Skip to content

Release

Release #33

Workflow file for this run

name: Release
on:
workflow_dispatch:
inputs:
version:
description: The version to release (e.g. v1.0.0)
required: true
type: string
jobs:
release:
name: Release
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- run: |
echo "::notice::Releasing ${{ github.event.inputs.version }}"
- name: Create Tag
uses: negz/create-tag@v1
with:
version: ${{ github.event.inputs.version }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: Release
uses: softprops/action-gh-release@v1
with:
name: ${{ github.event.inputs.version }}
tag_name: ${{ github.event.inputs.version }}
generate_release_notes: true
publish:
name: Publish Docker
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
needs:
- release
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/metadata-action@v5
id: meta
with:
images: ghcr.io/piszmog/pathwise
tags: |
type=raw,value=${{ github.event.inputs.version }}
- uses: docker/build-push-action@v5
with:
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
VERSION=$${{ github.event.inputs.version }}
deploy:
name: Deploy
runs-on: ubuntu-latest
permissions:
contents: 'read'
id-token: 'write'
needs:
- release
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: 1.22.x
- name: Get Version
run: |
VERSION="${{ github.event.inputs.version }}"
MODIFIED_VERSION="${VERSION//./-}"
echo "VERSION_GCP=$MODIFIED_VERSION" >> $GITHUB_ENV
- run: go mod download
- run: go install github.com/a-h/templ/cmd/templ@v0.2.663
- name: Generate Templ Files
run: templ generate -path ./components
- name: Generate CSS
run: |
curl -sLO https://github.com/tailwindlabs/tailwindcss/releases/latest/download/tailwindcss-linux-x64
chmod +x tailwindcss-linux-x64
mv tailwindcss-linux-x64 tailwindcss
./tailwindcss -i ./styles/input.css -o ./dist/assets/css/output@${{ github.event.inputs.version }}.css --minify
- uses: sqlc-dev/setup-sqlc@v3
with:
sqlc-version: '1.26.0'
- run: sqlc generate
- name: Replace version
run: sed -i 's/\${version}/'"$VERSION"'/' app.yaml
env:
VERSION: ${{ github.event.inputs.version }}
- name: Replace token secret
run: sed -i 's/\${secrets.DB_TOKEN}/'"$DB_TOKEN"'/' app.yaml
env:
DB_TOKEN: ${{ secrets.DB_TOKEN }}
# Create a service account in IAM with roles
# App Engine Admin
# Cloud Build Editor
# Service Account User
# Storage Admin
# Artifact Registry Reader
#
# Create a Workload Identity Pool
# Create a provider for pool
# - ODIC
# - issuer: https://token.actions.githubusercontent.com
# - Default audience
# - Attributes
# - google.subject: assertion.sub
# - attribute.actor: assertion.actor
# - attribute.repository: assertion.repository
#
# For service account, grant access to principal
# - New principals: principalSet://iam.googleapis.com/projects/<project number>/locations/global/workloadIdentityPools/<pool id>/attribute.repository/<github owner>/<github repo>
# - Role: Workload Identity User
#
# Enable App Engine Admin API
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: projects/${{ secrets.GCP_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{ secrets.GCP_WORKLOAD_POOL_ID }}/providers/${{ secrets.GCP_WORKLOAD_PROVIDER_ID }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT_NAME }}@${{ secrets.GCP_PROJECT_ID }}.iam.gserviceaccount.com
- id: 'deploy'
uses: 'google-github-actions/deploy-appengine@v2'
with:
version: ${{ env.VERSION_GCP }}