Separate release and deploy into separate workflows

Piszmog · Mar 30, 2024 · 90d3464 · 90d3464
1 parent 27a1ec7
commit 90d3464
Show file tree

Hide file tree

Showing 2 changed files with 110 additions and 44 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -0,0 +1,110 @@
+name: Publish
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  publish:
+    name: Publish Docker
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: ghcr.io/piszmog/pathwise
+      - uses: docker/build-push-action@v5
+        with:
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            VERSION=$${{ github.event.release.tag_name }}
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: 1.22.x
+      - name: Get Version
+        run: |
+          VERSION="${{ github.event.release.tag_name }}"
+          MODIFIED_VERSION="${VERSION//./-}"
+          echo "VERSION_GCP=$MODIFIED_VERSION" >> $GITHUB_ENV
+      - run: go mod download
+      - run: go install github.com/a-h/templ/cmd/templ@v0.2.648
+      - name: Generate Templ Files
+        run: templ generate -path ./components
+      - name: Generate CSS
+        run: |
+          curl -sLO https://github.com/tailwindlabs/tailwindcss/releases/latest/download/tailwindcss-linux-x64
+          chmod +x tailwindcss-linux-x64
+          mv tailwindcss-linux-x64 tailwindcss
+          ./tailwindcss -i ./styles/input.css -o ./dist/assets/css/output@${{ github.event.release.tag_name }}.css --minify
+      - name: Replace version
+        run: sed -i 's/\${version}/'"$VERSION"'/' app.yaml
+        env:
+          VERSION: ${{ github.event.release.tag_name }}
+      - name: Replace token secret
+        run: sed -i 's/\${secrets.DB_TOKEN}/'"$DB_TOKEN"'/' app.yaml
+        env:
+          DB_TOKEN: ${{ secrets.DB_TOKEN }}
+      # Create a service account in IAM with roles
+      # App Engine Admin
+      # Cloud Build Editor
+      # Service Account User
+      # Storage Admin
+      #
+      # - appengine
+      #   - applications.get
+      #   - operations.get
+      #   - services.list
+      #   - services.update
+      #   - versions.create
+      #   - versions.get
+      #   - versions.list
+      # - cloudbuild
+      #   - builds.create
+      #   - builds.get
+      # - iam
+      #   - serviceAccounts.actAs
+      # - storage
+      #   - buckets.get
+      #   - objects.create
+      #   - objects.delete
+      #   - objects.get
+      #   - objects.list
+      #
+      # Create a Workload Identity Pool
+      # Create a provider for pool
+      # - ODIC
+      # - issuer: https://token.actions.githubusercontent.com
+      # - Default audience
+      # - Attributes
+      #   - google.subject: assertion.sub
+      #   - attribute.actor: assertion.actor
+      #   - attribute.repository: assertion.repository
+      - id: 'auth'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          workload_identity_provider: projects/${{ secrets.GCP_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{ secrets.GCP_WORKLOAD_POOL_ID }}/providers/${{ secrets.GCP_WORKLOAD_PROVIDER_ID }}
+          service_account: ${{ secrets.GCP_SERVICE_ACCOUNT_NAME }}@${{ secrets.GCP_PROJECT_ID }}.iam.gserviceaccount.com
+      - id: 'deploy'
+        uses: 'google-github-actions/deploy-appengine@v2'
+        with:
+          version: ${{ env.VERSION_GCP }}
+          flags: --no-cache
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -27,47 +27,3 @@ jobs:
           name: ${{ github.event.inputs.version }}
           tag_name: ${{ github.event.inputs.version }}
           generate_release_notes: true
-  deploy:
-    name: Deploy
-    runs-on: ubuntu-latest
-    permissions:
-      contents: 'read'
-      id-token: 'write'
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: 1.22.x
-      - name: Get Version
-        run: |
-          VERSION="${{ github.event.inputs.version }}"
-          MODIFIED_VERSION="${VERSION//./-}"
-          echo "VERSION_GCP=$MODIFIED_VERSION" >> $GITHUB_ENV
-      - run: go mod download
-      - run: go install github.com/a-h/templ/cmd/templ@v0.2.648
-      - name: Generate Templ Files
-        run: templ generate -path ./components
-      - name: Generate CSS
-        run: |
-          curl -sLO https://github.com/tailwindlabs/tailwindcss/releases/latest/download/tailwindcss-linux-x64
-          chmod +x tailwindcss-linux-x64
-          mv tailwindcss-linux-x64 tailwindcss
-          ./tailwindcss -i ./styles/input.css -o ./assets/css/output@${{ github.event.inputs.version }}.css --minify
-      - name: Replace version
-        run: sed -i 's/\${version}/'"$VERSION"'/' app.yaml
-        env:
-          VERSION: ${{ github.event.inputs.version }}
-      - name: Replace token secret
-        run: sed -i 's/\${secrets.DB_TOKEN}/'"$DB_TOKEN"'/' app.yaml
-        env:
-          DB_TOKEN: ${{ secrets.DB_TOKEN }}
-      - id: 'auth'
-        uses: 'google-github-actions/auth@v1'
-        with:
-          workload_identity_provider: ${{ secrets.GCP_WIP }}
-          service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
-      - id: 'deploy'
-        uses: 'google-github-actions/deploy-appengine@v1'
-        with:
-          version: ${{ env.VERSION_GCP }}
-          flags: --no-cache