feat: add automatic CI/CD pipeline with GitHub Actions for Cloud Run deployment

bokhtachekhawla · bokhtachekhawla · commit b86527496ff4 · 2025-10-19T21:02:10.000+01:00
diff --git a/.github/CICD_SETUP.md b/.github/CICD_SETUP.md
@@ -0,0 +1,164 @@
+# CI/CD Setup for GDG Docs
+
+## Overview
+This repository uses GitHub Actions for automatic deployment to Google Cloud Run. Every push to the `main` branch triggers a build, test, and deployment pipeline.
+
+## Pipeline Workflow
+
+### 1. Build and Test Job
+- ✅ Builds Docker image
+- ✅ Tests the container locally
+- ✅ Uploads image artifact for deployment
+
+### 2. Deploy Job (only on main branch)
+- ✅ Authenticates with Google Cloud
+- ✅ Pushes image to Google Container Registry (GCR)
+- ✅ Deploys to Cloud Run
+- ✅ Provides deployment summary with URLs
+
+## Setup Instructions
+
+### Prerequisites
+1. Google Cloud Project with Cloud Run API enabled
+2. Service account with necessary permissions
+3. GitHub repository with Actions enabled
+
+### Step 1: Create Google Cloud Service Account
+
+```bash
+# Set your project ID
+export PROJECT_ID="erudite-marker-465011-c6"
+
+# Create service account
+gcloud iam service-accounts create github-actions \
+  --display-name="GitHub Actions CI/CD" \
+  --project=$PROJECT_ID
+
+# Grant necessary permissions
+gcloud projects add-iam-policy-binding $PROJECT_ID \
+  --member="serviceAccount:github-actions@${PROJECT_ID}.iam.gserviceaccount.com" \
+  --role="roles/run.admin"
+
+gcloud projects add-iam-policy-binding $PROJECT_ID \
+  --member="serviceAccount:github-actions@${PROJECT_ID}.iam.gserviceaccount.com" \
+  --role="roles/storage.admin"
+
+gcloud projects add-iam-policy-binding $PROJECT_ID \
+  --member="serviceAccount:github-actions@${PROJECT_ID}.iam.gserviceaccount.com" \
+  --role="roles/iam.serviceAccountUser"
+
+# Create and download service account key
+gcloud iam service-accounts keys create github-actions-key.json \
+  --iam-account=github-actions@${PROJECT_ID}.iam.gserviceaccount.com
+```
+
+### Step 2: Add GitHub Secret
+
+1. Go to your GitHub repository settings
+2. Navigate to **Settings → Secrets and variables → Actions**
+3. Click **New repository secret**
+4. Name: `GCP_SA_KEY`
+5. Value: Paste the entire contents of `github-actions-key.json`
+6. Click **Add secret**
+
+**⚠️ Important:** Delete the `github-actions-key.json` file after adding it to GitHub:
+```bash
+rm github-actions-key.json
+```
+
+### Step 3: Verify Workflow File
+
+The workflow is already configured in `.github/workflows/ci.yml`. It will:
+- Trigger on every push to `main` branch
+- Build and test the Docker image
+- Deploy to Cloud Run (only on main branch pushes)
+
+### Step 4: Test the Pipeline
+
+1. Make a change to your repository
+2. Commit and push to `main` branch:
+   ```bash
+   git add .
+   git commit -m "Test CI/CD pipeline"
+   git push origin main
+   ```
+3. Go to **Actions** tab in GitHub to see the workflow running
+4. Once complete, check the deployment summary for the service URL
+
+## Environment Variables
+
+The following environment variables are set automatically:
+- `PROJECT_ID`: Your Google Cloud project ID
+- `SERVICE_NAME`: Cloud Run service name (gdg-docs)
+- `REGION`: Deployment region (us-central1)
+- `IMAGE_NAME`: Full GCR image path
+
+## Manual Deployment (Fallback)
+
+If you need to deploy manually, you can still use:
+
+```bash
+# Using gcloud CLI
+gcloud builds submit --config cloudbuild.yaml .
+
+# Or using the deploy script
+bash deploy.sh
+```
+
+## Monitoring Deployments
+
+### View Deployment History
+```bash
+gcloud run revisions list --service=gdg-docs --region=us-central1
+```
+
+### View Service Logs
+```bash
+gcloud run services logs read gdg-docs --region=us-central1
+```
+
+### Check Service Status
+```bash
+gcloud run services describe gdg-docs --region=us-central1
+```
+
+## Troubleshooting
+
+### Build Fails
+- Check Docker build locally: `docker build -t gdg-docs .`
+- Review Dockerfile for errors
+- Check GitHub Actions logs for detailed error messages
+
+### Authentication Fails
+- Verify `GCP_SA_KEY` secret is correctly set
+- Ensure service account has proper permissions
+- Check if APIs are enabled in Google Cloud
+
+### Deployment Fails
+- Verify Cloud Run API is enabled
+- Check service account permissions
+- Review Cloud Run logs: `gcloud run services logs read gdg-docs`
+
+### Container Doesn't Start
+- Test container locally: `docker run -p 8080:8080 gdg-docs`
+- Check port configuration (must be 8080)
+- Review container logs in Cloud Run console
+
+## URLs
+
+- **Cloud Run URL**: https://gdg-docs-426637717447.us-central1.run.app
+- **Custom Domain**: https://docs.gdgalgiers.dev
+- **GitHub Actions**: https://github.com/GDGAlgiers/gdg-docs/actions
+
+## Security Notes
+
+- ✅ Service account key is stored securely in GitHub Secrets
+- ✅ Only `main` branch deployments are automated
+- ✅ Pull requests are built and tested but not deployed
+- ✅ Service account has minimal required permissions
+
+## Additional Resources
+
+- [GitHub Actions Documentation](https://docs.github.com/en/actions)
+- [Google Cloud Run Documentation](https://cloud.google.com/run/docs)
+- [Docker Best Practices](https://docs.docker.com/develop/dev-best-practices/)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,24 +1,111 @@
-name: Build and Deploy
+name: Build and Deploy to Cloud Run
 
 on:
   push:
     branches: [ main ]
   pull_request:
     branches: [ main ]
 
+env:
+  PROJECT_ID: erudite-marker-465011-c6
+  SERVICE_NAME: gdg-docs
+  REGION: us-central1
+  IMAGE_NAME: gcr.io/erudite-marker-465011-c6/gdg-docs
+
 jobs:
-  build:
+  build-and-test:
     runs-on: ubuntu-latest
     
     steps:
-    - uses: actions/checkout@v4
+    - name: Checkout code
+      uses: actions/checkout@v4
     
     - name: Build Docker image
-      run: docker build -t gdg-docs:latest .
+      run: docker build -t ${{ env.IMAGE_NAME }}:${{ github.sha }} -t ${{ env.IMAGE_NAME }}:latest .
       
     - name: Test Docker image
       run: |
-        docker run -d --name test-container -p 8080:8080 gdg-docs:latest
-        sleep 10
+        docker run -d --name test-container -p 8080:8080 ${{ env.IMAGE_NAME }}:latest
+        sleep 15
         curl -f http://localhost:8080 || exit 1
-        docker stop test-container
+        docker stop test-container
+        docker rm test-container
+    
+    - name: Save image for deployment
+      if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+      run: docker save ${{ env.IMAGE_NAME }}:${{ github.sha }} > gdg-docs.tar
+    
+    - name: Upload image artifact
+      if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+      uses: actions/upload-artifact@v4
+      with:
+        name: docker-image
+        path: gdg-docs.tar
+        retention-days: 1
+
+  deploy:
+    needs: build-and-test
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    
+    permissions:
+      contents: read
+      id-token: write
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    
+    - name: Download image artifact
+      uses: actions/download-artifact@v4
+      with:
+        name: docker-image
+    
+    - name: Load Docker image
+      run: docker load < gdg-docs.tar
+    
+    - name: Authenticate to Google Cloud
+      uses: google-github-actions/auth@v2
+      with:
+        credentials_json: ${{ secrets.GCP_SA_KEY }}
+    
+    - name: Set up Cloud SDK
+      uses: google-github-actions/setup-gcloud@v2
+    
+    - name: Configure Docker for GCR
+      run: gcloud auth configure-docker
+    
+    - name: Push image to GCR
+      run: |
+        docker push ${{ env.IMAGE_NAME }}:${{ github.sha }}
+        docker push ${{ env.IMAGE_NAME }}:latest
+    
+    - name: Deploy to Cloud Run
+      run: |
+        gcloud run deploy ${{ env.SERVICE_NAME }} \
+          --image ${{ env.IMAGE_NAME }}:${{ github.sha }} \
+          --region ${{ env.REGION }} \
+          --platform managed \
+          --allow-unauthenticated \
+          --port 8080 \
+          --memory 512Mi \
+          --set-env-vars "ASTRO_SITE=https://docs.gdgalgiers.dev"
+    
+    - name: Get service URL
+      run: |
+        SERVICE_URL=$(gcloud run services describe ${{ env.SERVICE_NAME }} \
+          --region ${{ env.REGION }} \
+          --format 'value(status.url)')
+        echo "Service deployed to: $SERVICE_URL"
+        echo "SERVICE_URL=$SERVICE_URL" >> $GITHUB_ENV
+    
+    - name: Create deployment summary
+      run: |
+        echo "## 🚀 Deployment Successful!" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "**Service:** ${{ env.SERVICE_NAME }}" >> $GITHUB_STEP_SUMMARY
+        echo "**Region:** ${{ env.REGION }}" >> $GITHUB_STEP_SUMMARY
+        echo "**Image:** ${{ env.IMAGE_NAME }}:${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
+        echo "**URL:** ${{ env.SERVICE_URL }}" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "Custom domain: https://docs.gdgalgiers.dev" >> $GITHUB_STEP_SUMMARY
diff --git a/QUICK_CICD_SETUP.md b/QUICK_CICD_SETUP.md
@@ -0,0 +1,81 @@
+# Quick CI/CD Setup Guide
+
+## What You Need to Do
+
+### 1️⃣ Create Service Account Key
+
+Run these commands in Google Cloud Shell or your terminal:
+
+```bash
+# Set your project ID
+export PROJECT_ID="erudite-marker-465011-c6"
+
+# Create service account
+gcloud iam service-accounts create github-actions \
+  --display-name="GitHub Actions CI/CD" \
+  --project=$PROJECT_ID
+
+# Grant permissions
+gcloud projects add-iam-policy-binding $PROJECT_ID \
+  --member="serviceAccount:github-actions@${PROJECT_ID}.iam.gserviceaccount.com" \
+  --role="roles/run.admin"
+
+gcloud projects add-iam-policy-binding $PROJECT_ID \
+  --member="serviceAccount:github-actions@${PROJECT_ID}.iam.gserviceaccount.com" \
+  --role="roles/storage.admin"
+
+gcloud projects add-iam-policy-binding $PROJECT_ID \
+  --member="serviceAccount:github-actions@${PROJECT_ID}.iam.gserviceaccount.com" \
+  --role="roles/iam.serviceAccountUser"
+
+# Create key
+gcloud iam service-accounts keys create github-actions-key.json \
+  --iam-account=github-actions@${PROJECT_ID}.iam.gserviceaccount.com
+
+# Show the key (copy this entire output)
+cat github-actions-key.json
+```
+
+### 2️⃣ Add Secret to GitHub
+
+1. Go to: https://github.com/GDGAlgiers/gdg-docs/settings/secrets/actions
+2. Click **New repository secret**
+3. Name: `GCP_SA_KEY`
+4. Value: Paste the entire JSON from the previous step
+5. Click **Add secret**
+
+### 3️⃣ Test It!
+
+```bash
+# Make any small change
+echo "# CI/CD Test" >> README.md
+
+# Commit and push
+git add .
+git commit -m "test: trigger CI/CD pipeline"
+git push origin main
+```
+
+### 4️⃣ Watch It Deploy
+
+Go to: https://github.com/GDGAlgiers/gdg-docs/actions
+
+You'll see:
+- ✅ Build and test job running
+- ✅ Deploy job running (after tests pass)
+- ✅ Deployment summary with URLs
+
+## That's It! 🎉
+
+From now on, every push to `main` will automatically:
+1. Build your Docker image
+2. Test it
+3. Deploy to Cloud Run
+4. Show you the deployment URL
+
+## Cleanup
+
+After adding the key to GitHub, delete it locally:
+```bash
+rm github-actions-key.json
+```
