Skip to content

Merge branch 'prod' into dev #54

Merge branch 'prod' into dev

Merge branch 'prod' into dev #54

Workflow file for this run

name: Deploy to dev
on:
workflow_dispatch:
push:
# Deploys on version tag beginning v. Note there's a branch filter
# below, locks to the dev branch
branches:
dev
permissions:
contents: read
id-token: 'write'
packages: read
jobs:
deploy:
name: Deploy to dev
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Get version
id: version
run: echo VERSION=sha-$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT
- name: Install deps
run: npm install
# Python package version MUST be a semantic version, but also doesn't
# matter, so just setting to 0.0.0.
# The container version MUST change on every push to get Cloud Run
# to re-deploy, so is based on git hash.
- name: Build container
run: make PACKAGE_VERSION=0.0.0 VERSION=${{ steps.version.outputs.VERSION }}
- id: auth
name: Authenticate with Google Cloud
uses: google-github-actions/auth@v2
with:
token_format: access_token
workload_identity_provider: projects/583813057664/locations/global/workloadIdentityPools/deploy/providers/github
service_account: [email protected]
access_token_lifetime: 900s
create_credentials_file: true
- name: Login to Artifact Registry
uses: redhat-actions/podman-login@v1
with:
registry: us-central1-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- name: Install Pulumi
run: cd pulumi && npm install
- name: Applying infrastructure 🚀🙏
uses: pulumi/actions@v3
with:
command: up
stack-name: dev
work-dir: pulumi
cloud-url: gs://trustgraph-deploy/config-ui
env:
PULUMI_CONFIG_PASSPHRASE: ""
IMAGE_VERSION: ${{ steps.version.outputs.VERSION }}