skillcert-backend-server/frontend-deploy.yml at main · SkillCert/skillcert-backend-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
name: Deploy Frontend to Google Cloud Run

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main
    types: [closed]

env:
  PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
  REGION: ${{ secrets.GCP_REGION }}
  WIF_PROVIDER: ${{ secrets.WIF_PROVIDER }}
  WIF_SERVICE_ACCOUNT: ${{ secrets.WIF_SERVICE_ACCOUNT }}
  ARTIFACT_REGISTRY: ${{ secrets.ARTIFACT_REGISTRY }}
  SERVICE_NAME: skillcert-frontend

jobs:
  build-and-deploy:
    # Only run on push to main or PR merged to main
    if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
    runs-on: ubuntu-latest

    permissions:
      contents: "read"
      id-token: "write" # Required for Workload Identity Federation

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Authenticate to Google Cloud
        id: auth
        uses: google-github-actions/auth@v2
        with:
          workload_identity_provider: ${{ env.WIF_PROVIDER }}
          service_account: ${{ env.WIF_SERVICE_ACCOUNT }}

      - name: Set up Cloud SDK
        uses: google-github-actions/setup-gcloud@v2

      - name: Configure Docker to use Artifact Registry
        run: |
          gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev --quiet
      - name: Build and Push Docker image
        id: docker-build-push
        run: |
          IMAGE_TAG=${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.ARTIFACT_REGISTRY }}/${{ env.SERVICE_NAME }}:${{ github.sha }}
          # Pass the backend URL as a build arg if necessary
          docker build \
            --build-arg NEXT_PUBLIC_API_URL=${{ secrets.NEXT_PUBLIC_API_URL }} \
            -t $IMAGE_TAG .

          docker push $IMAGE_TAG
          echo "image=$IMAGE_TAG" >> $GITHUB_OUTPUT
      - name: Deploy to Cloud Run
        id: deploy
        uses: google-github-actions/deploy-cloudrun@v2
        with:
          service: ${{ env.SERVICE_NAME }}
          region: ${{ env.REGION }}
          image: ${{ steps.docker-build-push.outputs.image }}
          # Port usually exposed by frontend containers (e.g., Next.js uses 3000)
          port: 3000
          flags: "--allow-unauthenticated"
          env_vars: |
            NEXT_PUBLIC_API_URL=${{ secrets.NEXT_PUBLIC_API_URL }}
      - name: Show Cloud Run URL
        run: |
          echo "Deployed successfully to: ${{ steps.deploy.outputs.url }}"