- Setup a new Service Account
Create a new service account for our cloud run and deployment process, in order to create a new service account go to
IAM & Admin > Service Account > Create New Service Account
Add listed roles to the new service account while creation.
Artifact Registry Writer
Cloud Run Admin
Editor
Service Account User
Storage Admin
Create and save the email to GitHub secrets as SERVICE_ACCOUNT_EMAIL and key (JSON) as GCP_SA_KEY we'll need it for the YML file.
- Setup Artifact Registry Create a new artifact registry by visiting Artifact Registry > Create Repository Keep the Docker format for the app deployment select your region.
Save registry name and region under github secrets as ARTIFACTION_REGISTRY_NAME and REGION
We're almost there! In order to enable the apis for cloud run, just visit the cloud run via google cloud console and it should auto enable all the required apis for us.
Set / Confirm the Github Secrets
PROJECT_ID
- Id of the google cloud project
REGION
- Make sure to keep the region that we used while creating the artifact registry or update the yml file as per you need
DEV_APP_NAME
- App name that you want to use for the cloud run service name, registry image name and cloud build name ( if build is being used )
ARTIFACT_REGISTRY_NAME
- Artifact Registry name
SERVICE_ACCOUNT_EMAIL
- Service account email that we created earlier
Follow up this YML File.
Note: Current version of yml file use docker based deployment instead of cloud build If you want to use cloud build instead of docker push, then enable cloud build from google cloud console and uncomment line 81 to 84 to 86, also comment out line 76 to 82
name: Build and Deploy to Google Cloud
on:
push:
branches:
- dev
workflow_dispatch:
# SERVICE ACCOUNT : cloud-run-and-deploy@semiotic-karma-397201.iam.gserviceaccount.com
env:
PROJECT_ID: ${{ secrets.PROJECT_ID }}
REGION: ${{ secrets.REGION }}
APP_NAME: ${{ secrets.DEV_APP_NAME }}
REGISTRY_NAME: ${{ secrets.ARTIFACT_REGISTRY_NAME }}
SERVICE_ACCOUNT_EMAIL: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
jobs:
build-and-deploy:
name: Setup, Build, and Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
# Authenticate with Google Cloud
- id: "auth"
uses: google-github-actions/auth@v1.1.1
with:
credentials_json: "${{ secrets.GCP_SA_KEY }}"
# Setup gcloud CLI/SDK
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v1
- name: Authorize Docker push
run: gcloud auth configure-docker $REGION-docker.pkg.dev
- name: Build and tag the docker image
run: |-
docker build --build-arg NODE_ENV=dev . --tag $REGION-docker.pkg.dev/$PROJECT_ID/$REGISTRY_NAME/$APP_NAME:$GITHUB_SHA
- name: Push the image to the Google Artifact Registry (GAR)
run: |-
docker push $REGION-docker.pkg.dev/$PROJECT_ID/$REGISTRY_NAME/$APP_NAME:$GITHUB_SHA
# - name: Build and push the Docker image
# run: |-
# gcloud builds submit . --tag $REGION-docker.pkg.dev/$PROJECT_ID/$REGISTRY_NAME/$APP_NAME:$GITHUB_SHA
- name: Deploy
run: |-
gcloud run deploy $APP_NAME \
--region $REGION \
--image $REGION-docker.pkg.dev/$PROJECT_ID/$REGISTRY_NAME/$APP_NAME:$GITHUB_SHA \
--platform "managed" \
--service-account $SERVICE_ACCOUNT_EMAIL \
--port 80 \
--quiet
Top comments (1)
Can we add healthchecks to the run deploy?