|
| 1 | +# This workflow will build a docker container, publish it to Google Container |
| 2 | +# Registry, and deploy it to GKE when there is a push to the "master" |
| 3 | +# branch. |
| 4 | +# |
| 5 | +# To configure this workflow: |
| 6 | +# |
| 7 | +# 1. Enable the following Google Cloud APIs: |
| 8 | +# |
| 9 | +# - Artifact Registry (artifactregistry.googleapis.com) |
| 10 | +# - Google Kubernetes Engine (container.googleapis.com) |
| 11 | +# - IAM Credentials API (iamcredentials.googleapis.com) |
| 12 | +# |
| 13 | +# You can learn more about enabling APIs at |
| 14 | +# https://support.google.com/googleapi/answer/6158841. |
| 15 | +# |
| 16 | +# 2. Ensure that your repository contains the necessary configuration for your |
| 17 | +# Google Kubernetes Engine cluster, including deployment.yml, |
| 18 | +# kustomization.yml, service.yml, etc. |
| 19 | +# |
| 20 | +# 3. Create and configure a Workload Identity Provider for GitHub: |
| 21 | +# https://github.com/google-github-actions/auth#preferred-direct-workload-identity-federation. |
| 22 | +# |
| 23 | +# Depending on how you authenticate, you will need to grant an IAM principal |
| 24 | +# permissions on Google Cloud: |
| 25 | +# |
| 26 | +# - Artifact Registry Administrator (roles/artifactregistry.admin) |
| 27 | +# - Kubernetes Engine Developer (roles/container.developer) |
| 28 | +# |
| 29 | +# You can learn more about setting IAM permissions at |
| 30 | +# https://cloud.google.com/iam/docs/manage-access-other-resources |
| 31 | +# |
| 32 | +# 5. Change the values in the "env" block to match your values. |
| 33 | + |
| 34 | +name: 'Build and Deploy to GKE' |
| 35 | + |
| 36 | +on: |
| 37 | + push: |
| 38 | + branches: |
| 39 | + - '"master"' |
| 40 | + |
| 41 | +env: |
| 42 | + PROJECT_ID: 'my-project' # TODO: update to your Google Cloud project ID |
| 43 | + GAR_LOCATION: 'us-central1' # TODO: update to your region |
| 44 | + GKE_CLUSTER: 'cluster-1' # TODO: update to your cluster name |
| 45 | + GKE_ZONE: 'us-central1-c' # TODO: update to your cluster zone |
| 46 | + DEPLOYMENT_NAME: 'gke-test' # TODO: update to your deployment name |
| 47 | + REPOSITORY: 'samples' # TODO: update to your Artifact Registry docker repository name |
| 48 | + IMAGE: 'static-site' |
| 49 | + WORKLOAD_IDENTITY_PROVIDER: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' # TODO: update to your workload identity provider |
| 50 | + |
| 51 | +jobs: |
| 52 | + setup-build-publish-deploy: |
| 53 | + name: 'Setup, Build, Publish, and Deploy' |
| 54 | + runs-on: 'ubuntu-latest' |
| 55 | + environment: 'production' |
| 56 | + |
| 57 | + permissions: |
| 58 | + contents: 'read' |
| 59 | + id-token: 'write' |
| 60 | + |
| 61 | + steps: |
| 62 | + - name: 'Checkout' |
| 63 | + uses: 'actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332' # actions/checkout@v4 |
| 64 | + |
| 65 | + # Configure Workload Identity Federation and generate an access token. |
| 66 | + # |
| 67 | + # See https://github.com/google-github-actions/auth for more options, |
| 68 | + # including authenticating via a JSON credentials file. |
| 69 | + - id: 'auth' |
| 70 | + name: 'Authenticate to Google Cloud' |
| 71 | + uses: 'google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2' # google-github-actions/auth@v2 |
| 72 | + with: |
| 73 | + workload_identity_provider: '${{ env.WORKLOAD_IDENTITY_PROVIDER }}' |
| 74 | + |
| 75 | + # Authenticate Docker to Google Cloud Artifact Registry |
| 76 | + - name: 'Docker Auth' |
| 77 | + uses: 'docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567' # docker/login-action@v3 |
| 78 | + with: |
| 79 | + username: 'oauth2accesstoken' |
| 80 | + password: '${{ steps.auth.outputs.auth_token }}' |
| 81 | + registry: '${{ env.GAR_LOCATION }}-docker.pkg.dev' |
| 82 | + |
| 83 | + # Get the GKE credentials so we can deploy to the cluster |
| 84 | + - name: 'Set up GKE credentials' |
| 85 | + uses: 'google-github-actions/get-gke-credentials@6051de21ad50fbb1767bc93c11357a49082ad116' # google-github-actions/get-gke-credentials@v2 |
| 86 | + with: |
| 87 | + cluster_name: '${{ env.GKE_CLUSTER }}' |
| 88 | + location: '${{ env.GKE_ZONE }}' |
| 89 | + |
| 90 | + # Build the Docker image |
| 91 | + - name: 'Build and push Docker container' |
| 92 | + run: |- |
| 93 | + DOCKER_TAG="${GAR_LOCATION}-docker.pkg.dev/${PROJECT_ID}/${REPOSITORY}/${IMAGE}:${GITHUB_SHA}" |
| 94 | +
|
| 95 | + docker build \ |
| 96 | + --tag "${DOCKER_TAG}" \ |
| 97 | + --build-arg GITHUB_SHA="${GITHUB_SHA}" \ |
| 98 | + --build-arg GITHUB_REF="${GITHUB_REF}" \ |
| 99 | + . |
| 100 | +
|
| 101 | + docker push "${DOCKER_TAG}" |
| 102 | +
|
| 103 | + # Set up kustomize |
| 104 | + - name: 'Set up Kustomize' |
| 105 | + run: |- |
| 106 | + curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.4.3/kustomize_v5.4.3_linux_amd64.tar.gz |
| 107 | + chmod u+x ./kustomize |
| 108 | +
|
| 109 | + # Deploy the Docker image to the GKE cluster |
| 110 | + - name: 'Deploy to GKE' |
| 111 | + run: |- |
| 112 | + # replacing the image name in the k8s template |
| 113 | + ./kustomize edit set image LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY/IMAGE:TAG=$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA |
| 114 | + ./kustomize build . | kubectl apply -f - |
| 115 | + kubectl rollout status deployment/$DEPLOYMENT_NAME |
| 116 | + kubectl get services -o wide |
0 commit comments