name: Build and Deploy Backend on: push: branches: - main paths: - 'backend/**' - 'frontend/src/shared/**' jobs: build-and-deploy: runs-on: ubuntu-latest permissions: contents: read id-token: write steps: - name: Checkout code uses: actions/checkout@v3 - name: Generate version id: version run: | echo "version=dev-${GITHUB_SHA::7}" >> $GITHUB_OUTPUT - name: Copy shared code run: | mkdir -p backend/src/.shared cp -r frontend/src/shared/* backend/src/.shared/ - name: Google Auth id: auth uses: google-github-actions/auth@v1 with: workload_identity_provider: ${{ secrets.WIF_PROVIDER }} service_account: ${{ secrets.WIF_SERVICE_ACCOUNT }} - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v1 - name: Check for required Google Cloud secrets run: | required_secrets=("OPENAI_API_KEY" "DB_USER" "DB_HOST" "DB_NAME" "DB_PASSWORD" "GOOGLE_CLIENT_ID") missing_secrets=() for secret in "${required_secrets[@]}"; do if ! gcloud secrets versions access latest --secret="$secret" >/dev/null 2>&1; then missing_secrets+=("$secret") fi done if [ ${#missing_secrets[@]} -ne 0 ]; then echo "Error: The following required Google Cloud secrets are missing:" for secret in "${missing_secrets[@]}"; do echo "- $secret" done exit 1 fi echo "All required Google Cloud secrets are present. Proceeding with deployment..." - name: Build and Push Image id: build run: | cd backend BUILD_ID=$(gcloud builds submit --tag gcr.io/mindmeld-backend/mindmeld:${{ steps.version.outputs.version }} --format='get(id)' --async) echo "build_id=$BUILD_ID" >> $GITHUB_OUTPUT echo "Waiting for build to complete..." while true; do STATUS=$(gcloud builds describe $BUILD_ID --format='get(status)') if [ "$STATUS" = "SUCCESS" ]; then echo "Build completed successfully!" break elif [ "$STATUS" = "FAILURE" ] || [ "$STATUS" = "TIMEOUT" ] || [ "$STATUS" = "CANCELLED" ]; then echo "Build failed with status: $STATUS" exit 1 fi echo "Build status: $STATUS" sleep 30 done - name: Deploy to Cloud Run if: success() run: | gcloud run deploy mindmeld \ --image gcr.io/mindmeld-backend/mindmeld:${{ steps.version.outputs.version }} \ --add-cloudsql-instances ${{ secrets.CLOUD_SQL_CONNECTION_NAME }} \ --set-secrets=OPENAI_API_KEY=OPENAI_API_KEY:latest,DB_USER=DB_USER:latest,DB_HOST=DB_HOST:latest,DB_NAME=DB_NAME:latest,DB_PASSWORD=DB_PASSWORD:latest,GOOGLE_CLIENT_ID=GOOGLE_CLIENT_ID:latest \ --platform managed \ --region europe-west1 \ --allow-unauthenticated