-
Notifications
You must be signed in to change notification settings - Fork 0
118 lines (92 loc) · 3.62 KB
/
deploy.yml
File metadata and controls
118 lines (92 loc) · 3.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: Deploy to GCP Compute Engine
on:
push:
branches: [ "main" ]
workflow_dispatch:
permissions:
contents: read
id-token: write
jobs:
deploy:
name: Build and Deploy
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./manabom
env:
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
GCP_REGION: ${{ secrets.GCP_REGION }}
GCP_ZONE: ${{ secrets.GCP_ZONE }}
ARTIFACT_REPOSITORY: ${{ secrets.GCP_ARTIFACT_REPOSITORY }}
steps:
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: "17"
distribution: temurin
cache: gradle
- name: Build with Gradle
run: |
chmod +x gradlew
./gradlew build -x test --no-daemon
- name: Generate Image Tag
run: echo "IMAGE_TAG=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v3
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- name: Set up gcloud
uses: google-github-actions/setup-gcloud@v3
- name: Configure Docker for Artifact Registry
run: gcloud auth configure-docker $GCP_REGION-docker.pkg.dev --quiet
- name: Build and Push Image
run: |
IMAGE_URI="$GCP_REGION-docker.pkg.dev/$GCP_PROJECT_ID/$ARTIFACT_REPOSITORY/mannabom-server"
echo "IMAGE_URI=$IMAGE_URI" >> $GITHUB_ENV
docker build -t "$IMAGE_URI:${IMAGE_TAG}" -t "$IMAGE_URI:latest" .
docker push "$IMAGE_URI:${IMAGE_TAG}"
docker push "$IMAGE_URI:latest"
- name: Prepare VM Deploy Directory
run: |
gcloud compute ssh ${{ secrets.GCP_VM_USER }}@${{ secrets.GCP_VM_NAME }} \
--zone=${{ secrets.GCP_ZONE }} \
--quiet \
--command='mkdir -p ~/manabom'
- name: Copy Docker Compose file to VM
run: |
gcloud compute scp docker-compose.prod.yml \
${{ secrets.GCP_VM_USER }}@${{ secrets.GCP_VM_NAME }}:/home/${{ secrets.GCP_VM_USER }}/manabom/docker-compose.prod.yml \
--zone=${{ secrets.GCP_ZONE }} \
--quiet
- name: Deploy to VM
env:
ENV_FILE_BASE64: ${{ secrets.ENV_FILE_BASE64 }}
run: |
trap 'rm -f .env' EXIT
IMAGE_URI="$GCP_REGION-docker.pkg.dev/$GCP_PROJECT_ID/$ARTIFACT_REPOSITORY/mannabom-server"
IMAGE_TAG="${IMAGE_TAG:-$(git rev-parse --short HEAD)}"
test -n "$IMAGE_URI"
test -n "$IMAGE_TAG"
printf "%s" "$ENV_FILE_BASE64" | base64 -d > .env
sed -i '/^IMAGE_URI=/d;/^IMAGE_TAG=/d' .env
gcloud compute scp .env \
${{ secrets.GCP_VM_USER }}@${{ secrets.GCP_VM_NAME }}:/home/${{ secrets.GCP_VM_USER }}/manabom/.env \
--zone=${{ secrets.GCP_ZONE }} \
--quiet
gcloud compute ssh ${{ secrets.GCP_VM_USER }}@${{ secrets.GCP_VM_NAME }} \
--zone=${{ secrets.GCP_ZONE }} \
--quiet \
--command="
set -e
mkdir -p ~/manabom
cd ~/manabom
export IMAGE_URI='$IMAGE_URI'
export IMAGE_TAG='$IMAGE_TAG'
gcloud auth configure-docker ${{ secrets.GCP_REGION }}-docker.pkg.dev --quiet
docker-compose -f docker-compose.prod.yml pull
docker-compose -f docker-compose.prod.yml up -d --remove-orphans
docker image prune -f
"