|
1 | | -name: Deploy Angular App to Cloud Run |
| 1 | +# This workflow build and push a Docker container to Google Artifact Registry |
| 2 | +# and deploy it on Cloud Run when a commit is pushed to the "main" |
| 3 | +# branch. |
| 4 | +# |
| 5 | +# To configure this workflow: |
| 6 | +# |
| 7 | +# 1. Enable the following Google Cloud APIs: |
| 8 | +# |
| 9 | +# - Artifact Registry (artifactregistry.googleapis.com) |
| 10 | +# - Cloud Run (run.googleapis.com) |
| 11 | +# - IAM Credentials API (iamcredentials.googleapis.com) |
| 12 | +# |
| 13 | +# You can learn more about enabling APIs at |
| 14 | +# https://support.google.com/googleapi/answer/6158841. |
| 15 | +# |
| 16 | +# 2. Create and configure a Workload Identity Provider for GitHub: |
| 17 | +# https://github.com/google-github-actions/auth#preferred-direct-workload-identity-federation. |
| 18 | +# |
| 19 | +# Depending on how you authenticate, you will need to grant an IAM principal |
| 20 | +# permissions on Google Cloud: |
| 21 | +# |
| 22 | +# - Artifact Registry Administrator (roles/artifactregistry.admin) |
| 23 | +# - Cloud Run Developer (roles/run.developer) |
| 24 | +# |
| 25 | +# You can learn more about setting IAM permissions at |
| 26 | +# https://cloud.google.com/iam/docs/manage-access-other-resources |
| 27 | +# |
| 28 | +# 3. Change the values in the "env" block to match your values. |
| 29 | + |
| 30 | +name: 'Build and Deploy to Cloud Run' |
2 | 31 |
|
3 | 32 | on: |
4 | 33 | push: |
5 | | - branches: [ "main" ] |
| 34 | + branches: |
| 35 | + - '"main"' |
6 | 36 |
|
7 | | -permissions: |
8 | | - contents: read |
9 | | - id-token: write |
| 37 | +env: |
| 38 | + PROJECT_ID: 'angularblogcloud-455518' # TODO: update to your Google Cloud project ID |
| 39 | + REGION: 'europe-central21' # TODO: update to your region |
10 | 40 |
|
11 | 41 | jobs: |
12 | | - build-and-deploy: |
13 | | - runs-on: ubuntu-latest |
| 42 | + deploy: |
| 43 | + runs-on: 'ubuntu-latest' |
| 44 | + |
| 45 | + permissions: |
| 46 | + contents: 'read' |
| 47 | + id-token: 'write' |
14 | 48 |
|
15 | 49 | steps: |
16 | | - # 1) Check out your code |
17 | | - - uses: actions/checkout@v4 |
| 50 | + - name: 'Checkout' |
| 51 | + uses: 'actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332' # actions/checkout@v4 |
18 | 52 |
|
19 | | - # 2) Authenticate to Google Cloud (Direct Workload Identity Federation) |
20 | | - - name: Authenticate to Google Cloud |
21 | | - id: auth |
22 | | - uses: google-github-actions/auth@v2 |
| 53 | + # Configure Workload Identity Federation and generate an access token. |
| 54 | + # |
| 55 | + # See https://github.com/google-github-actions/auth for more options, |
| 56 | + # including authenticating via a JSON credentials file. |
| 57 | + - name: Google Cloud Auth |
| 58 | + uses: 'google-github-actions/auth@v2' |
23 | 59 | with: |
24 | 60 | credentials_json: '${{ secrets.GCP_SA_KEY }}' |
25 | 61 | project_id: ${{ env.PROJECT_ID }} |
26 | 62 |
|
27 | | - # 3) Install & configure gcloud CLI |
28 | | - - name: Set up Cloud SDK |
29 | | - uses: google-github-actions/setup-gcloud@v1 |
| 63 | + # BEGIN - Docker auth and build |
| 64 | + # |
| 65 | + # If you already have a container image, you can omit these steps. |
| 66 | + - name: 'Docker Auth' |
| 67 | + uses: 'docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567' # docker/login-action@v3 |
| 68 | + with: |
| 69 | + username: 'oauth2accesstoken' |
| 70 | + password: '${{ steps.auth.outputs.auth_token }}' |
| 71 | + registry: '${{ env.REGION }}-docker.pkg.dev' |
| 72 | + |
| 73 | + - name: 'Build and Push Container' |
| 74 | + run: |- |
| 75 | + DOCKER_TAG="$${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }}" |
| 76 | + docker build --tag "${DOCKER_TAG}" . |
| 77 | + docker push "${DOCKER_TAG}" |
| 78 | + - name: 'Deploy to Cloud Run' |
| 79 | + |
| 80 | + # END - Docker auth and build |
| 81 | + |
| 82 | + uses: 'google-github-actions/deploy-cloudrun@33553064113a37d688aa6937bacbdc481580be17' # google-github-actions/deploy-cloudrun@v2 |
30 | 83 | with: |
31 | | - export_default_credentials: true |
32 | | - |
33 | | - # 4) Configure region (no API enabling here) |
34 | | - - name: Configure gcloud |
35 | | - run: | |
36 | | - gcloud config set project ${{ steps.auth.outputs.project_id }} |
37 | | - gcloud config set run/region europe-central2 |
38 | | -
|
39 | | - # 5) Install Node.js dependencies |
40 | | - - name: Install Node dependencies |
41 | | - run: npm install |
42 | | - |
43 | | - # 6) Build Angular |
44 | | - - name: Build Angular |
45 | | - run: npm run build -- --configuration production |
46 | | - |
47 | | - # 7) Deploy to Cloud Run |
48 | | - - name: Deploy to Cloud Run |
49 | | - run: | |
50 | | - gcloud run deploy angular-blog-service \ |
51 | | - --source . \ |
52 | | - --allow-unauthenticated |
| 84 | + service: '${{ env.SERVICE }}' |
| 85 | + region: '${{ env.REGION }}' |
| 86 | + # NOTE: If using a pre-built image, update the image name below: |
| 87 | + |
| 88 | + image: '${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }}' |
| 89 | + # If required, use the Cloud Run URL output in later steps |
| 90 | + - name: 'Show output' |
| 91 | + run: |2- |
| 92 | +
|
| 93 | + echo ${{ steps.deploy.outputs.url }} |
0 commit comments