actions: screener-api test1

Author: prestoncabe

.github/workflows/devbox-deploy-screener-api.yml

@@ -0,0 +1,86 @@
+# This workflow uses devbox for dependency management and builds/deploys the screener API
+# to Cloud Run when a commit is pushed to the "main" branch.
+
+name: 'Build and Deploy Screener API to Cloud Run'
+
+on:
+  push:
+    branches:
+      - 157-offline-dev
+    paths:
+      - 'screener-api/**'
+      - 'devbox.json'
+      - 'devbox.lock'
+
+env:
+  PROJECT_ID: 'benefit-decision-toolkit-play'
+  REGION: 'us-central1'
+  SERVICE: 'benefit-decision-toolkit-play'
+  API_NAME: 'screener-api'
+  WORKLOAD_IDENTITY_PROVIDER: 'projects/1034049717668/locations/global/workloadIdentityPools/github-actions-google-cloud/providers/github'
+
+jobs:
+  deploy:
+    runs-on: 'ubuntu-latest'
+
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+
+    steps:
+      - name: 'Checkout'
+        uses: 'actions/checkout@v4'
+
+      # Devbox needs a .env file to exist, even if it's empty
+      - name: 'Create .env file'
+        run: touch .env
+
+      # Setup devbox which includes all our dependencies: Maven, JDK 21, Quarkus, etc.
+      - name: 'Install devbox'
+        uses: 'jetify-com/[email protected]'
+        with:
+          enable-cache: true
+
+      # Configure Workload Identity Federation and generate an access token
+      - id: 'auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          workload_identity_provider: '${{ env.WORKLOAD_IDENTITY_PROVIDER }}'
+          service_account: cicd-build-deploy-api@benefit-decision-toolkit-play.iam.gserviceaccount.com
+          project_id: ${{ env.PROJECT_ID }}
+
+      # Configure Docker to use gcloud as a credential helper (using devbox gcloud)
+      - name: 'Configure Docker'
+        run: |
+          devbox run -- gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev
+
+      # Build the Quarkus app with Maven using devbox environment
+      - name: 'Build Quarkus App'
+        working-directory: screener-api
+        run: |
+          devbox run build-screener-api-ci
+
+      - name: 'Build and Push Container'
+        working-directory: screener-api
+        run: |-
+          DOCKER_TAG="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.API_NAME }}:latest"
+          docker build -f src/main/docker/Dockerfile.jvm --tag "${DOCKER_TAG}" .
+          docker push "${DOCKER_TAG}"
+
+      - name: 'Deploy to Cloud Run'
+        uses: 'google-github-actions/deploy-cloudrun@v2'
+        with:
+          service: '${{ env.API_NAME }}'
+          region: '${{ env.REGION }}'
+          image: '${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.API_NAME }}:latest'
+          service_account: 'screener-api-service-account@${{ env.PROJECT_ID }}.iam.gserviceaccount.com'
+          flags: '--allow-unauthenticated --max-instances=2'
+          env_vars: |
+            QUARKUS_GOOGLE_CLOUD_PROJECT_ID=${{ env.PROJECT_ID }}
+            GCS_BUCKET_NAME=${{ env.PROJECT_ID }}.firebasestorage.app
+
+      # If required, use the Cloud Run URL output in later steps
+      - name: 'Show output'
+        run: |
+          echo ${{ steps.deploy.outputs.url }}

devbox.json

@@ -29,6 +29,10 @@
       "build-builder-frontend-ci": [
         "cd builder-frontend",
         "npm run build"
+      ],
+      "build-screener-api-ci": [
+        "cd screener-api",
+        "quarkus build --no-tests"
       ]
     }
   }