Skip to content

fix(m360-api): api rework #41

fix(m360-api): api rework

fix(m360-api): api rework #41

Workflow file for this run

name: GCP Cloud Run CI Prod
on:
push:
branches:
- main
env:
DEVELOPMENT_SYNC_BRANCH: development
PROJECT_ID: fpi-sms-api
REGISTRY: asia-east1-docker.pkg.dev
GHUB_REPO_NAME: fpi-sms-api
SERVICE: fpi-sms-api-v1
REGION: asia-east1
SONAR_PROJECT_KEY: vincejv_fpi-sms-api
NATIVE_IMAGE_BUILDER: quay.io/quarkus/ubi-quarkus-mandrel-builder-image:22.3-java17
SERVICE_CPU: 1000m
SERVICE_MEMORY: 384Mi
SERVICE_ENV: prod
jobs:
pre_job:
name: Duplicate checks
runs-on: ubuntu-latest
if: ${{ !contains(github.event.head_commit.message, 'docs-update(') }} # skip for commits containing 'docs-update('
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
paths_result: ${{ steps.skip_check.outputs.paths_result }}
steps:
- name: Skip duplicate actions
id: skip_check
uses: fkirc/skip-duplicate-actions@v5
with:
concurrent_skipping: outdated_runs
cancel_others: true
versioning:
name: Versioning
runs-on: ubuntu-latest
needs: pre_job
if: needs.pre_job.outputs.should_skip != 'true'
outputs:
new_tag: ${{ steps.tag_version.outputs.new_tag }}
changelog: ${{ steps.tag_version.outputs.changelog }}
service_image_path: ${{ steps.image_version.outputs.service_image_path }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Prepare Docker image tag
id: image_version
run: |
echo "service_image_path=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }}:${{ steps.tag_version.outputs.new_tag }}" >> $GITHUB_OUTPUT
rebase_dev:
name: Sync development branch
runs-on: ubuntu-latest
needs: versioning
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 0
- name: ReSync Branch
uses: Joao208/[email protected]
with:
PERSONAL_TOKEN: ${{ secrets.FPI_BOT_TOKEN }}
BRANCH_NAME: ${{ env.DEVELOPMENT_SYNC_BRANCH }}
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
code_quality_checks:
name: Code quality checks
runs-on: ubuntu-latest
needs: versioning
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 17
cache: maven
- name: Cache SonarCloud packages
uses: actions/cache@v3
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Build and analyze
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=${{ env.SONAR_PROJECT_KEY }} -Dsonar.qualitygate.wait=true
github_release:
name: Perform Github release
runs-on: ubuntu-latest
needs: [ versioning, code_quality_checks ]
steps:
- name: Create a GitHub release
uses: ncipollo/release-action@v1
with:
tag: ${{ needs.versioning.outputs.new_tag }}
name: Release ${{ needs.versioning.outputs.new_tag }}
body: ${{ needs.versioning.outputs.changelog }}
deploy_to_cloud:
name: Deploy to Cloud Run
runs-on: ubuntu-latest
needs: [ code_quality_checks, versioning ]
permissions:
contents: read
packages: write
id-token: write
environment: Production
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0 # for jgitver to generate the version
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v2
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 17
cache: maven
- name: Generate native image
run: mvn -B package -Pnative -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=${{ env.NATIVE_IMAGE_BUILDER }}
- name: Google Auth
id: gcp-auth
uses: google-github-actions/auth@v1
with:
token_format: 'access_token'
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
- name: Login to Google Docker Registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: 'oauth2accesstoken'
password: ${{ steps.gcp-auth.outputs.access_token }}
- name: Check Docker repository
id: repository_check
continue-on-error: true # will throw an error if repository does not exist
run: |
gcloud artifacts repositories describe ${{ env.GHUB_REPO_NAME }} --location ${{ env.REGION }}
- name: Create Docker repository
if: ${{ steps.repository_check.outcome == 'failure' }} # only create if previous step does not exist
run: |
gcloud artifacts repositories create ${{ env.GHUB_REPO_NAME }} --repository-format=docker --location ${{ env.REGION }}
# - name: Extract metadata (tags, labels) for Docker
# id: meta
# uses: docker/metadata-action@v4
# with:
# images: ${{ needs.versioning.outputs.service_image_path }}
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: .
push: true
tags: | # ${{ steps.meta.outputs.tags }} - (For public repositories like docker hub)
${{ needs.versioning.outputs.service_image_path }}
labels: ${{ steps.meta.outputs.labels }}
- name: Deploy to cloud run
id: deploy
uses: google-github-actions/deploy-cloudrun@v1
with:
service: ${{ env.SERVICE }}
region: ${{ env.REGION }}
image: ${{ needs.versioning.outputs.service_image_path }}
project_id: ${{ env.PROJECT_ID }}
flags: |
--set-env-vars ^##^MONGO_CONN_STRING=${{ secrets.MONGO_CONN_STRING }}
--set-env-vars OIDC_CLIENT_ID=${{ secrets.OIDC_CLIENT_ID }}
--set-env-vars OIDC_AUTH_URL=${{ secrets.OIDC_AUTH_URL }}
--set-env-vars OIDC_SECRET=${{ secrets.OIDC_SECRET }}
--set-env-vars SMS_API_KEY=${{ secrets.SMS_API_KEY }}
--set-env-vars SMS_SID=${{ secrets.SMS_SID }}
--set-env-vars M360_BROADCAST_URL=${{ secrets.M360_BROADCAST_URL }}
--set-env-vars USER_BASE_URI=${{ secrets.USER_BASE_URI }}
--set-env-vars FPI_APP_TO_APP_USERN=${{ secrets.FPI_APP_TO_APP_USERN }}
--set-env-vars LOGIN_BASE_URI=${{ secrets.LOGIN_BASE_URI }}
--set-env-vars SMS_SECRET=${{ secrets.SMS_SECRET }}
--set-env-vars FPI_MO_WEBHOOK_KEY=${{ secrets.FPI_MO_WEBHOOK_KEY }}
--set-env-vars FPI_DLR_WEBHOOK_KEY=${{ secrets.FPI_DLR_WEBHOOK_KEY }}
--set-env-vars FPI_GEN_WEBHOOK_KEY=${{ secrets.FPI_GEN_WEBHOOK_KEY }}
--set-env-vars FPI_APP_TO_APP_PASSW=${{ secrets.FPI_APP_TO_APP_PASSW }}
--set-env-vars M360_API_URL=${{ secrets.M360_API_URL }}
--set-env-vars DB_NAME=sms-api-prod
--cpu ${{ env.SERVICE_CPU }}
--memory ${{ env.SERVICE_MEMORY }}
--cpu-throttling
labels: |
env=${{ env.SERVICE_ENV }}
- name: Configure cloud run
run: |-
gcloud run services add-iam-policy-binding ${{ env.SERVICE }} --member=allUsers --role=roles/run.invoker --region=${{ env.REGION }}
- name: Show Output
run: echo ${{ steps.deploy.outputs.url }}
deploy_to_central:
name: Release artifact to central
runs-on: ubuntu-latest
needs: deploy_to_cloud # only deploy to central if successfully deployed to cloud run environment
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 17
cache: maven
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE
- name: Build and release to central repo
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
run: mvn -B deploy -Dlib-only -Prelease-for-oss