From 7ad719895d8c187050ea4f8ad70677fd4fec658e Mon Sep 17 00:00:00 2001 From: Katalina Okano Date: Sun, 6 Dec 2020 05:41:18 -0500 Subject: [PATCH] add GAR docker push for google cloud stuff --- .github/workflows/build.yml | 14 +++++++-- terraform/providers.tf | 24 +++++++++++++++ terraform/variables.tf | 6 ++++ terraform/webapp.tf | 58 +++++++++++++++++++++++++++++++++++++ terraform/weblb.tf | 45 ++++++++++++++++++++++++++++ 5 files changed, 144 insertions(+), 3 deletions(-) create mode 100644 terraform/webapp.tf create mode 100644 terraform/weblb.tf diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2322eaa..a907337 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -75,8 +75,9 @@ jobs: id: docker_meta uses: crazy-max/ghaction-docker-meta@v1 with: - images: ghcr.io/roleypoly/${{matrix.dockerfile}} - tag-sha: true + images: | + ghcr.io/roleypoly/${{matrix.dockerfile}} + us-docker.pkg.dev/roleypoly-${{matrix.dockerfile}} - name: Set up Docker Buildx id: buildx @@ -84,13 +85,20 @@ jobs: with: install: true - - name: Login to GitHub Packages Docker Registry + - name: Login to GHCR uses: docker/login-action@v1 with: registry: ghcr.io username: roleypoly password: ${{ secrets.GHCR_PAT }} + - name: Login to GAR + uses: docker/login-action@v1 + with: + registry: us-docker.pkg.dev + username: _json_key + password: ${{ secrets.GAR_JSON_KEY }} + - name: Build and push uses: docker/build-push-action@v2 with: diff --git a/terraform/providers.tf b/terraform/providers.tf index aef51dd..6ac2d55 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -6,6 +6,11 @@ terraform { source = "hashicorp/google" } + google-beta = { + version = ">=3.49.0" + source = "hashicorp/google" + } + cloudflare = { version = ">=2.14.0" source = "cloudflare/cloudflare" @@ -49,4 +54,23 @@ provider "cloudflare" { account_id = var.cloudflare_account_id } +variable "gcp_project" { + type = string + sensitive = true +} + +variable "gcp_region" { + type = string + default = "us-east4" +} + +provider "google" { + project = var.gcp_project + region = var.gcp_region +} + +provider "google-beta" { + project = var.gcp_project + region = var.gcp_region +} diff --git a/terraform/variables.tf b/terraform/variables.tf index 9428f23..7751249 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -13,6 +13,12 @@ variable "ui_regions" { description = "Cloud Run regions to deploy UI to" } +variable "ui_tag" { + type = string + description = "Specific tag to deploy" + default = "main" +} + variable "bot_client_id" { type = string description = "Bot Client ID" diff --git a/terraform/webapp.tf b/terraform/webapp.tf new file mode 100644 index 0000000..6a6e0e0 --- /dev/null +++ b/terraform/webapp.tf @@ -0,0 +1,58 @@ +resource "cloudflare_record" "web" { + zone_id = var.cloudflare_zone_id + name = "web-${var.environment_tag}" + type = "A" + value = google_compute_address.web_lb.address + proxied = true +} + +resource "google_cloud_run_service" "web" { + for_each = toset(var.ui_regions) + + name = "roleypoly-web-${var.environment_tag}-${each.key}" + location = each.key + + template { + spec { + containers { + image = "ghcr.io/roleypoly/ui:${var.ui_tag}" + + env { + name = "API_PUBLIC_URI" + value = var.api_public_uri + } + + env { + name = "UI_PUBLIC_URI" + value = var.ui_public_uri + } + } + } + } + + traffic { + percent = 100 + latest_revision = true + } +} + + + +data "google_iam_policy" "noauth" { + binding { + role = "roles/run.invoker" + members = [ + "allUsers", + ] + } +} + +resource "google_cloud_run_service_iam_policy" "noauth" { + for_each = toset(var.ui_regions) + + location = google_cloud_run_service.web[each.key].location + project = google_cloud_run_service.web[each.key].project + service = google_cloud_run_service.web[each.key].name + + policy_data = data.google_iam_policy.noauth.policy_data +} diff --git a/terraform/weblb.tf b/terraform/weblb.tf new file mode 100644 index 0000000..86fc4e9 --- /dev/null +++ b/terraform/weblb.tf @@ -0,0 +1,45 @@ +resource "google_compute_address" "web_lb" { + name = "lb-ip-web-${var.environment_tag}" +} + +resource "google_compute_backend_service" "web_lb" { + name = "lb-rbes-web-${var.environment_tag}" + + dynamic "backend" { + for_each = toset(var.ui_regions) + content { + group = google_compute_region_network_endpoint_group.web_lb[backend.value].id + } + } +} + +resource "google_compute_url_map" "web_lb" { + name = "lb-um-web-${var.environment_tag}" + + default_service = google_compute_backend_service.web_lb.id +} + +resource "google_compute_target_http_proxy" "web_lb" { + name = "lb-http-web-${var.environment_tag}" + url_map = google_compute_url_map.web_lb.id +} + +resource "google_compute_forwarding_rule" "web_lb" { + provider = google-beta + + name = "lb-fr-web-${var.environment_tag}" + target = google_compute_target_http_proxy.web_lb.id + ports = ["80"] +} + +resource "google_compute_region_network_endpoint_group" "web_lb" { + provider = google-beta + for_each = toset(var.ui_regions) + + name = "lb-fr-neg-${each.key}-${var.environment_tag}" + region = google_cloud_run_service.web[each.key].location + network_endpoint_type = "SERVERLESS" + cloud_run { + service = google_cloud_run_service.web[each.key].name + } +}