Skip to content

Build and Deploy Production App #42

Build and Deploy Production App

Build and Deploy Production App #42

Workflow file for this run

# Adapted from: https://github.com/actions/starter-workflows/blob/main/deployments/google.yml
name: Build and Deploy Production App
on:
workflow_run:
workflows: ["Continuous Integration"] # Run only after CI passes
types: [completed]
branches:
- prod
env:
PROJECT_ID: peerprep-group11-prod
ARTIFACT_REPOSITORY_NAME: codeparty-prod-images
GKE_CLUSTER: codeparty-g11-prod # Add your cluster name here.
GKE_REGION: asia-southeast1 # Add your cluster zone here.
FIREBASE_SERVICE_ACCOUNT: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_PROD }}
PRISMA_DATABASE_URL: ${{ secrets.PRISMA_DATABASE_URL_PROD }}
MONGO_ATLAS_URL: ${{ secrets.MONGO_ATLAS_URL_PROD }}
NEXT_PUBLIC_FRONTEND_FIREBASE_CONFIG: ${{ secrets.FRONTEND_FIREBASE_CONFIG_PROD }}
NEXT_PUBLIC_HTTP_PROXY_GATEWAY_ADDRESS: https://api.codeparty.org/
NEXT_PUBLIC_WS_MATCH_PROXY_GATEWAY_ADDRESS: https://wsmatch.codeparty.org
NEXT_PUBLIC_WS_COLLABORATION_PROXY_GATEWAY_ADDRESS: https://wscollab.codeparty.org
TWILIO_ACCOUNT_SID: ${{ secrets.TWILIO_ACCOUNT_SID }}
TWILIO_API_KEY: ${{ secrets.TWILIO_API_KEY }}
TWILIO_API_SECRET: ${{ secrets.TWILIO_API_SECRET }}
jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish, and Deploy
runs-on: ubuntu-latest
environment: production
if: ${{ github.event.workflow_run.conclusion == 'success' }}
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: Checkout
uses: actions/checkout@v4
- id: 'auth'
name: Authenticate to Google Cloud
uses: 'google-github-actions/auth@v1'
with:
token_format: 'access_token'
workload_identity_provider: projects/345207492413/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-oidc
service_account: 'github-actions-service@peerprep-group11-prod.iam.gserviceaccount.com'
# Setup gcloud CLI
- name: Setup Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
# Configure Docker to login to google cloud
- name: Configure Docker
run: |-
echo ${{steps.auth.outputs.access_token}} | docker login -u oauth2accesstoken --password-stdin https://$GKE_REGION-docker.pkg.dev
# Get the GKE credentials so that we can deploy to the cluster
- name: Get Google Kubernetes Engine credentials for production
uses: google-github-actions/get-gke-credentials@v1
with:
cluster_name: ${{ env.GKE_CLUSTER }}
location: ${{ env.GKE_REGION }}
# Copy the JSON secrets (Firebase configs) into JSON files
- name: Copy JSON secrets into JSON files
run: |-
echo -n "$FIREBASE_SERVICE_ACCOUNT" > ./firebase_service_account.json
echo -n "$NEXT_PUBLIC_FRONTEND_FIREBASE_CONFIG" > ./next_public_frontend_firebase_config.json
# Set the secrets that are used as env variables in the manifest files
- name: Set kubectl secrets
run: |-
kubectl delete secret firebase-service-account \
--ignore-not-found
kubectl create secret generic firebase-service-account \
--from-file=firebase-service-account=./firebase_service_account.json
kubectl delete secret prisma-database-url \
--ignore-not-found
kubectl create secret generic prisma-database-url \
--from-literal=prisma-database-url=$PRISMA_DATABASE_URL
kubectl delete secret mongo-atlas-url \
--ignore-not-found
kubectl create secret generic mongo-atlas-url \
--from-literal=mongo-atlas-url=$MONGO_ATLAS_URL
kubectl delete secret frontend-firebase-config \
--ignore-not-found
kubectl create secret generic frontend-firebase-config \
--from-file=frontend-firebase-config=./next_public_frontend_firebase_config.json
kubectl delete secret twilio-account-sid \
--ignore-not-found
kubectl create secret generic twilio-account-sid \
--from-literal=twilio-account-sid=$TWILIO_ACCOUNT_SID
kubectl delete secret twilio-api-key \
--ignore-not-found
kubectl create secret generic twilio-api-key \
--from-literal=twilio-api-key=$TWILIO_API_KEY
kubectl delete secret twilio-api-secret \
--ignore-not-found
kubectl create secret generic twilio-api-secret \
--from-literal=twilio-api-secret=$TWILIO_API_SECRET
# Remove the JSON files
- name: Delete JSON files
if: ${{ always() }}
run: |-
rm ./firebase_service_account.json
rm ./next_public_frontend_firebase_config.json
# Install the dependencies such as prisma
- name: Install dependencies with immutable lockfile
run: yarn install --frozen-lockfile
# Apply prisma migrations to production prisma database
- name: Apply prisma database migrations
run: |-
yarn prisma migrate deploy
# Build the Docker images and push to Google Artifact Repository
- name: Build and push Docker images
run: |-
chmod u+x ./build-export-prod-images.sh
./build-export-prod-images.sh
working-directory: ./deployment
# Deploy the Docker images to the GKE cluster
- name: Deploy production application
run: |-
kubectl apply -f ./gke-prod-manifests
kubectl rollout status deployment
kubectl get services -o wide
working-directory: ./deployment