.github/workflows/main-cd.yml

name: CD-Main
run-name: ${{ github.actor }} acitvates the actions 🚀

on:
    workflow_dispatch:
        branches: ['feat_system_cicd_enhancment']
        inputs:
            build-services:
                description: 'build which services'
                required: true
                default: 'relay-frontend'
                type: choice
                options:
                    - relay-frontend
                    - contract
            version:
                description: 'current deploy version'
                required: true
                default: '0.0.1'

jobs:
    build:
        permissions:
            contents: 'read'
            id-token: 'write'
        uses: ./.github/workflows/build-all.yml
        with:
            build-services: ${{ inputs.build-services }}
            version: ${{ inputs.version }}
        secrets: inherit

    backend:
        needs: build
        permissions:
            contents: 'read'
            id-token: 'write'

        runs-on: ubuntu-latest
        steps:
            - name: Production Code
              uses: 'actions/checkout@v3'

            - name: Authenticate to Google Cloud
              id: auth
              uses: 'google-github-actions/auth@v1'
              with:
                  token_format: access_token
                  workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
                  service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
                  access_token_lifetime: 300s

            ## artifact registry auth setup
            - name: Login to Artifact Registry
              id: docker-auth
              uses: docker/login-action@v1
              with:
                  registry: ${{ vars.GAR_LOCATION }}-docker.pkg.dev
                  username: oauth2accesstoken
                  password: ${{ steps.auth.outputs.access_token }}

            - name: Deploy to Cloud Run
              id: deploy
              uses: google-github-actions/deploy-cloudrun@v0
              with:
                  service: ${{ vars.BACKEND_SERVICE }}
                  region: ${{ vars.REGION }}
                  image: ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.REPOSITORY }}/${{vars.BACKEND_SERVICE}}:${{inputs.version}}
                  # add ENV as below
                  env_vars: |
                      TWITTER_CLIENT_ID=${{ secrets.TWITTER_CLIENT_ID }}
                      TWITTER_CLIENT_KEY=${{ secrets.TWITTER_CLIENT_KEY }}
                      TENDERLY_ACCESS_KEY=${{ secrets.TENDERLY_ACCESS_KEY }}
                      TENDERLY_PROJECT_SLUG=${{ secrets.TENDERLY_PROJECT_SLUG }}
                      TENDERLY_DEVNET_TEMPLATE=${{ secrets.TENDERLY_DEVNET_TEMPLATE }}
                      TENDERLY_ACCOUNT_ID=${{ secrets.TENDERLY_ACCOUNT_ID }}
                      CLIENT_URL=${{ vars.CLIENT_URL }}
                      CALLBACK_URL=${{ vars.CALLBACK_URL }}

            - name: Allow public access
              id: unauthenticated
              run: gcloud run services add-iam-policy-binding ${{ vars.BACKEND_SERVICE }} --region=${{ vars.REGION }} --member="allUsers" --role="roles/run.invoker"

            - name: Show Output
              run: echo ${{ steps.deploy.outputs.url }}
    frontend:
        needs: build
        permissions:
            contents: 'read'
            id-token: 'write'

        runs-on: ubuntu-latest
        steps:
            - name: Production Code
              uses: 'actions/checkout@v3'

            - name: Authenticate to Google Cloud
              id: auth
              uses: 'google-github-actions/auth@v1'
              with:
                  token_format: access_token
                  workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
                  service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
                  access_token_lifetime: 900s

            ## artifact registry auth setup
            - name: Login to Artifact Registry
              id: docker-auth
              uses: docker/login-action@v1
              with:
                  registry: ${{ vars.GAR_LOCATION }}-docker.pkg.dev
                  username: oauth2accesstoken
                  password: ${{ steps.auth.outputs.access_token }}

            - name: Deploy to Cloud Run
              id: deploy
              uses: google-github-actions/deploy-cloudrun@v0
              with:
                  service: ${{ vars.FRONTEND_SERVICE }}
                  region: ${{ vars.REGION }}
                  image: ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.REPOSITORY }}/${{vars.FRONTEND_SERVICE}}:${{inputs.version}}
                  ## set --max-old-space-size=8192 for node.js to increase memory limit
                  env_vars: |
                      ENV=${{ vars.ENV }}
                      STAGE_SERVER=${{ vars.ENV }}_SERVER
                      NODE_OPTIONS=${{ vars.NODE_OPTIONS }}

            - name: Allow public access
              id: unauthenticated
              run: gcloud run services add-iam-policy-binding ${{ vars.FRONTEND_SERVICE }} --region=${{ vars.REGION }} --member="allUsers" --role="roles/run.invoker"

            - name: Show Output
              run: echo ${{ steps.deploy.outputs.url }}