npc-mixpanel/.github/workflows/deploy.yml at main · mixpanel/npc-mixpanel · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
name: Deploy to GCP

on:
  push:
    branches:
      - main

env:
  REGION: us-central1
  UI_SERVICE_NAME: npc-mixpanel
  API_SERVICE_NAME: npc-mixpanel-api

jobs:
  deploy:
    name: Build and Deploy via Cloud Build
    runs-on: ubuntu-latest

    permissions:
      contents: read
      id-token: write

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Authenticate to Google Cloud
        uses: google-github-actions/auth@v2
        with:
          credentials_json: ${{ secrets.GCP_SA_KEY }}

      - name: Set up Cloud SDK
        uses: google-github-actions/setup-gcloud@v2
        with:
          project_id: ${{ secrets.GCP_PROJECT }}

      # Deploy UI service via Cloud Build (builds and deploys in one step)
      - name: Deploy UI to Cloud Run via Cloud Build
        run: |
          echo "Deploying UI service via Cloud Build..."
          gcloud builds submit \
            --config cloudbuild.yaml \
            --substitutions _SERVICE_NAME=${{ env.UI_SERVICE_NAME }},_REGION=${{ env.REGION }} \
            --region ${{ env.REGION }} \
            --project ${{ secrets.GCP_PROJECT }}

      # Deploy API service via Cloud Build (builds and deploys in one step)
      - name: Deploy API to Cloud Run via Cloud Build
        run: |
          echo "Deploying API service via Cloud Build..."
          gcloud builds submit \
            --config cloudbuild-api.yaml \
            --substitutions _SERVICE_NAME=${{ env.API_SERVICE_NAME }},_REGION=${{ env.REGION }} \
            --region ${{ env.REGION }} \
            --project ${{ secrets.GCP_PROJECT }}

      # Deployment summary
      - name: Deployment Summary
        run: |
          UI_URL=$(gcloud run services describe ${{ env.UI_SERVICE_NAME }} \
            --region ${{ env.REGION }} \
            --project ${{ secrets.GCP_PROJECT }} \
            --format='value(status.url)' 2>/dev/null || echo "")

          API_URL=$(gcloud run services describe ${{ env.API_SERVICE_NAME }} \
            --region ${{ env.REGION }} \
            --project ${{ secrets.GCP_PROJECT }} \
            --format='value(status.url)' 2>/dev/null || echo "")

          echo "## Deployment Complete!" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### UI Service (Cloud Run - Private)" >> $GITHUB_STEP_SUMMARY
          if [ -n "$UI_URL" ]; then
            echo "**URL:** $UI_URL" >> $GITHUB_STEP_SUMMARY
          else
            echo "**Service:** ${{ env.UI_SERVICE_NAME }}" >> $GITHUB_STEP_SUMMARY
          fi
          echo "_Protected by IAP - only authorized users can access_" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### API Service (Cloud Run - Public)" >> $GITHUB_STEP_SUMMARY
          if [ -n "$API_URL" ]; then
            echo "**URL:** $API_URL" >> $GITHUB_STEP_SUMMARY
          else
            echo "**Service:** ${{ env.API_SERVICE_NAME }}" >> $GITHUB_STEP_SUMMARY
          fi
          echo "_Public endpoint - authenticated via user_id + safe_word_" >> $GITHUB_STEP_SUMMARY