name: Deploy on: workflow_dispatch: inputs: environment: description: 'One of: stage, prod' required: true default: stage ui_tag: description: 'tag/digest reference to a UI container build' required: false default: ':main' bot_tag: description: 'tag/digest reference to a UI container build' required: false default: ':main' worker_tag: description: 'bucket key to fetch worker from' required: false default: '' # Empty will try using current main branch hash jobs: docker_sync: runs-on: ubuntu-latest outputs: ui_tag: steps.tags.ui_tag bot_tag: steps.tags.bot_tag steps: - uses: actions/checkout@master - uses: docker/setup-buildx-action@v1 id: buildx with: install: true - name: Login to GHCR uses: docker/login-action@v1 with: registry: ghcr.io username: roleypoly password: ${{ secrets.GHCR_PAT }} - name: Login to GAR US uses: docker/login-action@v1 with: registry: us-docker.pkg.io username: _json_key password: ${{ secrets.GAR_JSON_KEY }} - name: Login to GAR Europe uses: docker/login-action@v1 with: registry: europe-docker.pkg.io username: _json_key password: ${{ secrets.GAR_JSON_KEY }} - name: Login to GAR Asia uses: docker/login-action@v1 with: registry: asia-docker.pkg.io username: _json_key password: ${{ secrets.GAR_JSON_KEY }} - name: Retag id: tags run: | retag_push() { docker tag $1 $2 docker push $2 } UI_IMAGE_SRC=ghcr.io/roleypoly/ui${{github.event.inputs.ui_tag}} UI_IMAGE_DEST_BASE=docker.pkg.dev/roleypoly/roleypoly/ui:${{github.event.inputs.environment}} docker pull $UI_IMAGE_SRC retag_push $UI_IMAGE_SRC us-$UI_IMAGE_DEST_BASE retag_push $UI_IMAGE_SRC europe-$UI_IMAGE_DEST_BASE retag_push $UI_IMAGE_SRC asia-$UI_IMAGE_DEST_BASE echo ::set-output name=ui_tag::@$(docker inspect $UI_IMAGE_SRC -f '{{.Id}}') BOT_IMAGE_SRC=ghcr.io/roleypoly/bot${{github.event.inputs.bot_tag}} BOT_IMAGE_DEST_BASE=docker.pkg.dev/roleypoly/roleypoly/bot:${{github.event.inputs.environment}} docker pull $BOT_IMAGE_SRC retag_push $BOT_IMAGE_SRC us-$BOT_IMAGE_DEST_BASE echo ::set-output name=bot_tag::@$(docker inspect $BOT_IMAGE_SRC -f '{{.Id}}' deploy_terraform: runs-on: ubuntu-latest needs: - docker_sync steps: - uses: actions/checkout@master - uses: hashicorp/setup-terraform@v1 with: terraform_version: ^0.14.0 - run: cd terraform - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@master with: project_id: ${{ secrets.GCS_PROJECT_ID }} service_account_key: ${{ secrets.GCS_TF_KEY }} export_default_credentials: true - name: Pull necessary artifacts run: | currentHash=${{ github.sha }} selectedTargetArtifact=${${{ github.event.inputs.worker_tag }}:-$currentHash} mkdir worker-dist gsutil cp gs://roleypoly-artifacts/backend-worker/$selectedTargetArtifact/script.js worker-dist/backend-worker.js - run: terraform init --backend-config "prefix=${{github.event.inputs.environment}}" - name: Write tags to tags.tfvars.auto.json run: | echo '{"ui_tag": "${{needs.docker_sync.outputs.ui_tag}}", "bot_tag": "${{needs.docker_sync.outputs.bot_tag}}", "worker_path": "./worker-dist/backend-worker.js"}' | jq | tee tags.tfvars.auto.json - name: Write TF_DATA_${{github.event.inputs.environment}} to actions.tfvars.auto.json run: | sh -c 'echo '$TF_DATA' | jq > actions.tfvars.auto.json' >/dev/null 2>&1 env: TF_DATA: ${{ secrets[format('TF_DATA_{0}', github.event.inputs.environment)] }} - run: | terraform plan \ --var-file variables/global.tfvars \ --var-file variables/${{github.event.inputs.environment}}.tfvars \ -out=./deployment.tfplan - run: | terraform apply \ --var-file variables/global.tfvars \ --var-file variables/${{github.event.inputs.environment}}.tfvars \ -auto-approve \ deployment.tfplan