chore: minor changes #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD - Deploy to Dev | |
| on: | |
| push: | |
| branches: [main] | |
| workflow_dispatch: | |
| concurrency: | |
| group: cd-dev | |
| cancel-in-progress: false # block cancel during deploy | |
| env: | |
| PROJECT_ID: drone-fleet-optimizer-dev | |
| REGION: europe-west1 | |
| REGISTRY: europe-west1-docker.pkg.dev | |
| IMAGE_BASE: europe-west1-docker.pkg.dev/drone-fleet-optimizer-dev/drone-fleet | |
| ENVIRONMENT: dev | |
| # Terraform-specific variables | |
| FIRESTORE_LOCATION: eur3 | |
| BUDGET_AMOUNT: 5 | |
| jobs: | |
| # detect changes from services | |
| changes: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: read | |
| outputs: | |
| ingestion: ${{ steps.filter.outputs.ingestion }} | |
| state-manager: ${{ steps.filter.outputs.state-manager }} | |
| optimizer: ${{ steps.filter.outputs.optimizer }} | |
| visualizer: ${{ steps.filter.outputs.visualizer }} | |
| simulator: ${{ steps.filter.outputs.simulator }} | |
| seed-firestore: ${{ steps.filter.outputs.seed-firestore }} | |
| terraform: ${{ steps.filter.outputs.terraform }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| ingestion: | |
| - 'services/ingestion/**' | |
| - 'shared/python/**' | |
| - 'libs/python/**' | |
| - 'configs/**' | |
| - 'pyproject.toml' | |
| - 'uv.lock' | |
| state-manager: | |
| - 'services/state_manager/**' | |
| - 'shared/java/**' | |
| - 'libs/java/**' | |
| - 'build.gradle' | |
| - 'settings.gradle' | |
| optimizer: | |
| - 'services/path_optimizer/**' | |
| - 'shared/python/**' | |
| - 'libs/python/**' | |
| - 'configs/**' | |
| - 'pyproject.toml' | |
| - 'uv.lock' | |
| visualizer: | |
| - 'services/visualizer/**' | |
| - 'shared/ts/**' | |
| - 'libs/ts/**' | |
| - 'biome.json' | |
| - 'package.json' | |
| - 'bun.lock' | |
| terraform: | |
| - 'infra/terraform/**' | |
| simulator: | |
| - 'services/simulators/**' | |
| - 'shared/python/**' | |
| - 'libs/python/**' | |
| - 'configs/**' | |
| - 'pyproject.toml' | |
| - 'uv.lock' | |
| seed-firestore: | |
| - 'infra/local/scripts/seed_firestore.py' | |
| - 'infra/scripts/Dockerfile.seed' | |
| - 'pyproject.toml' | |
| - 'uv.lock' | |
| # terraform apply if infra changed | |
| terraform: | |
| needs: changes | |
| if: needs.changes.outputs.terraform == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: jdx/mise-action@v3 | |
| with: | |
| experimental: true | |
| cache: true | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.WIF_PROVIDER_DEV }} | |
| service_account: ${{ secrets.WIF_SERVICE_ACCOUNT_DEV }} | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: "1.9.0" | |
| - name: Terraform Init | |
| working-directory: infra/terraform/environments/dev | |
| run: terraform init | |
| - name: Terraform Plan | |
| working-directory: infra/terraform/environments/dev | |
| run: | | |
| BILLING_ARGS="" | |
| if [ -n "${{ secrets.BILLING_ACCOUNT_DEV }}" ]; then | |
| BILLING_ARGS="-var=billing_account=${{ secrets.BILLING_ACCOUNT_DEV }}" | |
| fi | |
| terraform plan \ | |
| -var="project_id=${{ env.PROJECT_ID }}" \ | |
| -var="environment=dev" \ | |
| -var="firestore_location=${{ env.FIRESTORE_LOCATION }}" \ | |
| -var="budget_amount=${{ env.BUDGET_AMOUNT }}" \ | |
| $BILLING_ARGS \ | |
| -out=tfplan | |
| - name: Terraform Apply | |
| working-directory: infra/terraform/environments/dev | |
| run: terraform apply -auto-approve tfplan | |
| # deploy ingestion API (Cloud Run Service) | |
| deploy-ingestion: | |
| needs: [changes, terraform] | |
| if: ${{ !failure() && !cancelled() && needs.changes.outputs.ingestion == 'true' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.WIF_PROVIDER_DEV }} | |
| service_account: ${{ secrets.WIF_SERVICE_ACCOUNT_DEV }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Configure Docker for Artifact Registry | |
| run: gcloud auth configure-docker ${{ env.REGISTRY }} --quiet | |
| - name: Build and push Docker image | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::7}" | |
| IMAGE="${{ env.IMAGE_BASE }}/ingestion" | |
| docker build \ | |
| -f services/ingestion/Dockerfile \ | |
| --build-arg ENVIRONMENT=dev \ | |
| -t "$IMAGE:$SHORT_SHA" \ | |
| -t "$IMAGE:latest" \ | |
| . | |
| docker push "$IMAGE:$SHORT_SHA" | |
| docker push "$IMAGE:latest" | |
| - name: Deploy to Cloud Run | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::7}" | |
| gcloud run deploy ingestion \ | |
| --image "${{ env.IMAGE_BASE }}/ingestion:$SHORT_SHA" \ | |
| --region ${{ env.REGION }} \ | |
| --platform managed \ | |
| --service-account "ingestion@${{ env.PROJECT_ID }}.iam.gserviceaccount.com" \ | |
| --set-env-vars "ENVIRONMENT=dev,PROJECT_ID=${{ env.PROJECT_ID }}" \ | |
| --min-instances 0 \ | |
| --max-instances 2 \ | |
| --memory 512Mi \ | |
| --cpu 1 \ | |
| --allow-unauthenticated \ | |
| --quiet | |
| - name: Output service URL | |
| run: | | |
| URL=$(gcloud run services describe ingestion \ | |
| --region ${{ env.REGION }} \ | |
| --format 'value(status.url)') | |
| echo "### Ingestion API" >> "$GITHUB_STEP_SUMMARY" | |
| echo "Deployed to: $URL" >> "$GITHUB_STEP_SUMMARY" | |
| deploy-state-manager: | |
| needs: [changes, terraform] | |
| if: ${{ !failure() && !cancelled() && needs.changes.outputs.state-manager == 'true' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.WIF_PROVIDER_DEV }} | |
| service_account: ${{ secrets.WIF_SERVICE_ACCOUNT_DEV }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Configure Docker for Artifact Registry | |
| run: gcloud auth configure-docker ${{ env.REGISTRY }} --quiet | |
| - name: Build and push Docker image | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::7}" | |
| IMAGE="${{ env.IMAGE_BASE }}/state-manager" | |
| docker build \ | |
| -f services/state_manager/Dockerfile \ | |
| -t "$IMAGE:$SHORT_SHA" \ | |
| -t "$IMAGE:latest" \ | |
| . | |
| docker push "$IMAGE:$SHORT_SHA" | |
| docker push "$IMAGE:latest" | |
| # always on service => min-instances 1 (0 for cold start) | |
| - name: Deploy to Cloud Run | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::7}" | |
| gcloud run deploy state-manager \ | |
| --image "${{ env.IMAGE_BASE }}/state-manager:$SHORT_SHA" \ | |
| --region ${{ env.REGION }} \ | |
| --platform managed \ | |
| --service-account "state-manager@${{ env.PROJECT_ID }}.iam.gserviceaccount.com" \ | |
| --set-env-vars "ENVIRONMENT=dev,PROJECT_ID=${{ env.PROJECT_ID }},SPRING_PROFILES_ACTIVE=dev" \ | |
| --min-instances 1 \ | |
| --max-instances 3 \ | |
| --memory 1Gi \ | |
| --cpu 2 \ | |
| --no-allow-unauthenticated \ | |
| --quiet | |
| - name: Output service URL | |
| run: | | |
| URL=$(gcloud run services describe state-manager \ | |
| --region ${{ env.REGION }} \ | |
| --format 'value(status.url)') | |
| echo "### State Manager" >> "$GITHUB_STEP_SUMMARY" | |
| echo "Deployed to: $URL" >> "$GITHUB_STEP_SUMMARY" | |
| deploy-optimizer: | |
| needs: [changes, terraform] | |
| if: ${{ !failure() && !cancelled() && needs.changes.outputs.optimizer == 'true' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.WIF_PROVIDER_DEV }} | |
| service_account: ${{ secrets.WIF_SERVICE_ACCOUNT_DEV }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Configure Docker for Artifact Registry | |
| run: gcloud auth configure-docker ${{ env.REGISTRY }} --quiet | |
| - name: Build and push Docker image | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::7}" | |
| IMAGE="${{ env.IMAGE_BASE }}/path-optimizer" | |
| docker build \ | |
| -f services/path_optimizer/Dockerfile \ | |
| --build-arg ENVIRONMENT=dev \ | |
| -t "$IMAGE:$SHORT_SHA" \ | |
| -t "$IMAGE:latest" \ | |
| . | |
| docker push "$IMAGE:$SHORT_SHA" | |
| docker push "$IMAGE:latest" | |
| - name: Get State Manager URL | |
| id: state-manager | |
| run: | | |
| URL=$(gcloud run services describe state-manager \ | |
| --region ${{ env.REGION }} \ | |
| --format 'value(status.url)' 2>/dev/null || echo "") | |
| if [ -z "$URL" ]; then | |
| echo "::warning::State Manager not deployed yet, using placeholder URL" | |
| URL="https://state-manager-placeholder.run.app" | |
| fi | |
| echo "url=$URL" >> "$GITHUB_OUTPUT" | |
| - name: Deploy Cloud Run Job | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::7}" | |
| # Create or update the Cloud Run Job | |
| gcloud run jobs deploy path-optimizer \ | |
| --image "${{ env.IMAGE_BASE }}/path-optimizer:$SHORT_SHA" \ | |
| --region ${{ env.REGION }} \ | |
| --service-account "optimizer@${{ env.PROJECT_ID }}.iam.gserviceaccount.com" \ | |
| --set-env-vars "ENVIRONMENT=dev,PROJECT_ID=${{ env.PROJECT_ID }},STATE_MANAGER_URL=${{ steps.state-manager.outputs.url }}" \ | |
| --memory 2Gi \ | |
| --cpu 2 \ | |
| --task-timeout 300s \ | |
| --max-retries 1 \ | |
| --quiet | |
| echo "### Path Optimizer" >> "$GITHUB_STEP_SUMMARY" | |
| echo "Cloud Run Job \`path-optimizer\` updated (image: \`$SHORT_SHA\`)" >> "$GITHUB_STEP_SUMMARY" | |
| echo "State Manager URL: \`${{ steps.state-manager.outputs.url }}\`" >> "$GITHUB_STEP_SUMMARY" | |
| deploy-visualizer: | |
| needs: [changes, terraform] | |
| if: ${{ !failure() && !cancelled() && needs.changes.outputs.visualizer == 'true' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.WIF_PROVIDER_DEV }} | |
| service_account: ${{ secrets.WIF_SERVICE_ACCOUNT_DEV }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Configure Docker for Artifact Registry | |
| run: gcloud auth configure-docker ${{ env.REGISTRY }} --quiet | |
| - name: Build and push Docker image | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::7}" | |
| IMAGE="${{ env.IMAGE_BASE }}/visualizer" | |
| docker build \ | |
| -f services/visualizer/Dockerfile \ | |
| -t "$IMAGE:$SHORT_SHA" \ | |
| -t "$IMAGE:latest" \ | |
| . | |
| docker push "$IMAGE:$SHORT_SHA" | |
| docker push "$IMAGE:latest" | |
| - name: Deploy to Cloud Run | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::7}" | |
| gcloud run deploy visualizer \ | |
| --image "${{ env.IMAGE_BASE }}/visualizer:$SHORT_SHA" \ | |
| --region ${{ env.REGION }} \ | |
| --platform managed \ | |
| --service-account "visualizer@${{ env.PROJECT_ID }}.iam.gserviceaccount.com" \ | |
| --set-env-vars "PROJECT_ID=${{ env.PROJECT_ID }},NODE_ENV=production,PUBSUB_SUBSCRIPTION=telemetry-sub" \ | |
| --min-instances 0 \ | |
| --max-instances 2 \ | |
| --memory 512Mi \ | |
| --cpu 1 \ | |
| --allow-unauthenticated \ | |
| --quiet | |
| - name: Output service URL | |
| run: | | |
| URL=$(gcloud run services describe visualizer \ | |
| --region ${{ env.REGION }} \ | |
| --format 'value(status.url)') | |
| echo "### Visualizer" >> "$GITHUB_STEP_SUMMARY" | |
| echo "Deployed to: $URL" >> "$GITHUB_STEP_SUMMARY" | |
| deploy-simulator: | |
| needs: [changes, terraform] | |
| if: ${{ !failure() && !cancelled() && needs.changes.outputs.simulator == 'true' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.WIF_PROVIDER_DEV }} | |
| service_account: ${{ secrets.WIF_SERVICE_ACCOUNT_DEV }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Configure Docker for Artifact Registry | |
| run: gcloud auth configure-docker ${{ env.REGISTRY }} --quiet | |
| - name: Build and push Docker image | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::7}" | |
| IMAGE="${{ env.IMAGE_BASE }}/simulator" | |
| docker build \ | |
| -f services/simulators/Dockerfile \ | |
| --build-arg ENVIRONMENT=dev \ | |
| -t "$IMAGE:$SHORT_SHA" \ | |
| -t "$IMAGE:latest" \ | |
| . | |
| docker push "$IMAGE:$SHORT_SHA" | |
| docker push "$IMAGE:latest" | |
| - name: Get Ingestion URL | |
| id: ingestion | |
| run: | | |
| URL=$(gcloud run services describe ingestion \ | |
| --region ${{ env.REGION }} \ | |
| --format 'value(status.url)' 2>/dev/null || echo "") | |
| if [ -z "$URL" ]; then | |
| echo "::warning::Ingestion not deployed yet, using placeholder URL" | |
| URL="https://ingestion-placeholder.run.app" | |
| fi | |
| echo "url=$URL" >> "$GITHUB_OUTPUT" | |
| - name: Deploy Cloud Run Job | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::7}" | |
| gcloud run jobs deploy simulator \ | |
| --image "${{ env.IMAGE_BASE }}/simulator:$SHORT_SHA" \ | |
| --region ${{ env.REGION }} \ | |
| --service-account "simulator@${{ env.PROJECT_ID }}.iam.gserviceaccount.com" \ | |
| --set-env-vars "ENVIRONMENT=dev,SIMULATION_DURATION_SECONDS=300,INGESTION_API_URL=${{ steps.ingestion.outputs.url }}" \ | |
| --memory 512Mi \ | |
| --cpu 1 \ | |
| --task-timeout 600s \ | |
| --max-retries 0 \ | |
| --quiet | |
| echo "### Simulator" >> "$GITHUB_STEP_SUMMARY" | |
| echo "Cloud Run Job \`simulator\` updated (image: \`$SHORT_SHA\`)" >> "$GITHUB_STEP_SUMMARY" | |
| echo "Ingestion URL: \`${{ steps.ingestion.outputs.url }}\`" >> "$GITHUB_STEP_SUMMARY" | |
| deploy-seed-firestore: | |
| needs: [changes, terraform] | |
| if: ${{ !failure() && !cancelled() && needs.changes.outputs.seed-firestore == 'true' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.WIF_PROVIDER_DEV }} | |
| service_account: ${{ secrets.WIF_SERVICE_ACCOUNT_DEV }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Configure Docker for Artifact Registry | |
| run: gcloud auth configure-docker ${{ env.REGISTRY }} --quiet | |
| - name: Build and push Docker image | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::7}" | |
| IMAGE="${{ env.IMAGE_BASE }}/seed-firestore" | |
| docker build \ | |
| -f infra/scripts/Dockerfile.seed \ | |
| -t "$IMAGE:$SHORT_SHA" \ | |
| -t "$IMAGE:latest" \ | |
| . | |
| docker push "$IMAGE:$SHORT_SHA" | |
| docker push "$IMAGE:latest" | |
| - name: Deploy Cloud Run Job | |
| run: | | |
| SHORT_SHA="${GITHUB_SHA::7}" | |
| gcloud run jobs deploy seed-firestore \ | |
| --image "${{ env.IMAGE_BASE }}/seed-firestore:$SHORT_SHA" \ | |
| --region ${{ env.REGION }} \ | |
| --service-account "seed-firestore@${{ env.PROJECT_ID }}.iam.gserviceaccount.com" \ | |
| --set-env-vars "PROJECT_ID=${{ env.PROJECT_ID }},DATASET_SIZE=large" \ | |
| --memory 512Mi \ | |
| --cpu 1 \ | |
| --task-timeout 120s \ | |
| --max-retries 0 \ | |
| --quiet | |
| echo "### Seed Firestore" >> "$GITHUB_STEP_SUMMARY" | |
| echo "Cloud Run Job \`seed-firestore\` updated (image: \`$SHORT_SHA\`)" >> "$GITHUB_STEP_SUMMARY" |