-
Notifications
You must be signed in to change notification settings - Fork 24
109 lines (101 loc) · 3.75 KB
/
functions.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
name: Functions
on:
# Check job conditions if you add any triggers here
pull_request:
paths:
- 'functions/**'
- '.github/workflows/functions.yml'
push:
branches:
- 'main'
paths:
- 'functions/**'
- '.github/workflows/functions.yml'
workflow_call:
inputs:
deploy_env:
description: 'For manual deployments (prod)'
type: string
concurrency:
group: func-${{ github.event.workflow_run.head_branch || github.ref }}
cancel-in-progress: true
jobs:
prepare-deploy:
secrets: inherit
uses: ./.github/workflows/prepare-deploy.yml
with:
wait: false
deploy_env: ${{ inputs.deploy_env }}
build-functions:
needs: prepare-deploy
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #@v3.1.0
- name: Set .env for functions
run: echo "CENTRIFUGE_SUBGRAPH_URL=https://api.goldsky.com/api/public/project_clhi43ef5g4rw49zwftsvd2ks/subgraphs/main/prod/gn" > functions/.env
- name: print .env
run: cat functions/.env
- name: Setup Node
uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 #@v3
with:
node-version: 18
cache: yarn
- name: Install Dependencies
run: yarn install
- name: Build
run: yarn build:functions
- name: Archive functions artifacts
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # @v3.1.2
with:
name: func-dist
retention-days: 4
path: functions/dist
# !dist/**/*.md
deploy-functions:
needs: [build-functions, prepare-deploy]
outputs:
function_url: ${{ steps.gclouddeploy.outputs.url }}
permissions:
contents: 'read'
id-token: 'write'
runs-on: ubuntu-latest
# Deployment strategy:
# prod if deploying from main branch or preview from PRs
environment: ${{ inputs.deploy_env || 'gcloud-dev' }}
# https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
steps:
- name: download the distribution package
id: download
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # @v3.0.2
with:
name: func-dist
- name: debug
run: |
echo "Using GH environment -> ${{ inputs.deploy_env && 'production' || 'gcloud-dev' }} "
echo "Because inputs.deploy_env == ${{ inputs.deploy_env }} (empty if not triggered manually)"
- name: Auth gcloud
id: gauth
uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1
with:
workload_identity_provider: '${{ secrets.GWIP }}'
service_account: '${{ secrets.GSA }}'
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1
- name: Deploy to google functions
id: gclouddeploy
uses: google-github-actions/deploy-cloud-functions@14509ca55199d9348161571e36c48e44f855030d #@v1
with:
name: ${{ needs.prepare-deploy.outputs.function_name }}
runtime: nodejs16
region: ${{ vars.GCP_REGION }}
source_dir: ${{steps.download.outputs.download-path}}
entry_point: 'handler'
https_trigger_security_level: 'secure_always'
max_instances: ${{ inputs.deploy_env == 'production' && '25' || '1' }}
- name: Change function to allow_unathorized calls
shell: bash
run: |
gcloud functions add-iam-policy-binding ${{ needs.prepare-deploy.outputs.function_name }} \
--region=${{ vars.GCP_REGION }} \
--member="allUsers" --role="roles/cloudfunctions.invoker"