add GAR docker push for google cloud stuff

.github/workflows/build.yml

@@ -75,8 +75,9 @@ jobs:
               id: docker_meta
               uses: crazy-max/ghaction-docker-meta@v1
               with:
-                  images: ghcr.io/roleypoly/${{matrix.dockerfile}}
+                  images: |
-                  tag-sha: true
+                      ghcr.io/roleypoly/${{matrix.dockerfile}}
+                      us-docker.pkg.dev/roleypoly-${{matrix.dockerfile}}
 
             - name: Set up Docker Buildx
               id: buildx
@@ -84,13 +85,20 @@ jobs:
               with:
                   install: true
 
-            - name: Login to GitHub Packages Docker Registry
+            - name: Login to GHCR
               uses: docker/login-action@v1
               with:
                   registry: ghcr.io
                   username: roleypoly
                   password: ${{ secrets.GHCR_PAT }}
 
+            - name: Login to GAR
+              uses: docker/login-action@v1
+              with:
+                  registry: us-docker.pkg.dev
+                  username: _json_key
+                  password: ${{ secrets.GAR_JSON_KEY }}
+
             - name: Build and push
               uses: docker/build-push-action@v2
               with:

terraform/providers.tf

@@ -6,6 +6,11 @@ terraform {
       source  = "hashicorp/google"
     }
 
+    google-beta = {
+      version = ">=3.49.0"
+      source  = "hashicorp/google"
+    }
+
     cloudflare = {
       version = ">=2.14.0"
       source  = "cloudflare/cloudflare"
@@ -49,4 +54,23 @@ provider "cloudflare" {
   account_id = var.cloudflare_account_id
 }
 
+variable "gcp_project" {
+  type      = string
+  sensitive = true
+}
+
+variable "gcp_region" {
+  type    = string
+  default = "us-east4"
+}
+
+provider "google" {
+  project = var.gcp_project
+  region  = var.gcp_region
+}
+
+provider "google-beta" {
+  project = var.gcp_project
+  region  = var.gcp_region
+}
 

terraform/variables.tf

@@ -13,6 +13,12 @@ variable "ui_regions" {
   description = "Cloud Run regions to deploy UI to"
 }
 
+variable "ui_tag" {
+  type        = string
+  description = "Specific tag to deploy"
+  default     = "main"
+}
+
 variable "bot_client_id" {
   type        = string
   description = "Bot Client ID"

terraform/webapp.tf

@@ -0,0 +1,58 @@
+resource "cloudflare_record" "web" {
+  zone_id = var.cloudflare_zone_id
+  name    = "web-${var.environment_tag}"
+  type    = "A"
+  value   = google_compute_address.web_lb.address
+  proxied = true
+}
+
+resource "google_cloud_run_service" "web" {
+  for_each = toset(var.ui_regions)
+
+  name     = "roleypoly-web-${var.environment_tag}-${each.key}"
+  location = each.key
+
+  template {
+    spec {
+      containers {
+        image = "ghcr.io/roleypoly/ui:${var.ui_tag}"
+
+        env {
+          name  = "API_PUBLIC_URI"
+          value = var.api_public_uri
+        }
+
+        env {
+          name  = "UI_PUBLIC_URI"
+          value = var.ui_public_uri
+        }
+      }
+    }
+  }
+
+  traffic {
+    percent         = 100
+    latest_revision = true
+  }
+}
+
+
+
+data "google_iam_policy" "noauth" {
+  binding {
+    role = "roles/run.invoker"
+    members = [
+      "allUsers",
+    ]
+  }
+}
+
+resource "google_cloud_run_service_iam_policy" "noauth" {
+  for_each = toset(var.ui_regions)
+
+  location = google_cloud_run_service.web[each.key].location
+  project  = google_cloud_run_service.web[each.key].project
+  service  = google_cloud_run_service.web[each.key].name
+
+  policy_data = data.google_iam_policy.noauth.policy_data
+}

terraform/weblb.tf

@@ -0,0 +1,45 @@
+resource "google_compute_address" "web_lb" {
+  name = "lb-ip-web-${var.environment_tag}"
+}
+
+resource "google_compute_backend_service" "web_lb" {
+  name = "lb-rbes-web-${var.environment_tag}"
+
+  dynamic "backend" {
+    for_each = toset(var.ui_regions)
+    content {
+      group = google_compute_region_network_endpoint_group.web_lb[backend.value].id
+    }
+  }
+}
+
+resource "google_compute_url_map" "web_lb" {
+  name = "lb-um-web-${var.environment_tag}"
+
+  default_service = google_compute_backend_service.web_lb.id
+}
+
+resource "google_compute_target_http_proxy" "web_lb" {
+  name    = "lb-http-web-${var.environment_tag}"
+  url_map = google_compute_url_map.web_lb.id
+}
+
+resource "google_compute_forwarding_rule" "web_lb" {
+  provider = google-beta
+
+  name   = "lb-fr-web-${var.environment_tag}"
+  target = google_compute_target_http_proxy.web_lb.id
+  ports  = ["80"]
+}
+
+resource "google_compute_region_network_endpoint_group" "web_lb" {
+  provider = google-beta
+  for_each = toset(var.ui_regions)
+
+  name                  = "lb-fr-neg-${each.key}-${var.environment_tag}"
+  region                = google_cloud_run_service.web[each.key].location
+  network_endpoint_type = "SERVERLESS"
+  cloud_run {
+    service = google_cloud_run_service.web[each.key].name
+  }
+}