MNTOR-3711: Properly fall back to error if token doesn't match #3131
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Preview | |
| on: | |
| pull_request: | |
| env: | |
| PROJECT_ID: ${{ secrets.GCP_PROJECT }} | |
| SERVICE: blurts-server | |
| REGION: us-east4 | |
| TAG: pr-${{ github.event.pull_request.number }} | |
| DB_HOST: ${{ secrets.PREVIEW_DB_HOST }} | |
| jobs: | |
| deploy: | |
| permissions: | |
| pull-requests: write | |
| # Secrets aren't available for Dependabot PR (because the updated | |
| # dependencies might abuse them), so they don't have enough rights to | |
| # do a preview deployment: | |
| if: github.actor != 'dependabot[bot]' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Cloud SDK | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| credentials_json: '${{ secrets.GCP_SA_KEY }}' | |
| - name: Use gcloud CLI | |
| run: gcloud info | |
| - name: Generate database on the fly | |
| id: db_create | |
| # This can fail on the subsequent runs, we can ignore the error (database already exists) | |
| continue-on-error: true | |
| run: | | |
| gcloud sql instances create ${{ env.SERVICE }}-${{ env.TAG }} --tier=db-f1-micro --region=${{ env.REGION }} --database-version=POSTGRES_15 --edition=enterprise | |
| gcloud sql users set-password postgres --host=% --instance ${{ env.SERVICE }}-${{ env.TAG }} --password postgres | |
| gcloud sql databases create blurts --instance=${{ env.SERVICE }}-${{ env.TAG }} | |
| gcloud sql databases list --instance=${{ env.SERVICE }}-${{ env.TAG }} | |
| gcloud sql instances list | |
| - name: Authorize Docker push | |
| run: gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev | |
| - name: Build and Push Container | |
| run: |- | |
| docker build -t ${{env.REGION}}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ env.TAG }} -f './Dockerfile.cloudrun' . | |
| docker push ${{env.REGION}}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ env.TAG }} | |
| - name: Deploy to Cloud Run | |
| id: deploy | |
| uses: google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| service: ${{ env.SERVICE }}-${{ env.TAG }} | |
| image: ${{env.REGION}}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ env.TAG }} | |
| region: ${{ env.REGION }} | |
| flags: "--allow-unauthenticated --add-cloudsql-instances=${{ env.PROJECT_ID }}:${{env.REGION}}:${{ env.SERVICE }}-${{ env.TAG }}" | |
| # tag: ${{ env.TAG }} | |
| env_vars: | | |
| NEXTAUTH_URL= ${{ secrets.NEXTAUTH_URL }} | |
| NEXTAUTH_SECRET=${{ secrets.NEXTAUTH_SECRET }} | |
| OAUTH_ACCOUNT_URI=${{ secrets.OAUTH_ACCOUNT_URI }} | |
| OAUTH_CLIENT_ID=${{ secrets.OAUTH_CLIENT_ID }} | |
| OAUTH_CLIENT_SECRET=${{ secrets.OAUTH_CLIENT_SECRET }} | |
| ONEREP_API_KEY=${{ secrets.ONEREP_API_KEY }} | |
| APP_ENV=cloudrun | |
| COOKIE_SECRET=secret | |
| PG_HOST=/cloudsql/${{ env.PROJECT_ID }}:${{env.REGION}}:${{ env.SERVICE }}-${{ env.TAG }} | |
| ADMINS=${{ secrets.ADMINS }} | |
| HIBP_API_TOKEN=${{ secrets.HIBP_API_TOKEN }} | |
| HIBP_KANON_API_TOKEN=${{ secrets.HIBP_KANON_API_TOKEN }} | |
| AUTH_REDIRECT_PROXY_URL=${{ secrets.AUTH_REDIRECT_PROXY_URL }} | |
| PGUSER=postgres | |
| PGDATABASE=postgres | |
| DB_NAME=blurts | |
| DB_USER=postgres | |
| DB_PASSWORD=postgres | |
| CLOUD_SQL_CONNECTION_NAME=${{ env.PROJECT_ID }}:${{env.REGION}}:${{ env.SERVICE }}-${{ env.TAG }} | |
| DATABASE_URL= postgres://postgres:postgres@localhost:5432/blurts | |
| - name: Comment on Pull Request | |
| uses: thollander/actions-comment-pull-request@v3 | |
| with: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| message: | | |
| Preview URL :rocket: : ${{ steps.deploy.outputs.url }} | |
| comment_tag: preview_url | |
| create-if-not-exists: true | |