sha}},event=pr | |
type=semver,pattern={{version}} | |
latest | |
- name: 📦 Build and push image | |
uses: docker/build-push-action@v6 | |
with: | |
builder: ${{ steps.builder.outputs.name }} | |
tags: ${{ steps.meta.outputs.tags }} | |
context: . | |
file: ./Dockerfile | |
push: true | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
provenance: false | |
- name: ☁️ Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@v2 | |
- name: 🚀 Deploy to Cloud Run Job | |
run: | | |
if [ ! "$(gcloud run jobs list | grep default)" ]; then | |
gcloud run jobs create default \ | |
--region us-central1 \ | |
--image us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job:latest \ | |
--service-account cloud-run-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com \ | |
--memory=3Gi \ | |
--cpu=1 \ | |
--max-retries 0 \ | |
--parallelism 0 \ | |
--set-secrets=/secrets/app/secrets.json=skid-secrets:latest \ | |
--task-timeout 3h | |
else | |
gcloud run jobs update default \ | |
--region us-central1 \ | |
--image us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job:latest \ | |
--service-account cloud-run-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com \ | |
--memory=3Gi \ | |
--cpu=1 \ | |
--max-retries 0 \ | |
--parallelism 0 \ | |
--set-secrets=/secrets/app/secrets.json=skid-secrets:latest \ | |
--task-timeout 3h | |
fi | |
- name: 🕰️ Create Cloud Scheduler | |
run: | | |
if [ ! "$(gcloud scheduler jobs list --location=us-central1 | grep saturday-evening)" ]; then | |
gcloud scheduler jobs create http saturday-evening \ | |
--description="Trigger the nfhl-skid bot once a week on saturday evening" \ | |
--schedule="0 3 * * 6" \ | |
--time-zone=America/Denver \ | |
--location=us-central1 \ | |
--uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ secrets.PROJECT_ID }}/jobs/default:run" \ | |
--oauth-service-account-email=scheduler-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com | |
else | |
gcloud scheduler jobs update http saturday-evening \ | |
--description="Trigger the nfhl-skid bot once a week on saturday evening" \ | |
--schedule="0 3 * * 6" \ | |
--time-zone=America/Denver \ | |
--location=us-central1 \ | |
--uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ secrets.PROJECT_ID }}/jobs/default:run" \ | |
--oauth-service-account-email=scheduler-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com | |
fi | |
deploy-prod: | |
name: Deploy to Cloud Run (prod) | |
needs: test | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/main' | |
environment: | |
name: prod | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: ⬇️ Checkout code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: 🗝️ Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@v2 | |
with: | |
workload_identity_provider: ${{ secrets.IDENTITY_PROVIDER }} | |
service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }} | |
token_format: "access_token" | |
- name: 🐳 Set up Docker Buildx | |
id: builder | |
uses: docker/setup-buildx-action@v3 | |
- name: 🗝️ Authenticate Docker to Google Cloud | |
uses: docker/login-action@v3 | |
with: | |
registry: us-central1-docker.pkg.dev | |
username: oauth2accesstoken | |
password: ${{ steps.auth.outputs.access_token }} | |
- name: 🏷️ Extract tags from GitHub | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
images: us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job | |
tags: | | |
type=ref,suffix=-{{sha}},event=branch | |
type=ref,prefix=pr-,suffix=-{{sha}},event=pr | |
type=semver,pattern={{version}} | |
latest | |
- name: 📦 Build and push image | |
uses: docker/build-push-action@v6 | |
with: | |
builder: ${{ steps.builder.outputs.name }} | |
tags: ${{ steps.meta.outputs.tags }} | |
context: . | |
file: ./Dockerfile | |
push: true | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
provenance: false | |
- name: ☁️ Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@v2 | |
- name: 🚀 Deploy to Cloud Run Job | |
run: | | |
if [ ! "$(gcloud run jobs list | grep default)" ]; then | |
gcloud run jobs create default \ | |
--region us-central1 \ | |
--image us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job:latest \ | |
--service-account cloud-run-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com \ | |
--memory=3Gi \ | |
--cpu=1 \ | |
--max-retries 0 \ | |
--parallelism 0 \ | |
--set-secrets=/secrets/app/secrets.json=skid-secrets:latest \ | |
--task-timeout 3h | |
else | |
gcloud run jobs update default \ | |
--region us-central1 \ | |
--image us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job:latest \ | |
--service-account cloud-run-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com \ | |
--memory=3Gi \ | |
--cpu=1 \ | |
--max-retries 0 \ | |
--parallelism 0 \ | |
--set-secrets=/secrets/app/secrets.json=skid-secrets:latest \ | |
--task-timeout 3h | |
fi | |
- name: 🕰️ Create Cloud Scheduler | |
run: | | |
if [ ! "$(gcloud scheduler jobs list --location=us-central1 | grep saturday-evening)" ]; then | |
gcloud scheduler jobs create http saturday-evening \ | |
--description="Trigger the nfhl-skid bot once a week on saturday evening" \ | |
--schedule="0 3 * * 6" \ | |
--time-zone=America/Denver \ | |
--location=us-central1 \ | |
--uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ secrets.PROJECT_ID }}/jobs/default:run" \ | |
--oauth-service-account-email=scheduler-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com | |
else | |
gcloud scheduler jobs update http saturday-evening \ | |
--description="Trigger the nfhl-skid bot once a week on saturday evening" \ | |
--schedule="0 3 * * 6" \ | |
--time-zone=America/Denver \ | |
--location=us-central1 \ | |
--uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ secrets.PROJECT_ID }}/jobs/default:run" \ | |
--oauth-service-account-email=scheduler-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com | |
fi |