build(deps): bump com.googlecode.libphonenumber:libphonenumber from 8.13.18 to 8.13.19 #211
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: GCP Cloud Run CI Dev | |
on: | |
pull_request: | |
types: [ opened, synchronize, reopened ] | |
env: | |
PROJECT_ID: fpi-sms-api | |
REGISTRY: asia-east1-docker.pkg.dev | |
GHUB_REPO_NAME: fpi-load-api | |
SERVICE: fpi-load-api-dev | |
REGION: asia-east1 | |
SONAR_PROJECT_KEY: vincejv_fpi-load-api | |
SERVICE_CPU: 1000m | |
SERVICE_MEMORY: 512Mi | |
SERVICE_ENV: dev | |
jobs: | |
pre_job: | |
name: Duplicate checks | |
runs-on: ubuntu-latest | |
if: ${{ !contains(github.event.head_commit.message, 'docs-update(') }} # skip for commits containing 'docs-update(' | |
outputs: | |
should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
paths_result: ${{ steps.skip_check.outputs.paths_result }} | |
steps: | |
- name: Skip duplicate actions | |
id: skip_check | |
uses: fkirc/skip-duplicate-actions@v5 | |
with: | |
concurrent_skipping: outdated_runs | |
cancel_others: true | |
code_quality_checks: | |
name: Code quality checks | |
runs-on: ubuntu-latest | |
needs: pre_job | |
if: needs.pre_job.outputs.should_skip != 'true' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v3 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Build and analyze | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=${{ env.SONAR_PROJECT_KEY }} -Dsonar.qualitygate.wait=true -Pallow-snapshots | |
deploy_to_cloud: | |
name: Deploy to Cloud Run | |
runs-on: ubuntu-latest | |
needs: code_quality_checks | |
outputs: | |
artifact_version: ${{ steps.gen_ver.outputs.artifact_version }} | |
service_image_path: ${{ steps.image_version.outputs.service_image_path }} | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
environment: Development | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 # for jgitver to generate the version | |
# - name: Set up Docker Buildx | |
# uses: docker/setup-buildx-action@v2 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
- name: Prepare artifact version | |
id: gen_ver | |
run: | | |
echo "artifact_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_OUTPUT | |
- name: Prepare Docker image tag | |
id: image_version | |
run: | | |
echo "service_image_path=${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.GHUB_REPO_NAME }}/${{ env.SERVICE }}:${{ steps.gen_ver.outputs.artifact_version }}" >> $GITHUB_OUTPUT | |
- name: Create JVM package | |
run: mvn -B package -Pallow-snapshots | |
- name: Google Auth | |
id: gcp-auth | |
uses: google-github-actions/auth@v1 | |
with: | |
token_format: 'access_token' | |
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' | |
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' | |
- name: Login to Google Docker Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: 'oauth2accesstoken' | |
password: ${{ steps.gcp-auth.outputs.access_token }} | |
- name: Check Docker repository | |
id: repository_check | |
continue-on-error: true # will throw an error if repository does not exist | |
run: | | |
gcloud artifacts repositories describe ${{ env.GHUB_REPO_NAME }} --location ${{ env.REGION }} | |
- name: Create Docker repository | |
if: ${{ steps.repository_check.outcome == 'failure' }} # only create if previous step does not exist | |
run: | | |
gcloud artifacts repositories create ${{ env.GHUB_REPO_NAME }} --repository-format=docker --location ${{ env.REGION }} | |
# - name: Extract metadata (tags, labels) for Docker | |
# id: meta | |
# uses: docker/metadata-action@v4 | |
# with: | |
# images: ${{ steps.image_version.outputs.service_image_path }} | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
file: Dockerfile.dev | |
push: true | |
tags: | # ${{ steps.meta.outputs.tags }} - (For public repositories like docker hub) | |
${{ steps.image_version.outputs.service_image_path }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Deploy to cloud run | |
id: deploy | |
uses: google-github-actions/deploy-cloudrun@v1 | |
with: | |
service: ${{ env.SERVICE }} | |
region: ${{ env.REGION }} | |
image: ${{ steps.image_version.outputs.service_image_path }} | |
project_id: ${{ env.PROJECT_ID }} | |
flags: --cpu ${{ env.SERVICE_CPU }} --memory ${{ env.SERVICE_MEMORY }} --timeout 900 --no-cpu-throttling | |
env_vars: | | |
DB_NAME=load-api-dev | |
OIDC_CLIENT_ID=${{ secrets.OIDC_CLIENT_ID }} | |
OIDC_AUTH_URL=${{ secrets.OIDC_AUTH_URL }} | |
GL_REWARDS_API=${{ secrets.GL_REWARDS_API }} | |
GL_APP_ID=${{ secrets.GL_APP_ID }} | |
DTONE_BASEURL=${{ secrets.DTONE_BASEURL }} | |
DTONE_APIKEY=${{ secrets.DTONE_APIKEY }} | |
DTONE_CALLBACK_URL=${{ secrets.DTONE_CALLBACK_URL }} | |
LOGIN_BASE_URI=${{ secrets.LOGIN_BASE_URI }} | |
SMS_BASE_URI=${{ secrets.SMS_BASE_URI }} | |
FPI_APP_TO_APP_USERN=${{ secrets.FPI_APP_TO_APP_USERN }} | |
USER_BASE_URI=${{ secrets.USER_BASE_URI }} | |
MSGR_API_BASE_URI=${{ secrets.MSGR_API_BASE_URI }} | |
TG_API_BASE_URI=${{ secrets.TG_API_BASE_URI }} | |
VIBER_API_BASE_URI=${{ secrets.VIBER_API_BASE_URI }} | |
secrets: | | |
MONGO_CONN_STRING=vbl_mongo_connection_string:latest | |
OIDC_SECRET=oidc_secret_keycloak:latest | |
GL_APP_SEC=gl_app_secret:latest | |
FPI_MO_WEBHOOK_KEY=fpi_mo_incoming_webook_key:latest | |
FPI_DLR_WEBHOOK_KEY=fpi_dlr_incoming_webhook_key:latest | |
FPI_GEN_WEBHOOK_KEY=fpi_gen_incoming_webhook_key:latest | |
DTONE_APISECRET=dtone_api_secret:latest | |
GL_APP_AMAX_TOKEN=gl_app_amax_token:latest | |
FPI_APP_TO_APP_PASSW=fpi_load_api_creds_secret_key:latest | |
labels: | | |
env=${{ env.SERVICE_ENV }} | |
- name: Configure cloud run | |
run: |- | |
gcloud run services add-iam-policy-binding ${{ env.SERVICE }} --member=allUsers --role=roles/run.invoker --region=${{ env.REGION }} | |
- name: Show Output | |
run: echo ${{ steps.deploy.outputs.url }} | |
deploy_to_central: | |
name: Release artifact to central | |
runs-on: ubuntu-latest | |
needs: deploy_to_cloud # only deploy to central if successfully deployed to cloud run environment | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: maven | |
server-id: ossrh | |
server-username: MAVEN_USERNAME | |
server-password: MAVEN_PASSWORD | |
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
gpg-passphrase: MAVEN_GPG_PASSPHRASE | |
- name: Build and release to central repo | |
env: | |
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} | |
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
run: mvn -B deploy -Dlib-only -P release-for-oss,allow-snapshots | |
pr_update: | |
name: Pull request update | |
if: always() | |
needs: [ pre_job, deploy_to_cloud ] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
pull-requests: write # allows job to decorate PRs with analysis results | |
steps: | |
- name: Update PR (Skip message) | |
uses: marocchino/sticky-pull-request-comment@v2 | |
if: ${{ always() && needs.pre_job.outputs.should_skip == 'true' }} | |
with: | |
message: | | |
⚪ Skipped CI/CD as deployment was done in a previous job | |
- name: Update PR (Success message) | |
uses: marocchino/sticky-pull-request-comment@v2 | |
if: ${{ always() && needs.pre_job.outputs.should_skip != 'true' && needs.deploy_to_cloud.outputs.artifact_version != '' }} | |
with: | |
message: | | |
✅ Deployed to DEV environment: `${{ needs.deploy_to_cloud.outputs.artifact_version }}` | |
#### Add to your POM | |
```xml | |
<dependency> | |
<groupId>com.abavilla</groupId> | |
<artifactId>${{ env.GHUB_REPO_NAME }}-lib</artifactId> | |
<version>${{ needs.deploy_to_cloud.outputs.artifact_version }}</version> | |
</dependency> | |
``` | |
- name: Update PR (Failure message) | |
uses: marocchino/sticky-pull-request-comment@v2 | |
if: ${{ always() && needs.pre_job.outputs.should_skip != 'true' && needs.deploy_to_cloud.outputs.artifact_version == '' }} | |
with: | |
message: | | |
❌ CI Build & Deployment failed, please check the [logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details |