Skip to content
Surface Demo CICD

chore: clean up env vars use subdomain for redirect #108

Sign in to view logs

chore: clean up env vars use subdomain for redirect

chore: clean up env vars use subdomain for redirect #108

Workflow file for this run

.github/workflows/deploy.yaml at 4f6dc86
name: Surface Demo CICD
on:
push:
branches:
- main
jobs:
test:
name: "Test"
runs-on: ubuntu-latest
env:
WORKOS_API_KEY: "test.fake.workos.api.key"
WORKOS_CLIENT_ID: "test.fake.client.id"
WORKOS_REDIRECT_URI: "http://localhost:3000/auth/callback"
NODE_ENV: "test"
steps:
- uses: actions/checkout@v4
- uses: oven-sh/setup-bun@v1
- name: "Bun test"
run: |
bun install
bunx tsr generate
bun test
docker:
needs: test
name: "Docker Build & Publish to AR"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: google-github-actions/setup-gcloud@v2
- uses: google-github-actions/auth@v2
with:
credentials_json: "${{ secrets.GCP_CICD_KEY }}"
- name: "Auth to AR"
run: gcloud auth configure-docker us-east4-docker.pkg.dev
- name: "Push to AR"
run: |
docker build . \
-f Dockerfile.node \
-t ${{ secrets.GCP_AR_PATH }}/app:${GITHUB_SHA::6} \
-t ${{ secrets.GCP_AR_PATH }}/app:latest
docker push ${{ secrets.GCP_AR_PATH }}/app:${GITHUB_SHA::6}
docker push ${{ secrets.GCP_AR_PATH }}/app:latest
deploy:
name: "Deploy on Cloud Run"
runs-on: ubuntu-latest
needs: docker
steps:
- uses: actions/checkout@v4
- uses: google-github-actions/setup-gcloud@v2
- uses: google-github-actions/auth@v2
with:
credentials_json: "${{ secrets.GCP_CICD_KEY }}"
- name: "Deploy"
run: |
echo "DEBUG: surface:*" >> env.yaml
echo "SELF_RPC_HOST: https://surface.makeitstable.com/" >> env.yaml
echo "NODE_ENV: production" >> env.yaml
echo "WORKOS_REDIRECT_URI: https://surface.makeitstable.com/auth/callback" >> env.yaml
gcloud run deploy surface-demo-app \
--image "${{ secrets.GCP_AR_PATH }}/app:${GITHUB_SHA::6}" \
--env-vars-file env.yaml \
--set-secrets="WORKOS_API_KEY=WORKOS_API_KEY:latest,WORKOS_CLIENT_ID=WORKOS_CLIENT_ID:latest" \
--service-account ${{ secrets.GCP_APP_SERVICE_ACCOUNT }} \
--region us-west1 \
--allow-unauthenticated