Skip to content

Commit

Permalink
add oauth
Browse files Browse the repository at this point in the history
  • Loading branch information
@Lisooo790926
Lisooo790926 committed Oct 18, 2023
1 parent fe4dea3 commit 8bb347a
Show file tree
Hide file tree
Showing 5 changed files with 164 additions and 116 deletions.
54 changes: 29 additions & 25 deletions .github/workflows/build-all.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,6 @@ on:
version:
default: '0.0.1'
type: string
secrets:
GH_PAT:
required: true

jobs:
build-all:
if: ${{ inputs.build-services == 'contract' }}
Expand Down Expand Up @@ -45,7 +41,9 @@ jobs:
run: curl https://raw.githubusercontent.com/Tenderly/tenderly-cli/master/scripts/install-linux.sh | sudo sh

- name: Deploy contracts
run: yarn contracts deploy:devnet
run: |
mv ./packages/relay/.env.example /packages/relay/.env
yarn contracts deploy:devnet
env:
TENDERLY_ACCESS_KEY: ${{ secrets.TENDERLY_ACCESS_KEY }}
TENDERLY_PROJECT_SLUG: ${{ secrets.TENDERLY_PROJECT_SLUG }}
Expand All @@ -57,6 +55,15 @@ jobs:
env:
GH_TOKEN: ${{ secrets.GH_PAT }}

- name: Authenticate to Google Cloud
id: auth
uses: 'google-github-actions/auth@v1'
with:
token_format: access_token
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
access_token_lifetime: 300s

- name: Login Registry
id: docker-auth
uses: docker/login-action@v1
Expand All @@ -65,21 +72,15 @@ jobs:
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}

- name: lower case repository
run: |
REPO_STR=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
echo $REPO_STR
echo "REPO_STR=$REPO_STR" >> $GITHUB_ENV
- name: push relay image
run: |
docker build -t ghcr.io/$REPO_STR/${{vars.BACKEND_SERVICE}}:${{inputs.version}} -f ./packages/relay/Dockerfile .
docker push ghcr.io/$REPO_STR/${{vars.BACKEND_SERVICE}}:${{inputs.version}}
docker build -t ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.BACKEND_SERVICE }}:${{ inputs.version }} -f ./packages/relay/Dockerfile .
docker push ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.BACKEND_SERVICE }}:${{ inputs.version }}
- name: push frontend image
run: |
docker build -t ghcr.io/$REPO_STR/${{vars.FRONTEND_SERVICE}}:${{inputs.version}} -f ./packages/frontend/Dockerfile .
docker push ghcr.io/$REPO_STR/${{vars.FRONTEND_SERVICE}}:${{inputs.version}}
docker build -t ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.FRONTEND_SERVICE }}:${{ inputs.version }} -f ./packages/frontend/Dockerfile .
docker push ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.FRONTEND_SERVICE }}:${{ inputs.version }}
build-relay-frontend:
if: ${{ inputs.build-services == 'relay-frontend'}}
Expand Down Expand Up @@ -108,6 +109,15 @@ jobs:
- name: Install and build packages
run: yarn && yarn build

- name: Authenticate to Google Cloud
id: auth
uses: 'google-github-actions/auth@v1'
with:
token_format: access_token
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
access_token_lifetime: 300s

- name: Login Registry
id: docker-auth
uses: docker/login-action@v1
Expand All @@ -116,18 +126,12 @@ jobs:
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}

- name: lower case repository
run: |
REPO_STR=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
echo $REPO_STR
echo "REPO_STR=$REPO_STR" >> $GITHUB_ENV
- name: push relay image
run: |
docker build -t ghcr.io/$REPO_STR/${{vars.BACKEND_SERVICE}}:${{inputs.version}} -f ./packages/relay/Dockerfile .
docker push ghcr.io/$REPO_STR/${{vars.BACKEND_SERVICE}}:${{inputs.version}}
docker build -t ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.BACKEND_SERVICE }}:${{ inputs.version }} -f ./packages/relay/Dockerfile .
docker push ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.BACKEND_SERVICE }}:${{ inputs.version }}
- name: push frontend image
run: |
docker build -t ghcr.io/$REPO_STR/${{vars.FRONTEND_SERVICE}}:${{inputs.version}} -f ./packages/frontend/Dockerfile .
docker push ghcr.io/$REPO_STR/${{vars.FRONTEND_SERVICE}}:${{inputs.version}}
docker build -t ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.FRONTEND_SERVICE }}:${{ inputs.version }} -f ./packages/frontend/Dockerfile .
docker push ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.FRONTEND_SERVICE }}:${{ inputs.version }}
2 changes: 1 addition & 1 deletion .github/workflows/build-and-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
name: Build and Test
runs-on: ubuntu-22.04
container:
image: ghcr.io/lisooo790926/circom_node_env:0.0.1
image: ghcr.io/social-tw/circom_node_env:0.0.1
credentials:
username: ${{ github.actor }}
password: ${{ secrets.CR_PAT }}
Expand Down
60 changes: 60 additions & 0 deletions .github/workflows/deploy-frontend.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
name: CD-Manual-Frontend-Deploy

on:
workflow_dispatch:
workflow_call:
branches: ['feat_system_cicd_enhancment']
inputs:
version:
description: 'current deploy version'
required: true
default: '0.0.1'

jobs:
frontend:
permissions:
contents: 'read'
id-token: 'write'

runs-on: ubuntu-latest
steps:
- name: Production Code
uses: 'actions/checkout@v3'

- name: Authenticate to Google Cloud
id: auth
uses: 'google-github-actions/auth@v1'
with:
token_format: access_token
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
access_token_lifetime: 900s

## artifact registry auth setup
- name: Login to Artifact Registry
id: docker-auth
uses: docker/login-action@v1
with:
registry: ${{ vars.GAR_LOCATION }}-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}

- name: Deploy to Cloud Run
id: deploy
uses: google-github-actions/deploy-cloudrun@v0
with:
service: ${{ vars.FRONTEND_SERVICE }}
region: ${{ vars.REGION }}
image: ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.FRONTEND_SERVICE }}:${{ inputs.version }}
## set --max-old-space-size=8192 for node.js to increase memory limit
env_vars: |
ENV=${{ vars.ENV }}
STAGE_SERVER=${{ vars.ENV }}_SERVER
NODE_OPTIONS=${{ vars.NODE_OPTIONS }}
- name: Allow public access
id: unauthenticated
run: gcloud run services add-iam-policy-binding ${{ vars.FRONTEND_SERVICE }} --region=${{ vars.REGION }} --member="allUsers" --role="roles/run.invoker"

- name: Show Output
run: echo ${{ steps.deploy.outputs.url }}
61 changes: 61 additions & 0 deletions .github/workflows/deploy-relay.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: CD-Manual-Relay-Deploy

on:
workflow_dispatch:
workflow_call:
branches: ['feat_system_cicd_enhancment']
inputs:
version:
description: 'current deploy version'
required: true
default: '0.0.1'

jobs:
relay:
permissions:
contents: 'read'
id-token: 'write'

runs-on: ubuntu-latest
steps:
- name: Production Code
uses: 'actions/checkout@v3'

- name: Authenticate to Google Cloud
id: auth
uses: 'google-github-actions/auth@v1'
with:
token_format: access_token
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
access_token_lifetime: 300s

## artifact registry auth setup
- name: Login to Artifact Registry
id: docker-auth
uses: docker/login-action@v1
with:
registry: ${{ vars.GAR_LOCATION }}-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}

- name: Deploy to Cloud Run
id: deploy
uses: google-github-actions/deploy-cloudrun@v0
with:
service: ${{ vars.BACKEND_SERVICE }}
region: ${{ vars.REGION }}
image: ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.BACKEND_SERVICE }}:${{ inputs.version }}
# add ENV as below
env_vars: |
TWITTER_CLIENT_ID=${{ secrets.TWITTER_CLIENT_ID }}
TWITTER_CLIENT_KEY=${{ secrets.TWITTER_CLIENT_KEY }}
CLIENT_URL=${{ vars.CLIENT_URL }}
CALLBACK_URL=${{ vars.CALLBACK_URL }}
- name: Allow public access
id: unauthenticated
run: gcloud run services add-iam-policy-binding ${{ vars.BACKEND_SERVICE }} --region=${{ vars.REGION }} --member="allUsers" --role="roles/run.invoker"

- name: Show Output
run: echo ${{ steps.deploy.outputs.url }}
103 changes: 13 additions & 90 deletions .github/workflows/main-cd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ name: CD-Main
run-name: ${{ github.actor }} acitvates the actions 🚀

on:
push:
workflow_dispatch:
branches: ['feat_system_cicd_enhancment']
inputs:
Expand All @@ -21,107 +20,31 @@ on:

jobs:
build:
permissions:
contents: 'read'
id-token: 'write'
uses: ./.github/workflows/build-all.yml
with:
build-services: ${{ inputs.build-services }}
version: ${{ inputs.version }}
secrets:
GH_PAT: ${{ secrets.GH_PAT }}
secrets: inherit

backend:
relay:
needs: build
permissions:
contents: 'read'
id-token: 'write'
uses: ./.github/workflows/deploy-relay.yml
with:
version: ${{ inputs.version }}
secrets: inherit

runs-on: ubuntu-latest
steps:
- name: Production Code
uses: 'actions/checkout@v3'

- name: Authenticate to Google Cloud
id: auth
uses: 'google-github-actions/auth@v1'
with:
token_format: access_token
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
access_token_lifetime: 300s

## artifact registry auth setup
- name: Login to Artifact Registry
id: docker-auth
uses: docker/login-action@v1
with:
registry: ${{ vars.GAR_LOCATION }}-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}

- name: Deploy to Cloud Run
id: deploy
uses: google-github-actions/deploy-cloudrun@v0
with:
service: ${{ vars.BACKEND_SERVICE }}
region: ${{ vars.REGION }}
image: ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.BACKEND_SERVICE }}:${{ github.sha }}
# add ENV as below
env_vars: |
TWITTER_CLIENT_ID=${{ secrets.TWITTER_CLIENT_ID }}
TWITTER_CLIENT_KEY=${{ secrets.TWITTER_CLIENT_KEY }}
CLIENT_URL=${{ vars.CLIENT_URL }}
CALLBACK_URL=${{ vars.CALLBACK_URL }}
- name: Allow public access
id: unauthenticated
run: gcloud run services add-iam-policy-binding ${{ vars.BACKEND_SERVICE }} --region=${{ vars.REGION }} --member="allUsers" --role="roles/run.invoker"

- name: Show Output
run: echo ${{ steps.deploy.outputs.url }}
frontend:
needs: build
permissions:
contents: 'read'
id-token: 'write'

runs-on: ubuntu-latest
steps:
- name: Production Code
uses: 'actions/checkout@v3'

- name: Authenticate to Google Cloud
id: auth
uses: 'google-github-actions/auth@v1'
with:
token_format: access_token
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
access_token_lifetime: 900s

## artifact registry auth setup
- name: Login to Artifact Registry
id: docker-auth
uses: docker/login-action@v1
with:
registry: ${{ vars.GAR_LOCATION }}-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}

- name: Deploy to Cloud Run
id: deploy
uses: google-github-actions/deploy-cloudrun@v0
with:
service: ${{ vars.FRONTEND_SERVICE }}
region: ${{ vars.REGION }}
image: ${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.PROJECT_ID }}/${{ vars.REPOSITORY }}/${{ vars.FRONTEND_SERVICE }}:${{ github.sha }}
## set --max-old-space-size=8192 for node.js to increase memory limit
env_vars: |
ENV=${{ vars.ENV }}
STAGE_SERVER=${{ vars.ENV }}_SERVER
NODE_OPTIONS=${{ vars.NODE_OPTIONS }}
- name: Allow public access
id: unauthenticated
run: gcloud run services add-iam-policy-binding ${{ vars.FRONTEND_SERVICE }} --region=${{ vars.REGION }} --member="allUsers" --role="roles/run.invoker"

- name: Show Output
run: echo ${{ steps.deploy.outputs.url }}
uses: ./.github/workflows/deploy-frontend.yml
with:
version: ${{ inputs.version }}
secrets: inherit

0 comments on commit 8bb347a

Please sign in to comment.