-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add demo github action * Add terraform * Add google credentials * Add permission to read from terraform state bucket * More stuff * Use artifact repository * Initial test of github deploy action * fix syntax * Checkout submodules * Add trace to debug jekyll issue * Hopefully fix permission issues on docker github * Try and make it work some more * Try random things until it works * Please work * Fix up directory path * Add artifact repository role for deployer service account * Add docker cache to github actions * Try and get github actions caching to work with docker * Try cache again, but with more environment variables * Remove useless docker cache * Set action for pushes to main only
- Loading branch information
1 parent
597e0eb
commit 703fc50
Showing
10 changed files
with
81 additions
and
50 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
name: Deploy | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
|
||
jobs: | ||
Configure-GCP-Project: | ||
runs-on: ubuntu-latest | ||
environment: production | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
submodules: recursive | ||
|
||
- uses: 'google-github-actions/auth@v1' | ||
with: | ||
credentials_json: '${{ secrets.GCP_DEPLOYER_SA }}' | ||
|
||
- uses: hashicorp/setup-terraform@v2 | ||
with: | ||
terraform_version: 1.1.4 | ||
|
||
- name: Build image and push | ||
env: | ||
GOOGLE_CREDENTIALS: ${{ secrets.GCP_DEPLOYER_SA }} | ||
run: | | ||
mkdir matthewlymer.github.io/.jekyll-cache | ||
make -C ./deploy push |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# Required github personal-access-token configuration | ||
https://github.com/settings/tokens | ||
|
||
Repos: | ||
- lymersite | ||
|
||
Permissions: | ||
- Read access to metadata | ||
- Read and Write access to administration, environments, and secrets |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# TODO: protect branch | ||
|
||
resource "github_repository_environment" "production" { | ||
repository = local.github.repository | ||
environment = "production" | ||
} | ||
|
||
resource "github_actions_environment_secret" "github_actions_deployer_key" { | ||
repository = local.github.repository | ||
environment = github_repository_environment.production.environment | ||
secret_name = "GCP_DEPLOYER_SA" | ||
plaintext_value = base64decode(google_service_account_key.github_actions_deployer.private_key) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
resource "google_project_service" "container" { | ||
resource "google_project_service" "artifactregistry" { | ||
project = google_project.default.id | ||
service = "container.googleapis.com" | ||
service = "artifactregistry.googleapis.com" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
resource "google_artifact_registry_repository" "default" { | ||
location = "us-central1" | ||
repository_id = "default" | ||
format = "DOCKER" | ||
} |