deploy-relay.yml

name: Manual-Relay-Deploy

on:
    workflow_dispatch:
        branches: ['dev', 'prod']
        inputs:
            version:
                type: string
                required: true
            env:
                type: string
                required: true

    workflow_call:
        inputs:
            version:
                type: string
                required: true
            env:
                type: string
                required: true

# get repo vars before running jobs
env:
    REGION: ${{ vars.REGION }}
    WIF_PROVIDER: ${{ secrets.WIF_PROVIDER }}
    WIF_SERVICE_ACCOUNT: ${{ secrets.WIF_SERVICE_ACCOUNT }}
    GAR_LOCATION: ${{ vars.GAR_LOCATION }}
    PROJECT_ID: ${{ vars.PROJECT_ID }}
    REPOSITORY: ${{ vars.REPOSITORY }}
    TWITTER_CLIENT_ID: ${{ secrets.TWITTER_CLIENT_ID }}
    TWITTER_CLIENT_KEY: ${{ secrets.TWITTER_CLIENT_KEY }}

jobs:
    relay:
        permissions:
            contents: 'read'
            id-token: 'write'

        runs-on: ubuntu-latest
        environment: ${{ inputs.env }}
        steps:
            - name: Production Code
              uses: 'actions/checkout@v3'

            - name: Authenticate to Google Cloud
              id: auth
              uses: 'google-github-actions/auth@v1'
              with:
                  token_format: access_token
                  workload_identity_provider: '${{ env.WIF_PROVIDER }}'
                  service_account: '${{ env.WIF_SERVICE_ACCOUNT }}'
                  access_token_lifetime: 300s

            ## artifact registry auth setup
            - name: Login to Artifact Registry
              id: docker-auth
              uses: docker/login-action@v1
              with:
                  registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev
                  username: oauth2accesstoken
                  password: ${{ steps.auth.outputs.access_token }}

            - name: Deploy to Cloud Run
              id: deploy
              uses: google-github-actions/deploy-cloudrun@v0
              with:
                  service: ${{ vars.BACKEND_SERVICE }}
                  region: ${{ env.REGION }}
                  image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ vars.BACKEND_SERVICE }}:${{ inputs.version }}
                  # add ENV as below
                  env_vars: |
                      UNIREP_ADDRESS=${{ vars.UNIREP_ADDRESS }}
                      APP_ADDRESS=${{ vars.APP_ADDRESS }}
                      GENESIS_BLOCK=${{ vars.GENESIS_BLOCK }}
                      ETH_PROVIDER_URL=${{ vars.ETH_PROVIDER_URL }}
                      PRIVATE_KEY=${{ secrets.PRIVATE_KEY }}
                      DB_PATH=${{ secrets.DB_PATH }}
                      ENV=${{ inputs.env }}
                      CLIENT_URL=${{ vars.CLIENT_URL }}
                      SERVER=${{ vars.SERVER }}
                      TWITTER_CLIENT_ID=${{ env.TWITTER_CLIENT_ID }}
                      TWITTER_CLIENT_KEY=${{ env.TWITTER_CLIENT_KEY }}
                      RESET_DATABASE=${{ vars.RESET_DATABASE }}
            - name: Allow public access
              id: unauthenticated
              run: gcloud run services add-iam-policy-binding ${{ vars.BACKEND_SERVICE }} --region=${{ env.REGION }} --member="allUsers" --role="roles/run.invoker"

            - name: Show Output
              run: echo ${{ steps.deploy.outputs.url }}