Skip to content

Workflow file for this run

name: Publish Docker image (deploy)
on:
push:
branches:
- develop
workflow_dispatch:
jobs:
push_to_registry:
permissions:
contents: read
id-token: write
name: Push Docker image to Container Registry
runs-on: ubuntu-latest
steps:
- name: Free Disk Space
uses: jlumbroso/free-disk-space@main
with:
# This might remove tools that are actually needed, if set to "true" but frees about 6 GB
tool-cache: false
# All of these default to true, but feel free to set to "false" if necessary for your workflow
android: true
dotnet: true
haskell: true
large-packages: false
swap-storage: true
- name: Check out the repo
uses: actions/[email protected]
- name: Set environment variables
run: |
echo "COMMIT_SHA=$(git rev-parse --short=7 HEAD)" >> $GITHUB_ENV
echo "COMMIT_SHA_FULL=$(git rev-parse HEAD)" >> $GITHUB_ENV
echo "CLIENT_ASSETS_BASE_URL=${{ secrets.CLIENT_ASSETS_BASE_URL }}" >> $GITHUB_ENV
echo "CLIENT_ASSETS_DIR=$(git show --no-patch --format='%at' HEAD)" >> $GITHUB_ENV
- name: Add SSH key
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
run: |
mkdir -p ~/.ssh
ssh-keyscan -p ${{ secrets.ARM_NODE_PORT }} -H ${{ secrets.ARM_NODE_ADDR }} >> ~/.ssh/known_hosts
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
echo "${{ secrets.SSH_PRIVATE_KEY }}" | ssh-add -
- name: Set up Docker Buildx
id: buildx
uses: docker/[email protected]
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
with:
endpoint: unix:///var/run/docker.sock
platforms: linux/amd64
append: |
- endpoint: ssh://${{ secrets.ARM_NODE_USER }}@${{ secrets.ARM_NODE_ADDR }}:${{ secrets.ARM_NODE_PORT }}
platforms: linux/arm64
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}:${{ env.COMMIT_SHA }}, ghcr.io/${{ github.repository }}:develop
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v1
with:
token_format: access_token
workload_identity_provider: ${{ secrets.IDENTITY_PROVIDER }}
service_account: ${{ secrets.SERVICE_ACCOUNT }}
- name: Login to Artifact Registry
uses: docker/login-action@v2
with:
registry: ${{ secrets.ARTIFACT_REGISTRY }}
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- uses: pnpm/action-setup@v2
- uses: actions/setup-node@v3
with:
node-version: 20
cache: 'pnpm'
- name: Install static dependencies
run: |
git submodule update --init
NODE_ENV=production pnpm --filter cherrypick-js install
NODE_ENV=production pnpm --filter frontend install
- name: Build static
run: |
NODE_ENV=production pnpm build-pre
NODE_ENV=production pnpm --filter cherrypick-js build
NODE_ENV=production pnpm --filter frontend build
NODE_ENV=production pnpm build-deploy
- name: Deploy static
run: |
mv built/_frontend_dist_ built/assets
mv built/_vite_ built/vite
mv built ${{ env.CLIENT_ASSETS_DIR }}
echo ${{ env.COMMIT_SHA_FULL }} > ${{ env.CLIENT_ASSETS_DIR }}/commit_sha
gcloud storage cp --project ${{ secrets.GCP_PROJECT_ID }} --recursive ${{ env.CLIENT_ASSETS_DIR }} gs://${{ secrets.GCS_BUCKET_NAME }}/static/
rm -rf ${{ env.CLIENT_ASSETS_DIR }}/commit_sha
mv ${{ env.CLIENT_ASSETS_DIR }}/vite ${{ env.CLIENT_ASSETS_DIR }}/_vite_
mv ${{ env.CLIENT_ASSETS_DIR }}/assets ${{ env.CLIENT_ASSETS_DIR }}/_frontend_dist_
- name: Build and Push to Container registry
uses: docker/build-push-action@v5
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
with:
builder: ${{ steps.buildx.outputs.name }}
context: .
file: deploy.Dockerfile
push: true
platforms: ${{ steps.buildx.outputs.platforms }}
provenance: false
tags: |
${{ secrets.ARTIFACT_REGISTRY }}/libnare/${{ github.event.repository.name }}/${{ github.ref_name }}:${{ env.COMMIT_SHA }}
${{ secrets.ARTIFACT_REGISTRY }}/libnare/${{ github.event.repository.name }}/${{ github.ref_name }}:latest
labels: ${{ env.COMMIT_SHA }}, develop
build-args: |
ARGS_CLIENT_ASSETS_BASE_URL=${{ env.CLIENT_ASSETS_BASE_URL }}
ARGS_CLIENT_ASSETS_DIR=${{ env.CLIENT_ASSETS_DIR }}