name: Deploy on: workflow_dispatch: inputs: environment: description: 'One of: stage, prod' required: true default: stage ui_tag: description: 'tag/digest reference to a UI container build' required: false default: ':main' bot_tag: description: 'tag/digest reference to a UI container build' required: false default: ':main' worker_tag: description: 'bucket key to fetch worker from' required: false default: '' # Empty will try using current main branch hash jobs: docker_sync: runs-on: ubuntu-latest outputs: ui_tag: ${{ steps.tags.outputs.ui_tag }} bot_tag: ${{ steps.tags.outputs.bot_tag }} steps: - uses: actions/checkout@master - uses: docker/setup-buildx-action@v1 id: buildx with: install: true - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@master with: project_id: ${{ secrets.GCS_PROJECT_ID }} service_account_key: ${{ secrets.GCS_TF_KEY }} export_default_credentials: true - name: Login to GHCR uses: docker/login-action@v1 with: registry: ghcr.io username: roleypoly password: ${{ secrets.GHCR_PAT }} - name: Login to GAR US uses: docker/login-action@v1 with: registry: us-docker.pkg.dev username: _json_key password: ${{ secrets.GAR_JSON_KEY }} - name: Login to GAR Europe uses: docker/login-action@v1 with: registry: europe-docker.pkg.dev username: _json_key password: ${{ secrets.GAR_JSON_KEY }} - name: Login to GAR Asia uses: docker/login-action@v1 with: registry: asia-docker.pkg.dev username: _json_key password: ${{ secrets.GAR_JSON_KEY }} - name: Retag id: tags run: | retag_push() { docker tag $1 $2 docker push $2 } get_digest() { gcloud artifacts tags list --package=$1 --project=roleypoly --location=us --repository=roleypoly --format=json --filter=${{github.event.inputs.environment}} | jq -r .[].version | sed 's/^.*sha256/sha256/' } UI_IMAGE_SRC=ghcr.io/roleypoly/ui${{github.event.inputs.ui_tag}} UI_IMAGE_DEST_BASE=docker.pkg.dev/roleypoly/roleypoly/ui:${{github.event.inputs.environment}} docker pull $UI_IMAGE_SRC retag_push $UI_IMAGE_SRC us-$UI_IMAGE_DEST_BASE retag_push $UI_IMAGE_SRC europe-$UI_IMAGE_DEST_BASE retag_push $UI_IMAGE_SRC asia-$UI_IMAGE_DEST_BASE echo ::set-output name=ui_tag::@$(get_digest ui) BOT_IMAGE_SRC=ghcr.io/roleypoly/bot${{github.event.inputs.bot_tag}} BOT_IMAGE_DEST_BASE=docker.pkg.dev/roleypoly/roleypoly/bot:${{github.event.inputs.environment}} docker pull $BOT_IMAGE_SRC retag_push $BOT_IMAGE_SRC us-$BOT_IMAGE_DEST_BASE echo ::set-output name=ui_tag::@$(get_digest bot) deploy_terraform: runs-on: ubuntu-latest needs: - docker_sync steps: - uses: actions/checkout@master - uses: hashicorp/setup-terraform@v1 with: terraform_version: ^0.14.0 - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@master with: project_id: ${{ secrets.GCS_PROJECT_ID }} service_account_key: ${{ secrets.GCS_TF_KEY }} export_default_credentials: true - name: Get Google Secrets (they keep them in a box under a tree) id: secrets uses: google-github-actions/get-secretmanager-secrets@main with: secrets: |- secretJSON:${{ secrets.GCS_PROJECT_ID }}/${{github.event.inputs.environment}}-tfvars - name: Pull necessary artifacts working-directory: ./terraform run: | currentHash=${{ github.sha }} targetArtifact=${{ github.event.inputs.worker_tag }} selected="${targetArtifact:-$currentHash}" mkdir worker-dist gsutil cp gs://roleypoly-artifacts/backend-worker/$selected/script.js worker-dist/backend-worker.js - name: Terraform init working-directory: ./terraform run: | terraform init --backend-config "prefix=${{github.event.inputs.environment}}" - name: Write *.auto.tfvars.json files working-directory: ./terraform run: | echo \ '{"ui_tag": "${{needs.docker_sync.outputs.ui_tag}}", "bot_tag": "${{needs.docker_sync.outputs.bot_tag}}", "api_path_to_worker": "./worker-dist/backend-worker.js"}' \ | jq . \ | tee tags.auto.tfvars.json echo ${SECRET_TFVARS} > secrets.auto.tfvars.json env: SECRET_TFVARS: ${{ steps.secrets.outputs.secretJSON }} - name: Terraform plan working-directory: ./terraform run: | terraform plan \ -var-file variables/global.tfvars \ -var-file variables/${{github.event.inputs.environment}}.tfvars \ -out=./deployment.tfplan - name: Terraform apply working-directory: ./terraform run: | terraform apply \ -auto-approve \ deployment.tfplan