feat: add example workflows (#18)

averikitsch · web-flow · commit 5652d4b5c6b4 · 2020-12-22T09:03:02.000-08:00
* feat: add example workflows

* updates comments
diff --git a/.github/workflows/deploy-cloudrun-credentials-it.yml b/.github/workflows/deploy-cloudrun-credentials-it.yml
@@ -1,6 +1,9 @@
 name: deploy-cloudrun credentials Integration
 
-on: [push]
+on:
+  push:
+    branches-ignore: 
+    - 'example-*'
 
 jobs:
   gcloud:
diff --git a/.github/workflows/deploy-cloudrun-it.yml b/.github/workflows/deploy-cloudrun-it.yml
@@ -1,6 +1,9 @@
 name: deploy-cloudrun Integration
 
-on: [push]
+on:
+  push:
+    branches-ignore: 
+    - 'example-*'
 
 jobs:
   envvars:
diff --git a/.github/workflows/deploy-cloudrun.yml b/.github/workflows/deploy-cloudrun.yml
@@ -1,6 +1,6 @@
 name: deploy-cloudrun Unit
 
-on: [push, pull_request]
+on: [pull_request]
 
 jobs:
   run:
diff --git a/.github/workflows/example-workflow-quickstart.yaml b/.github/workflows/example-workflow-quickstart.yaml
@@ -0,0 +1,37 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+on:
+  push:
+    branches:
+      - example-deploy
+
+name: Quickstart - Deploy Prebuilt Container
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+        
+    - name: Deploy to Cloud Run
+      id: deploy
+      uses: google-github-actions/deploy-cloudrun@v0.2.0
+      with:
+        image: gcr.io/cloudrun/hello
+        service: hello-cloud-run
+        credentials: ${{ secrets.GCP_SA_KEY }}
+
+    - name: Show Output
+      run: echo ${{ steps.deploy.outputs.url }}
+      
diff --git a/.github/workflows/example-workflow.yaml b/.github/workflows/example-workflow.yaml
@@ -0,0 +1,57 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+on:
+  push:
+    branches:
+      - example-build-deploy
+
+name: Build and Deploy a Container
+env:
+  PROJECT_ID: ${{ secrets.GCP_PROJECT }}
+  SERVICE: hello-cloud-run
+  REGION: us-central1
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Setup Cloud SDK
+      uses: google-github-actions/setup-gcloud@v0.2.0
+      with:
+        project_id: ${{ env.PROJECT_ID }}
+        service_account_key: ${{ secrets.GCP_SA_KEY }}
+        export_default_credentials: true  # Set to true to authenticate the Cloud Run action
+
+    - name: Authorize Docker push
+      run: gcloud auth configure-docker
+
+    - name: Build and Push Container
+      run: |-
+        docker build -t gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{  github.sha }} example-app/
+        docker push gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{  github.sha }}
+        
+    - name: Deploy to Cloud Run
+      id: deploy
+      uses: google-github-actions/deploy-cloudrun@v0.2.0
+      with:
+        service: ${{ env.SERVICE }}
+        image: gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{  github.sha }}
+        region: ${{ env.REGION }}
+
+    - name: Show Output
+      run: echo ${{ steps.deploy.outputs.url }}
diff --git a/README.md b/README.md
@@ -174,9 +174,92 @@ only works using a custom runner hosted on GCP.**
 The action will automatically detect and use the Application Default
 Credentials.
 
+## Example Workflows
+
+* [Deploy a prebuilt container](#deploy-a-prebuilt-container)
+
+* [Build and deploy a container](#build-and-deploy-a-container)
+
+### Setup
+
+1.  Create a new Google Cloud Project (or select an existing project).
+
+1. [Enable the Cloud Run API](https://console.cloud.google.com/flows/enableapi?apiid=run.googleapis.com).
+
+1.  [Create a Google Cloud service account][sa] or select an existing one.
+
+1.  Add the the following [Cloud IAM roles][roles] to your service account:
+
+    - `Cloud Run Admin` - allows for the creation of new Cloud Run services
+
+    - `Service Account User` -  required to deploy to Cloud Run as service account
+
+    - `Storage Admin` - allow push to Google Container Registry (this grants project level access, but recommend reducing this scope to [bucket level permissions](https://cloud.google.com/container-registry/docs/access-control#grant).)
+
+1.  [Download a JSON service account key][create-key] for the service account.
+
+1.  Add the following [secrets to your repository's secrets][gh-secret]:
+
+    - `GCP_PROJECT`: Google Cloud project ID
+
+    - `GCP_SA_KEY`: the downloaded service account key
+
+### Deploy a prebuilt container
+
+To run this [workflow](.github/workflows/example-workflow-quickstart.yaml), push to the branch named `example-deploy`:
+
+```sh
+git push YOUR-FORK main:example-deploy
+```
+
+### Build and deploy a container
+
+To run this [workflow](.github/workflows/example-workflow.yaml), push to the branch named `example-build-deploy`:
+
+```sh
+git push YOUR-FORK main:example-build-deploy
+```
+
+**Reminder: If this is your first deployment of a service, it will reject all unauthenticated requests. Learn more at [allowing unauthenticated requests](#Allow-unauthenticated-requests)**
+
+## Migrating from `setup-gcloud`
+
+Example using `setup-gcloud`:
+
+```YAML
+- name: Setup Cloud SDK
+  uses: google-github-actions/setup-gcloud@v0.2.0
+  with:
+    project_id: ${{ env.PROJECT_ID }}
+    service_account_key: ${{ secrets.GCP_SA_KEY }}
+
+- name: Deploy to Cloud Run
+  run: |-
+    gcloud run deploy $SERVICE \
+      --region $REGION \
+      --image gcr.io/$PROJECT_ID/$SERVICE \
+      --platform managed \
+      --set-env-vars NAME="Hello World"
+```
+
+Migrated to `deploy-cloudrun`:
+
+```YAML
+- name: Deploy to Cloud Run
+  uses: google-github-actions/deploy-cloudrun@v0.2.0
+  with:
+    service: ${{ env.SERVICE }}
+    image: gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}
+    region: ${{ env.REGION }}
+    credentials: ${{ secrets.GCP_SA_KEY }}
+    env_vars: NAME="Hello World"
+```
+Note: The action is for the "managed" platform and will not set access privileges such as [allowing unauthenticated requests](#Allow-unauthenticated-requests).
+
+
 [cloud-run]: https://cloud.google.com/run
-[sm]: https://cloud.google.com/secret-manager
 [sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts
+[create-key]: https://cloud.google.com/iam/docs/creating-managing-service-account-keys
 [gh-runners]: https://help.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners
 [gh-secret]: https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
 [setup-gcloud]: ./setup-gcloud
diff --git a/example-app/.dockerignore b/example-app/.dockerignore
@@ -0,0 +1,4 @@
+Dockerfile
+README.md
+node_modules
+npm-debug.log
diff --git a/example-app/Dockerfile b/example-app/Dockerfile
@@ -0,0 +1,34 @@
+# Copyright 2020 Google, LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Use the official lightweight Node.js 12 image.
+# https://hub.docker.com/_/node
+FROM node:12-slim
+
+# Create and change to the app directory.
+WORKDIR /usr/src/app
+
+# Copy application dependency manifests to the container image.
+# A wildcard is used to ensure both package.json AND package-lock.json are copied.
+# Copying this separately prevents re-running npm install on every code change.
+COPY package*.json ./
+
+# Install production dependencies.
+RUN npm install --only=production
+
+# Copy local code to the container image.
+COPY . ./
+
+# Run the web service on container startup.
+CMD [ "npm", "start" ]
diff --git a/example-app/index.js b/example-app/index.js
@@ -0,0 +1,28 @@
+// Copyright 2020 Google, LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+const express = require('express');
+const app = express();
+
+app.get('/', (req, res) => {
+  console.log('Hello world received a request.');
+
+  const target = process.env.TARGET || 'World';
+  res.send(`Hello ${target}!`);
+});
+
+const port = process.env.PORT || 8080;
+app.listen(port, () => {
+  console.log('Hello world listening on port', port);
+});
diff --git a/example-app/package-lock.json b/example-app/package-lock.json
diff --git a/example-app/package.json b/example-app/package.json
