Monitor 1-click Deployment #110
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Monitor 1-click Deployment | |
| permissions: {} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Environment to deploy to' | |
| required: true | |
| default: 'prod' | |
| type: choice | |
| options: | |
| - stage | |
| - prod | |
| - dev | |
| originalImageTag: | |
| description: 'The original image tag that has been deployed' | |
| required: true | |
| type: string | |
| pattern: '^[a-f0-9]{7,12}$' | |
| jobs: | |
| pull_retag_push: | |
| name: Pull, Retag, and Push Images | |
| runs-on: ubuntu-latest | |
| environment: build | |
| permissions: | |
| contents: "read" # Needed for checkout | |
| id-token: "write" # Needed for GCP auth | |
| packages: "none" # Explicitly disable package permissions | |
| env: | |
| GAR_IMAGE_BASE: ${{ vars.GAR_REPO }}/${{ github.event.repository.name }} | |
| GAR_REGISTRY: us-docker.pkg.dev # Define GAR registry hostname | |
| DOCKERHUB_IMAGE: mozilla/blurts-server # Define Docker Hub image name | |
| SAFE_IMAGE_TAG: ${{ inputs.originalImageTag }} | |
| SAFE_ENVIRONMENT: ${{ inputs.environment }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Authenticate to Google Cloud | |
| id: gcp-auth | |
| uses: google-github-actions/auth@v3 | |
| with: | |
| token_format: access_token | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ vars.GCP_GAR_SERVICE_ACCOUNT }} | |
| - name: Login to Artifact Registry | |
| id: gar-login | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.GAR_REGISTRY }} | |
| username: oauth2accesstoken | |
| password: ${{ steps.gcp-auth.outputs.access_token }} | |
| - name: Pull Docker Hub image | |
| run: docker pull "$DOCKERHUB_IMAGE:$SAFE_IMAGE_TAG" | |
| - name: Retag Docker Hub image | |
| run: docker tag "$DOCKERHUB_IMAGE:$SAFE_IMAGE_TAG" "$DOCKERHUB_IMAGE:$SAFE_ENVIRONMENT-$SAFE_IMAGE_TAG" | |
| - name: Push Docker Hub image | |
| run: docker push "$DOCKERHUB_IMAGE:$SAFE_ENVIRONMENT-$SAFE_IMAGE_TAG" | |
| - name: Pull GAR image | |
| run: docker pull "$GAR_IMAGE_BASE:$SAFE_IMAGE_TAG" | |
| - name: Retag GAR image | |
| run: docker tag "$GAR_IMAGE_BASE:$SAFE_IMAGE_TAG" "$GAR_IMAGE_BASE:$SAFE_ENVIRONMENT-$SAFE_IMAGE_TAG" | |
| - name: Push GAR image | |
| run: docker push "$GAR_IMAGE_BASE:$SAFE_ENVIRONMENT-$SAFE_IMAGE_TAG" |