From 9952c06b6d4abc90d5315261af5b029703f12436 Mon Sep 17 00:00:00 2001 From: Manuel Wedler Date: Thu, 24 Oct 2024 18:26:35 +0200 Subject: [PATCH] Add github action for build and publish --- .github/workflows/release.yml | 70 +++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..60ecb39 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,70 @@ +name: Release on Google Cloud Run + +on: + push: + branches: + - main + - staging + +env: + REGISTRY: ghcr.io + IMAGE_NAME: verifier-alliance/parquet-export + GCP_PROJECT: verifier-alliance + WORKLOAD_IDENTITY_PROVIDER: projects/1064646032521/locations/global/workloadIdentityPools/github-actions/providers/vera-github-actions + SERVICE_ACCOUNT: vera-cloud-run-deployer@verifier-alliance.iam.gserviceaccount.com + JOB_NAME: test-parquet + JOB_REGION: europe-west3 + +jobs: + release: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + id-token: write + attestations: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + + - name: "auth GCP" + uses: "google-github-actions/auth@v2" + with: + workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ env.SERVICE_ACCOUNT }} + + - id: 'deploy' + uses: 'google-github-actions/deploy-cloudrun@v2' + with: + job: ${{ env.JOB_NAME }} + image: europe-west1-docker.pkg.dev/${{ env.GCP_PROJECT }}/ghcr/${{ env.IMAGE_NAME }}:${{ github.ref_name }}@${{ steps.push.outputs.digest }} + region: ${{ env.JOB_REGION }}