|
1 | | -# This workflow build and push a Docker container to Google Artifact Registry |
2 | | -# and deploy it on Cloud Run when a commit is pushed to the "main" |
3 | | -# branch. |
4 | | -# |
5 | | -# To configure this workflow: |
6 | | -# |
7 | | -# 1. Enable the following Google Cloud APIs: |
8 | | -# |
9 | | -# - Artifact Registry (artifactregistry.googleapis.com) |
10 | | -# - Cloud Run (run.googleapis.com) |
11 | | -# - IAM Credentials API (iamcredentials.googleapis.com) |
12 | | -# |
13 | | -# You can learn more about enabling APIs at |
14 | | -# https://support.google.com/googleapi/answer/6158841. |
15 | | -# |
16 | | -# 2. Create and configure a Workload Identity Provider for GitHub: |
17 | | -# https://github.com/google-github-actions/auth#preferred-direct-workload-identity-federation. |
18 | | -# |
19 | | -# Depending on how you authenticate, you will need to grant an IAM principal |
20 | | -# permissions on Google Cloud: |
21 | | -# |
22 | | -# - Artifact Registry Administrator (roles/artifactregistry.admin) |
23 | | -# - Cloud Run Developer (roles/run.developer) |
24 | | -# |
25 | | -# You can learn more about setting IAM permissions at |
26 | | -# https://cloud.google.com/iam/docs/manage-access-other-resources |
27 | | -# |
28 | | -# 3. Change the values in the "env" block to match your values. |
29 | | - |
30 | | -name: 'Build and Deploy to Cloud Run' |
| 1 | +name: Deploy Angular App to Cloud Run |
31 | 2 |
|
32 | 3 | on: |
33 | 4 | push: |
34 | | - branches: |
35 | | - - 'main' |
| 5 | + branches: [ "main" ] |
36 | 6 |
|
37 | | -env: |
38 | | - PROJECT_ID: 'angularblogcloud-455518' |
39 | | - REGION: 'europe-central2' |
40 | | - WORKLOAD_IDENTITY_PROVIDER: 'projects/863451014992/locations/global/workloadIdentityPools/github' |
| 7 | +# Permissions for Workload Identity Federation |
| 8 | +permissions: |
| 9 | + contents: read |
| 10 | + id-token: write |
41 | 11 |
|
42 | 12 | jobs: |
43 | | - deploy: |
44 | | - runs-on: 'ubuntu-latest' |
45 | | - |
46 | | - permissions: |
47 | | - contents: 'read' |
48 | | - id-token: 'write' |
| 13 | + build-and-deploy: |
| 14 | + runs-on: ubuntu-latest |
49 | 15 |
|
50 | 16 | steps: |
51 | | - - name: 'Checkout' |
52 | | - uses: 'actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332' # actions/checkout@v4 |
53 | | - |
54 | | - # Configure Workload Identity Federation and generate an access token. |
55 | | - # |
56 | | - # See https://github.com/google-github-actions/auth for more options, |
57 | | - # including authenticating via a JSON credentials file. |
58 | | - - id: 'auth' |
59 | | - name: 'Authenticate to Google Cloud' |
60 | | - uses: 'google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2' # google-github-actions/auth@v2 |
61 | | - with: |
62 | | - workload_identity_provider: '${{ env.WORKLOAD_IDENTITY_PROVIDER }}' |
| 17 | + # 1) Check out your code |
| 18 | + - uses: actions/checkout@v4 |
63 | 19 |
|
64 | | - # BEGIN - Docker auth and build |
65 | | - # |
66 | | - # If you already have a container image, you can omit these steps. |
67 | | - - name: 'Docker Auth' |
68 | | - uses: 'docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567' # docker/login-action@v3 |
| 20 | + # 2) Authenticate to Google Cloud (Direct Workload Identity Federation) |
| 21 | + - name: Authenticate to Google Cloud |
| 22 | + id: auth |
| 23 | + uses: google-github-actions/auth@v2 |
69 | 24 | with: |
70 | | - username: 'oauth2accesstoken' |
71 | | - password: '${{ steps.auth.outputs.auth_token }}' |
72 | | - registry: '${{ env.REGION }}-docker.pkg.dev' |
| 25 | + project_id: "angularblogcloud-455518" |
| 26 | + workload_identity_provider: "projects/863451014992/locations/global/workloadIdentityPools/github/providers/my-repo" |
73 | 27 |
|
74 | | - - name: 'Build and Push Container' |
75 | | - run: |- |
76 | | - DOCKER_TAG="$${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }}" |
77 | | - docker build --tag "${DOCKER_TAG}" . |
78 | | - docker push "${DOCKER_TAG}" |
79 | | - - name: 'Deploy to Cloud Run' |
80 | | - |
81 | | - # END - Docker auth and build |
82 | | - |
83 | | - uses: 'google-github-actions/deploy-cloudrun@33553064113a37d688aa6937bacbdc481580be17' # google-github-actions/deploy-cloudrun@v2 |
| 28 | + # 3) (Optional) Install & configure gcloud CLI |
| 29 | + - name: Set up Cloud SDK |
| 30 | + uses: google-github-actions/setup-gcloud@v1 |
84 | 31 | with: |
85 | | - service: '${{ env.SERVICE }}' |
86 | | - region: '${{ env.REGION }}' |
87 | | - # NOTE: If using a pre-built image, update the image name below: |
88 | | - |
89 | | - image: '${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }}' |
90 | | - # If required, use the Cloud Run URL output in later steps |
91 | | - - name: 'Show output' |
92 | | - run: |2- |
93 | | -
|
94 | | - echo ${{ steps.deploy.outputs.url }} |
| 32 | + export_default_credentials: true |
| 33 | + |
| 34 | + # 4) Configure region & enable APIs |
| 35 | + - name: Configure gcloud |
| 36 | + run: | |
| 37 | + gcloud config set project ${{ steps.auth.outputs.project_id }} |
| 38 | + gcloud config set run/region europe-central2 |
| 39 | + gcloud services enable run.googleapis.com |
| 40 | + gcloud services enable cloudbuild.googleapis.com |
| 41 | +
|
| 42 | + # 5) Install dependencies |
| 43 | + - name: Install Node dependencies |
| 44 | + run: npm install |
| 45 | + |
| 46 | + # 6) Build Angular |
| 47 | + - name: Build Angular |
| 48 | + run: npm run build -- --configuration production |
| 49 | + |
| 50 | + # 7) Deploy to Cloud Run |
| 51 | + - name: Deploy to Cloud Run |
| 52 | + run: | |
| 53 | + gcloud run deploy angular-blog-service \ |
| 54 | + --source . \ |
| 55 | + --allow-unauthenticated |
0 commit comments