realoptions
diff --git a/‎.github/workflows/release-tf.yml
Lines changed: 10 additions & 89 deletions b/‎.github/workflows/release-tf.yml
Lines changed: 10 additions & 89 deletions
@@ -5,8 +5,10 @@ on:
     - '*'
 env:
   CLOUDSDK_CORE_DISABLE_PROMPTS: 1
-  SA_NAME: terraform_access
   PROJECT_ID: finside #use this as source of truth instead of terraform.tfvars
+  CUSTOM_DOMAIN: api2.finside.org
+  VERSION_MAJOR: 2
+  SERVICE_NAME: realoptions
 jobs:
   release: 
     runs-on: ubuntu-latest
@@ -22,39 +24,6 @@ jobs:
       run: |
         cargo test
 
-    # Setup gcloud CLI
-    # To create a service account, 
-    # gcloud iam service-accounts create [SA-NAME] \
-    # --description "[SA-DESCRIPTION]" \
-    # --display-name "[SA-DISPLAY-NAME]"
-
-    # to create a key for the service account,
-    # gcloud iam service-accounts keys create ~/key.json \
-    # --iam-account [SA-NAME]@[PROJECT-ID].iam.gserviceaccount.com
-
-    # to base64 it,
-    # cat ~/key.json | base64
-
-    # to get email address,
-    # gcloud iam service-accounts list
-
-    # to grant roles, 
-    # gcloud projects add-iam-policy-binding [project] \
-    # --member serviceAccount:[emailaddress] \
-    # --role roles/run.admin 
-    # gcloud projects add-iam-policy-binding [project] \
-    # --member serviceAccount:[emailaddress] \
-    # --role roles/viewer
-    # gcloud projects add-iam-policy-binding [project] \
-    # --member serviceAccount:[emailaddress] \
-    # --role roles/cloudbuild.builds.builder
-    # gcloud projects add-iam-policy-binding [project] \
-    # --member serviceAccount:[emailaddress] \
-    # --role roles/iam.serviceAccountUser
-    # gcloud projects add-iam-policy-binding [project] \
-    # --member serviceAccount:[emailaddress] \
-    # --role roles/firebasehosting.admin
-    #
     - uses: GoogleCloudPlatform/github-actions/setup-gcloud@master
       with:
         version: '275.0.0'
@@ -67,69 +36,21 @@ jobs:
         docker build . -f docker/option_price.Dockerfile --tag gcr.io/$PROJECT_ID/$SERVICE_NAME:$GITHUB_SHA
         docker push gcr.io/$PROJECT_ID/$SERVICE_NAME:$GITHUB_SHA
 
-    # Deploy image to Cloud Run
-    - name: Deploy
-      run: |
-        gcloud run deploy $SERVICE_NAME \
-          --image gcr.io/$PROJECT_ID/$SERVICE_NAME:$GITHUB_SHA \
-          --region $RUN_REGION \
-          --platform managed 
-
-    # API Management
-    # gcloud services enable servicecontrol.googleapis.com
-    # gcloud services enable endpoints.googleapis.com
-    # gcloud projects add-iam-policy-binding [project] \
-    # --member serviceAccount:[emailaddress] \
-    # --role roles/servicemanagement.configEditor
-    - name: Swagger
-      run: |
-        sed "s/$CUSTOM_DOMAIN/$GATEWAY_SERVICE/g" docs/openapi_v2.yml  > docs/urlsubstitute.yml
-        gcloud endpoints services deploy docs/urlsubstitute.yml \
-          --project $PROJECT_ID
-        
-    ## Todo! dynamic service configuration
-    - name: Build API Gateway
+    - name: Terraform
       run: |
-        GATEWAY_CONFIG=$(gcloud endpoints configs list --service ${GATEWAY_SERVICE} --limit 1 \
-          | grep $(date +'%Y-%m-%d') | head -n1 | awk '{print $1;}')
-        curl --fail -o "service.json" -H "Authorization: Bearer $(gcloud auth print-access-token)" \
-          "https://servicemanagement.googleapis.com/v1/services/${GATEWAY_SERVICE}/configs/${GATEWAY_CONFIG}?view=FULL" 
-        docker build . -f docker/gateway.Dockerfile --tag gcr.io/${PROJECT_ID}/endpoints-runtime-serverless:${GATEWAY_SERVICE}-${GATEWAY_CONFIG}
-        docker push gcr.io/${PROJECT_ID}/endpoints-runtime-serverless:${GATEWAY_SERVICE}-${GATEWAY_CONFIG}
+        terraform apply -var="custom_api_domain=$CUSTOM_DOMAIN" -var="api_version_major=$VERSION_MAJOR" -var="project=$PROJECT_ID" -var="github_sha=$GITHUB_SHA" -var="service_name=$SERVICE_NAME"
 
-    - name: Deploy Gateway
-      run: |
-        GATEWAY_CONFIG=$(gcloud endpoints configs list --service ${GATEWAY_SERVICE} --limit 1 \
-          | grep $(date +'%Y-%m-%d') | head -n1 | awk '{print $1;}')
-        gcloud run deploy ${SERVICE_NAME}-gateway \
-          --image=gcr.io/${PROJECT_ID}/endpoints-runtime-serverless:${GATEWAY_SERVICE}-${GATEWAY_CONFIG} \
-          --set-env-vars=ESPv2_ARGS=--cors_preset=basic \
-          --allow-unauthenticated \
-          --platform managed \
-          --project $PROJECT_ID \
-          --region $RUN_REGION 
-
-    - name: Policy binding
-      run: |
-        gcloud run services add-iam-policy-binding $SERVICE_NAME \
-          --member "serviceAccount:${{secrets.ESP_PROJECT_NUMBER}}[email protected]" \
-          --role "roles/run.invoker" \
-          --platform managed \
-          --region $RUN_REGION  \
-          --project ${PROJECT_ID}
-    # had to add service account to verified owners, see https://cloud.google.com/run/docs/mapping-custom-domains
-    # this will error if custom domain already exists, so || true at the end
-    - name: Custom domain
+    - name: templatize yml
       run: |
-        gcloud beta run domain-mappings create --service $SERVICE_NAME \
-          --domain $CUSTOM_DOMAIN --platform managed --region $RUN_REGION  \
-          --project ${PROJECT_ID} || true
+        export VISIBLE_HOST=$CUSTOM_DOMAIN
+        export HOST=$(terraform output realoptions_gateway_url)
+        source /dev/stdin <<<"$(echo 'cat <<EOF >final.yml'; cat ./docs/openapi_v2.yml; echo EOF;)"
+        mv -f final.yml ./docs/openapi_v2.yml
 
     - name: release files
       uses: ncipollo/release-action@v1
       with:
         artifacts: "./target/x86_64-unknown-linux-musl/release/*,./serverless.yml,./docs/openapi_v2.yml"
-        # bodyFile: "body.md"
         token: ${{ secrets.ACCESS_TOKEN }}
     - name: kickoff main site job
       run: |