Skip to content

Temporary use of AWS Ubuntu mirror during archive.ubuntu.com incident #66

Temporary use of AWS Ubuntu mirror during archive.ubuntu.com incident

Temporary use of AWS Ubuntu mirror during archive.ubuntu.com incident #66

Workflow file for this run

name: Deploy to Google Cloud Platform
on:
workflow_dispatch:
push:
branches:
- dev
- main
env:
BUCKET_REGION: ${{ vars.GCP_PROJECT_REGION }}
BUCKET_URL: gs://${{ vars.PROJECT_NAME }}-${{ vars.ENV }}-cloud-storage-${{ vars.GCP_PULUMI_BUCKET_NAME }}
PROJECT_ID: ${{ vars.GCP_PROJECT_ID }}
INFRA_DIR: ./infra/gcp/persistent
SRC_DIR: ./src
jobs:
lint:
name: Lint and Format
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run Ruff
uses: astral-sh/ruff-action@v3
with:
args: check
src: ${{ env.SRC_DIR}}
scan:
name: Scan for Secrets
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Scan with Gitleaks
uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}
deploy:
name: Deploy Infrastructure
runs-on: ubuntu-latest
needs: [lint, scan]
environment: ${{ github.ref_name == 'main' && 'prod' || 'test' }}
permissions:
id-token: write
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ vars.GCP_SERVICE_ACCOUNT_EMAIL }}
- name: Set up Docker
run: gcloud auth configure-docker ${{ vars.GCP_PROJECT_REGION }}-docker.pkg.dev --quiet
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2
- name: Create bucket for Pulumi infrastructure
run: |
if gsutil ls -b $BUCKET_URL 2>/dev/null; then
echo "Infrastructure bucket already exists. Skipping."
else
echo "Creating infrastructure bucket at '$BUCKET_URL'."
gsutil mb -p $PROJECT_ID -c STANDARD -l $BUCKET_REGION $BUCKET_URL
echo "Bucket created successfully."
fi
- name: Install Python
uses: actions/setup-python@v5
with:
python-version-file: ${{ env.INFRA_DIR }}/.python-version
- name: Set up uv
uses: astral-sh/setup-uv@v6
with:
version: "0.8.13"
- name: Install the project
working-directory: ${{ env.INFRA_DIR }}
run: uv sync --locked
- name: Deploy infrastructure
uses: pulumi/actions@v6
with:
command: up
stack-name: ${{ github.ref_name == 'main' && 'prod' || 'test' }}
work-dir: ${{ env.INFRA_DIR }}
cloud-url: ${{ env.BUCKET_URL}}
upsert: true
env:
DJANGO_PORT: ${{ vars.DJANGO_PORT }}
DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }}
ENV: ${{ vars.ENV }}
EXTRACTION_PIPELINE_MAX_RETRIES: ${{ vars.EXTRACTION_PIPELINE_MAX_RETRIES }}
EXTRACTION_PIPELINE_MAX_WAIT: ${{ vars.EXTRACTION_PIPELINE_MAX_WAIT }}
EXTRACTION_PIPELINE_POLLING_INTERVAL: ${{ vars.EXTRACTION_PIPELINE_POLLING_INTERVAL }}
EXTRACTION_PIPELINE_SCHEDULE: ${{ vars.EXTRACTION_PIPELINE_SCHEDULE }}
GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }}
GCP_PROJECT_REGION: ${{ vars.GCP_PROJECT_REGION }}
GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
POSTGRES_DB: ${{ vars.POSTGRES_DB }}
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
POSTGRES_USER: ${{ vars.POSTGRES_USER }}
PULUMI_CONFIG_PASSPHRASE: ""