-
Notifications
You must be signed in to change notification settings - Fork 644
132 lines (112 loc) · 3.95 KB
/
deploy.yml
File metadata and controls
132 lines (112 loc) · 3.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Deploy
on:
push:
branches:
- main
permissions:
contents: read
env:
PULUMI_VERSION: "3.188.0"
jobs:
docker-push:
name: Build Docker Image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
- name: Log in to Container Registry
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=sha,prefix=main-{{date 'YYYYMMDD'}}-,enable={{is_default_branch}}
type=raw,value=main,enable={{is_default_branch}}
- name: Build and push Docker image
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
deploy-staging:
name: Deploy to Staging
runs-on: ubuntu-latest
environment: staging
needs: docker-push
concurrency:
group: deploy-staging
cancel-in-progress: false
steps:
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
- name: Setup Go
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00
with:
go-version-file: 'go.mod'
- name: Setup Pulumi
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e
with:
pulumi-version: ${{ env.PULUMI_VERSION }}
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093
with:
credentials_json: ${{ secrets.GCP_STAGING_SERVICE_ACCOUNT_KEY }}
- name: Setup Google Cloud SDK
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db
with:
project_id: mcp-registry-staging
install_components: gke-gcloud-auth-plugin
- name: Deploy to Staging
working-directory: ./deploy
run: |
echo "${{ secrets.PULUMI_STAGING_PASSPHRASE }}" > passphrase.staging.txt
make staging-up
deploy-production:
name: Deploy to Production
runs-on: ubuntu-latest
environment: production
needs: deploy-staging
concurrency:
group: deploy-production
cancel-in-progress: false
steps:
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
- name: Setup Go
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00
with:
go-version-file: 'go.mod'
- name: Setup Pulumi
uses: pulumi/actions@cc7494be991dba0978f7ffafaf995b0449a0998e
with:
pulumi-version: ${{ env.PULUMI_VERSION }}
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093
with:
credentials_json: ${{ secrets.GCP_PROD_SERVICE_ACCOUNT_KEY }}
- name: Setup Google Cloud SDK
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db
with:
project_id: mcp-registry-prod
install_components: gke-gcloud-auth-plugin
- name: Deploy to Production
working-directory: ./deploy
run: |
echo "${{ secrets.PULUMI_PROD_PASSPHRASE }}" > passphrase.prod.txt
make prod-up