|
1 | | -# GitHub Actions workflow: |
2 | | -# Builds the repo’s Docker image with Cloud Build |
3 | | -# and deploys it as a new revision of the existing |
4 | | -# Cloud Run service “wasteassistant”. |
| 1 | +# GitHub Actions workflow |
| 2 | +# ────────────────────────────────────────────────────────────────────────── |
| 3 | +# • Builds the application with Cloud Build (Buildpacks, from source). |
| 4 | +# • Deploys the resulting container as a new revision of the existing |
| 5 | +# Cloud Run service “wasteassistant”. |
| 6 | +# • Passes runtime secrets (OpenAI key + Flask secret) via env-vars. |
| 7 | +# • Triggers on every push to main and via the manual “Run workflow” button. |
| 8 | +# ────────────────────────────────────────────────────────────────────────── |
5 | 9 |
|
6 | 10 | name: Build & Deploy to Cloud Run |
7 | 11 |
|
8 | | -# ─── Triggers ─────────────────────────────────────────────────────────── |
| 12 | +# ─── Triggers ──────────────────────────────────────────────────────────── |
9 | 13 | on: |
10 | | - push: # run on every push to main |
| 14 | + push: # automatic deploy on each push to main |
11 | 15 | branches: ["main"] |
12 | | - workflow_dispatch: # manual “Run workflow” button |
| 16 | + workflow_dispatch: # enable manual runs from the UI |
13 | 17 |
|
14 | | -# ─── Single job ──────────────────────────────────────────────────────── |
| 18 | +# ─── Job definition ────────────────────────────────────────────────────── |
15 | 19 | jobs: |
16 | 20 | build-and-deploy: |
17 | | - runs-on: ubuntu-latest # use the hosted GitHub runner |
| 21 | + runs-on: ubuntu-latest # GitHub-hosted runner |
18 | 22 |
|
19 | 23 | steps: |
20 | | - # 1️⃣ Check out the repository at this commit |
| 24 | + # 1️⃣ Check out repository contents at the current commit |
21 | 25 | - name: Checkout source |
22 | 26 | uses: actions/checkout@v4 |
23 | 27 |
|
24 | | - # 2️⃣ Authenticate the runner to GCP using the service-account key |
25 | | - # stored in the repository secret GCP_SA_KEY. |
| 28 | + # 2️⃣ Authenticate to Google Cloud using a service-account key |
| 29 | + # stored in the secret GCP_SA_KEY (JSON key with the required roles). |
26 | 30 | - name: Authenticate to Google Cloud |
27 | 31 | uses: google-github-actions/auth@v1 |
28 | 32 | with: |
29 | 33 | credentials_json: ${{ secrets.GCP_SA_KEY }} |
30 | 34 |
|
31 | | - # 3️⃣ Build the image from the repo root and deploy it |
32 | | - # Cloud Build is invoked under the hood by “source: .”. |
33 | | - # The env_vars section passes runtime secrets to the container. |
| 35 | + # 3️⃣ Build from source and deploy in a single command. |
| 36 | + # The Buildpacks flow (source: .) invokes Cloud Build automatically, |
| 37 | + # stores the image in Artifact Registry and creates a new revision. |
| 38 | + # env_vars injects the runtime secrets into the container. |
34 | 39 | - name: Deploy to Cloud Run |
35 | 40 | uses: google-github-actions/deploy-cloudrun@v2 |
36 | 41 | with: |
37 | | - service: wasteassistant # existing Cloud Run service |
38 | | - source: . # buildpacks build from repo root |
| 42 | + service: wasteassistant # existing Cloud Run service |
| 43 | + source: . # buildpacks build from repo root |
39 | 44 | project_id: ${{ secrets.GCP_PROJECT_ID }} |
40 | | - region: ${{ secrets.GCP_REGION }} |
41 | | - env_vars: | |
| 45 | + region: ${{ secrets.GCP_REGION }} |
| 46 | + env_vars: | # runtime secrets |
42 | 47 | api_key=${{ secrets.OPENAI_API_KEY }} |
43 | 48 | secret_key=${{ secrets.FLASK_SECRET }} |
44 | | - flags: --allow-unauthenticated # keep the public URL accessible |
| 49 | + flags: --allow-unauthenticated # keep the public URL open |
0 commit comments