fixing chatbot #76
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy App (Prod) | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| workflow_dispatch: | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: . | |
| jobs: | |
| deploy: | |
| name: Build and Deploy to Cloud Run | |
| runs-on: ubuntu-latest | |
| environment: production | |
| # Add 'id-token' with the intended permissions for workload identity federation | |
| permissions: | |
| contents: "read" | |
| id-token: "write" | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| # NOTE: Google Cloud Authentication via credentials json | |
| - name: Authenticate to Google Cloud | |
| id: auth | |
| uses: "google-github-actions/auth@v1" | |
| with: | |
| credentials_json: "${{ secrets.PROD_GCP_CREDENTIALS }}" | |
| # Authenticate Docker to Google Cloud Artifact Registry | |
| - name: Docker Auth | |
| id: docker-auth | |
| uses: "docker/login-action@v1" | |
| with: | |
| username: "_json_key" | |
| password: "${{ secrets.PROD_GCP_CREDENTIALS }}" | |
| registry: "${{ vars.PROD_GAR_LOCATION }}-docker.pkg.dev" | |
| # Get required secrets from Secret Manager | |
| - name: Get Secret Manager secrets | |
| id: secrets | |
| uses: google-github-actions/get-secretmanager-secrets@v1 | |
| with: | |
| secrets: |- | |
| auth0_base_url:projects/447192648937/secrets/AUTH0_BASE_URL | |
| auth0_client_id:projects/447192648937/secrets/AUTH0_CLIENT_ID | |
| auth0_client_secret:projects/447192648937/secrets/AUTH0_CLIENT_SECRET | |
| auth0_issuer_base_url:projects/447192648937/secrets/AUTH0_ISSUER_BASE_URL | |
| auth0_mgmt_api_client_id:projects/447192648937/secrets/AUTH0_MGMT_API_CLIENT_ID | |
| auth0_mgmt_api_client_secret:projects/447192648937/secrets/AUTH0_MGMT_API_CLIENT_SECRET | |
| whatsapp_token:projects/447192648937/secrets/WHATSAPP_TOKEN | |
| phone_number_id:projects/447192648937/secrets/PHONE_NUMBER_ID | |
| webhook_api_version:projects/447192648937/secrets/WEBHOOK_API_VERSION | |
| webhook_secret:projects/447192648937/secrets/WEBHHOK_SECRET | |
| auth0_secret:projects/447192648937/secrets/AUTH0_SECRET | |
| database_url:projects/447192648937/secrets/DATABASE_URL | |
| error_reporting_webhook:projects/447192648937/secrets/ERROR_REPORTING_WEBHOOK | |
| next_public_app_env:projects/447192648937/secrets/NEXT_PUBLIC_APP_ENV | |
| next_public_hotjar_id:projects/447192648937/secrets/NEXT_PUBLIC_HOTJAR_ID | |
| next_public_hotjar_snippet_version:projects/447192648937/secrets/NEXT_PUBLIC_HOTJAR_SNIPPET_VERSION | |
| - name: Build and Push Container | |
| run: |- | |
| docker build --build-arg AUTH0_BASE_URL="${{ steps.secrets.outputs.auth0_base_url }}" \ | |
| --build-arg AUTH0_CLIENT_ID="${{ steps.secrets.outputs.auth0_client_id }}" \ | |
| --build-arg AUTH0_CLIENT_SECRET="${{ steps.secrets.outputs.auth0_client_secret }}" \ | |
| --build-arg AUTH0_ISSUER_BASE_URL="${{ steps.secrets.outputs.auth0_issuer_base_url }}" \ | |
| --build-arg AUTH0_MGMT_API_CLIENT_ID="${{ steps.secrets.outputs.auth0_mgmt_api_client_id }}" \ | |
| --build-arg AUTH0_MGMT_API_CLIENT_SECRET="${{ steps.secrets.outputs.auth0_mgmt_api_client_secret }}" \ | |
| --build-arg AUTH0_SECRET="${{ steps.secrets.outputs.auth0_secret }}" \ | |
| --build-arg DATABASE_URL="${{ steps.secrets.outputs.database_url }}" \ | |
| --build-arg WHATSAPP_TOKEN="${{ steps.secrets.outputs.whatsapp_token }}" \ | |
| --build-arg PHONE_NUMBER_ID="${{ steps.secrets.outputs.phone_number_id }}" \ | |
| --build-arg WEBHOOK_API_VERSION="${{ steps.secrets.outputs.webhook_api_version }}" \ | |
| --build-arg WEBHHOK_SECRET="${{ steps.secrets.outputs.webhook_secret }}" \ | |
| --build-arg FAILED_WEBHOOKURL="${{ steps.secrets.outputs.error_reporting_webhook }}" \ | |
| --build-arg NEXT_PUBLIC_APP_ENV="${{ steps.secrets.outputs.next_public_app_env }}" \ | |
| --build-arg NEXT_PUBLIC_HOTJAR_ID="${{ steps.secrets.outputs.next_public_hotjar_id }}" \ | |
| --build-arg NEXT_PUBLIC_HOTJAR_SNIPPET_VERSION="${{ steps.secrets.outputs.next_public_hotjar_snippet_version }}" \ | |
| --tag "asia-south1-docker.pkg.dev/silent-rune-375211/artpark/noobs-prod:${{ github.sha }}" . | |
| docker push "asia-south1-docker.pkg.dev/silent-rune-375211/artpark/noobs-prod:${{ github.sha }}" | |
| # END - Docker auth and build | |
| - name: Deploy to Cloud Run | |
| id: deploy | |
| uses: google-github-actions/deploy-cloudrun@v0 | |
| with: | |
| region: ${{ vars.PROD_REGION }} | |
| service: noobs-prod | |
| image: asia-south1-docker.pkg.dev/silent-rune-375211/artpark/noobs-prod:${{ github.sha }} | |
| # If required, use the Cloud Run url output in later steps | |
| - name: Show Output | |
| run: echo ${{ steps.deploy.outputs.url }} |