Sync groups #2909
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: cloud-run | |
| on: | |
| push: | |
| branches: | |
| - master | |
| paths: | |
| - 'Cargo.lock' | |
| - 'webhooky/**' | |
| - 'cio/**' | |
| - '.github/workflows/cloud-run.yml' | |
| - 'macros/**' | |
| - 'dropshot-verify-request/**' | |
| - 'mailerlite/**' | |
| - 'meilisearch-minimal-api/**' | |
| - 'parse-rfd/**' | |
| - 'ramp-minimal-api/**' | |
| - 'zoho-client/**' | |
| workflow_dispatch: | |
| inputs: | |
| env: | |
| PROJECT_ID: ${{ secrets.GOOGLE_CLOUD_PROJECT }} | |
| RUN_REGION: us-central1 | |
| SERVICE_NAME: webhooky | |
| concurrency: | |
| group: cloudrun | |
| cancel-in-progress: true | |
| jobs: | |
| setup-build-deploy: | |
| name: Setup, Build, and Deploy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@master | |
| - name: Cache cargo registry | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cargo/registry | |
| key: ${{ runner.os }}-cargo-registry-${{ github.ref }} | |
| - name: Cache cargo index | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cargo/git | |
| key: ${{ runner.os }}-cargo-index-${{ github.ref }} | |
| - name: Cache cargo build | |
| uses: actions/cache@v3 | |
| with: | |
| path: target | |
| key: ${{ runner.os }}-cargo-build-target-${{ github.ref }} | |
| - uses: 'google-github-actions/auth@v2' | |
| with: | |
| credentials_json: ${{ secrets.GOOGLE_CLOUD_SA_KEY }} | |
| # Setup gcloud CLI | |
| - uses: google-github-actions/setup-gcloud@v2 | |
| with: | |
| project_id: ${{ secrets.GOOGLE_CLOUD_PROJECT }} | |
| # Build and push image to Google Container Registry | |
| - name: Build image | |
| run: |- | |
| gcloud config set builds/use_kaniko True | |
| gcloud config set builds/kaniko_cache_ttl 72 | |
| mv webhooky/Dockerfile . | |
| cp .dockerignore .gcloudignore | |
| gcloud builds submit \ | |
| --quiet \ | |
| --timeout 2h \ | |
| --machine-type n1-highcpu-32 \ | |
| --tag "gcr.io/$PROJECT_ID/$SERVICE_NAME:$GITHUB_SHA" | |
| - name: Extract sha | |
| shell: bash | |
| run: echo "::set-output name=hash::${GITHUB_SHA:0:8}" | |
| id: extract_sha | |
| # Deploy image to Cloud Run | |
| - name: Deploy | |
| run: |- | |
| gcloud run deploy "$SERVICE_NAME" \ | |
| --quiet \ | |
| --region "$RUN_REGION" \ | |
| --image "gcr.io/$PROJECT_ID/$SERVICE_NAME:$GITHUB_SHA" \ | |
| --cpu 4 \ | |
| --memory 16Gi \ | |
| --platform "managed" \ | |
| --no-cpu-throttling \ | |
| --set-env-vars "GIT_HASH=${{ steps.extract_sha.outputs.hash }}" \ | |
| --set-secrets "CIO_DATABASE_URL=database_url:1,RFD_PDFS_IN_GITHUB=rfd_pdfs_in_github:1,RFD_PDFS_IN_GOOGLE_DRIVE=rfd_pdfs_in_google:1,RUST_BACKTRACE=rust_backtrace:1,RUST_LOG=rust_log:latest,GITHUB_ORG=github_org:1,GH_APP_ID=gh_app_id:latest,GH_PRIVATE_KEY=gh_private_key:latest,SENDGRID_API_KEY=sendgrid_api_key:1,SHIPPO_API_TOKEN=shippo_api_token:1,WEBHOOKY_SENTRY_DSN=webhook_sentry_dsn:1,SENTRY_ENV=sentry_env:1,DOCUSIGN_REDIRECT_URI=docusign_redirect_uri:1,DOCUSIGN_INTEGRATION_KEY=docusign_integration_key:1,DOCUSIGN_WEBHOOK_ENDPOINT=docusign_webhook_endpoint:1,DOCUSIGN_CLIENT_SECRET=docusign_client_secret:1,GOOGLE_GEOCODE_API_KEY=google_geocode_api_key:1,RAMP_CLIENT_ID=ramp_client_id:1,RAMP_CLIENT_SECRET=ramp_client_secret:1,RAMP_REDIRECT_URI=ramp_redirect_uri:1,QUICKBOOKS_CLIENT_ID=quickbooks_client_id:1,QUICKBOOKS_CLIENT_SECRET=quickbooks_client_secret:1,QUICKBOOKS_REDIRECT_URI=quickbooks_redirect_uri:1,GUSTO_CLIENT_ID=gusto_client_id:1,GUSTO_CLIENT_SECRET=gusto_client_secret:1,GUSTO_REDIRECT_URI=gusto_redirect_uri:1,GOOGLE_KEY_ENCODED=google_key_encoded:1,MAILCHIMP_CLIENT_ID=mailchimp_client_id:1,MAILCHIMP_CLIENT_SECRET=mailchimp_client_secret:1,MAILCHIMP_REDIRECT_URI=mailchimp_redirect_uri:1,SLACK_CLIENT_ID=slack_client_id:1,SLACK_CLIENT_SECRET=slack_client_secret:1,SLACK_REDIRECT_URI=slack_redirect_uri:1,ZOOM_CLIENT_ID=zoom_client_id:1,ZOOM_CLIENT_SECRET=zoom_client_secret:1,ZOOM_REDIRECT_URI=zoom_redirect_uri:1,REVAI_API_KEY=revai_api_key:1,MAILCHIMP_LIST_ID_RACK_LINE=mailchimp_list_id_rack_line:1,SHIPBOB_WEBHOOKS_URL=shipbob_webhooks_url:1,EASYPOST_API_KEY=easypost_api_key:1,ZOHO_CLIENT_ID=zoho_client_id:1,ZOHO_CLIENT_SECRET=zoho_client_secret:1,AIRTABLE_WH_KEY=airtable_wh_key:1,DOCUSIGN_WH_KEY=docusign_wh_key:1,GH_WH_KEY=gh_wh_key:1,INTERNAL_AUTH_BEARER=internal_auth_bearer:1,MAILCHIMP_WH_KEY=mailchimp_wh_key:1,SHIPPO_WH_KEY=shippo_wh_key:1,SLACK_WH_KEY=slack_wh_key:1,MAILCHIMP_API_KEY=mailchimp_api_key:1,HIRING_AUTH_BEARER=hiring_auth_bearer:1,RFD_AUTH_BEARER=rfd_auth_bearer:1,PRINT_TOKEN=print_token:1,RFD_STATIC_BUCKET=rfd_static_bucket:1,CLOUD_DNS_PROJECT=cloud_dns_project:1,MAILERLITE_ENABLED=mailerlite_enabled:1,MAILERLITE_TIME_ZONE=mailerlite_time_zone:1,MAILERLITE_API_KEY=mailerlite_api_key:1,MAILERLITE_MAILING_LIST_SEGMENT=mailerlite_mailing_list_segment:1,MAILERLITE_WAIT_LIST_SEGMENT=mailerlite_wait_list_segment:1,MEILI_URL=meili_url:1,MEILI_KEY=meili_key:1,CERTS_GCS=certs_gcs:1,CERTS_REPO=certs_repo:latest,NGINX_REPO=nginx_repo:1,SHORTURL_REPO=shorturl_repo:1,RENEW_CERTS=renew_certs:latest,CERT_ACCOUNT=cert_account:latest,SALESFORCE_CLIENT_ID=salesforce_client_id:latest,SALESFORCE_USER=salesforce_user:latest,SALESFORCE_DOMAIN=salesforce_domain:latest,SALESFORCE_KEY=salesforce_key:latest" \ | |
| --max-instances=5 \ | |
| --min-instances=1 \ | |
| --allow-unauthenticated | |
| # Wait for it to be deployed | |
| sleep 100 | |
| - name: Extract revision | |
| shell: bash | |
| run: REVISION=$(gcloud run revisions list --platform managed --region "$RUN_REGION" --service $SERVICE_NAME --sort-by ~deployed --quiet | sed -n '2 p' | awk '{print $2}'); echo "::set-output name=version::${REVISION/webhooky-/}" | |
| id: extract_version |