Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nextjs 13 no typescript dependencies #16

Merged
merged 2 commits into from
Jan 8, 2024
+456 −30
Merged

Nextjs 13 no typescript dependencies #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2268966
change name of develop environment
nspmx Oct 4, 2023
5cb6190
update workflows
nspmx Jan 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
VARNAME=value
NEXT_PUBLIC_TESSERACT="api-url"
136 changes: 136 additions & 0 deletions .github/workflows/google-gke-prod.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
# This workflow build and push a Docker container to Google Artifact Registry and deploy it on Google Kubernetes Engine when a commit is pushed to the "develop" branch
# You can start your commit with `#update` and the workflow will just trigger an update of the Helm installation, without building a new image
#
# To configure this workflow:
#
# 1. Ensure the required Google Cloud APIs are enabled in the project:
#
# Cloud Build cloudbuild.googleapis.com
# Kubernetes Engine API container.googleapis.com
# Artifact Registry artifactregistry.googleapis.com
#
# 2. Create a service account (if you don't have one) with the following fields:
#
# Service Account Name <PROJECT-NAME>-github-actions
# Service Account ID <PROJECT-NAME>-github-actions
#
# 3. Ensure the service account have the required IAM permissions granted:
#
# Kubernetes Engine Developer
# roles/container.developer (kubernetes engine developer)
#
# Artifact Registry
# roles/artifactregistry.repoAdmin (artifact registry repository administrator)
# roles/artifactregistry.admin (artifact registry administrator)
#
# Service Account
# roles/iam.serviceAccountUser (act as the Cloud Run runtime service account)
#
# Basic Roles
# roles/viewer (viewer)
#
# NOTE: You should always follow the principle of least privilege when assigning IAM roles
#
# 4. Ensure you have the following GitHub Secrets and Variables:
#
# GitHub Secrets
# GCP_SA_KEY (Google Cloud Project Service Account Key) ref visit https://github.com/Datawheel/company/wiki/Setting-Up-a-Service-Account-for-Workflows#use-the-service-account-on-github-secrets
#
# GitHub Variables
# GCP_PROJECT_ID (Google Cloud Project ID)
# GCP_ARTIFACT_REGISTRY_NAME (Google Cloud Articaft Registry Repository Name)
# GCP_ARTIFACT_REGISTRY_LOCATION (Google Cloud Artifact Registry Reposotiry Location)
#
# 5. Ensure you have the following GitHub Variables for each environment that you will set up:
#
# GitHub Variables
# GCP_IMAGE_NAME (Docker Image Name)
# GKE_APP_NAME (Google Kubernetes Engine Deployment Name)
# GKE_APP_NAMESPACE (Google Kubernetes Engine Deployment Namespace)
# GKE_CLUSTER (Google Kubernetes Engine Cluster Name)
# GKE_ZONE (Google Kubernetes Engine Cluster Zone)
#
# Further reading:
# Kubernetes Developer - https://cloud.google.com/iam/docs/understanding-roles#container.developer
# Artifact Registry IAM permissions - https://cloud.google.com/artifact-registry/docs/access-control#roles
# Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry
# Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege
# Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun
name: "[GCP][PROD] Deploy to GKE via Helm"

on:
workflow_dispatch:
inputs:
release:
description: 'Production Release Name'
required: true
type: string
update_release:
description: 'Check if you are updating the production release name of the latest image'
required: true
type: boolean

env:
GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }}
GCP_ARTIFACT_REGISTRY_NAME: ${{ vars.GCP_ARTIFACT_REGISTRY_NAME }}
GCP_ARTIFACT_REGISTRY_LOCATION: ${{ vars.GCP_ARTIFACT_REGISTRY_LOCATION }}
GCP_IMAGE_NAME: ${{ vars.GCP_IMAGE_NAME }}
GKE_APP_NAME: ${{ vars.GKE_APP_NAME }}
GKE_APP_NAMESPACE: ${{ vars.GKE_APP_NAMESPACE }}
GKE_CLUSTER: ${{ vars.GKE_CLUSTER }}
GKE_ZONE: ${{ vars.GKE_ZONE }}
ACTIONS_ALLOW_UNSECURE_COMMANDS: true

jobs:
deploy:
environment: production
runs-on: ubuntu-latest
# runs-on: self-hosted
steps:
- name: Checkout
uses: actions/checkout@v3

# Authentication via credentials json
- name: Google Auth
id: auth
uses: google-github-actions/auth@v2
with:
project_id: ${{ env.GCP_PROJECT_ID }}
credentials_json: ${{ secrets.GCP_SA_KEY }}

# Get google kubernetes engine credentials
- name: Get GKE Credentials
uses: google-github-actions/get-gke-credentials@v2
with:
cluster_name: ${{ env.GKE_CLUSTER }}
location: ${{ env.GKE_ZONE }}

# Retag latest image
- name: Retag Image to Production Release
if: ${{ inputs.update_release }}
run: |-
gcloud beta artifacts docker tags add \
--quiet \
${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_IMAGE_NAME }}:${{ env.GKE_APP_NAMESPACE }} \
${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_IMAGE_NAME }}:${{ inputs.release }}

# Transform GitHub secrets to base64 encoded
# - name: Set encoded secret values
# run: |
# echo "ENCODED_DB_USER=$(echo -n "${{ secrets.DB_USER }}" | base64 | tr -d '\n')" >> $GITHUB_ENV

# Install Helm chart
# for secrets, use --set secrets.DB_USER=$ENCODED_DB_USER
- name: Helm install
uses: WyriHaximus/github-action-helm3@v2
with:
exec: |
helm upgrade --install --create-namespace \
--namespace ${{ env.GKE_APP_NAMESPACE }} \
--set app.environment=${{ env.GKE_APP_NAMESPACE }} \
--set app.release=${{ env.GKE_APP_NAMESPACE }} \
--set image.repository=${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_IMAGE_NAME }} \
--set image.tag=${{ inputs.release }} \
--set nameOverride=${{ env.GKE_APP_NAME }} \
--set fullnameOverride=${{ env.GKE_APP_NAME }} \
${{ env.GKE_APP_NAME }} --values=./helm/production.yaml ./helm
121 changes: 103 additions & 18 deletions .github/workflows/google-registry-gke.yml → ...workflows/google-registry-nextjs-dev.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# This workflow build and push a Docker container to Google Artifact Registry and deploy it on a Google Kubernetes Instance when a commit is pushed to the "develop" branch
# You can start your commit with `#update` and the workflow will just trigger an update of the Helm installation, without building a new image
#
# To configure this workflow:
#
Expand Down Expand Up @@ -56,11 +57,20 @@
# Container Registry vs Artifact Registry - https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry
# Principle of least privilege - https://cloud.google.com/blog/products/identity-security/dont-get-pwned-practicing-the-principle-of-least-privilege
# Deploy CloudRun Github Actions - https://github.com/google-github-actions/deploy-cloudrun
name: Build and Deploy to GKE using Helm
name: "[GCP] Build NextJS to Registry and Deploy via Helm"

on:
push:
branches: [ "develop" ]
branches: [ "main" ]
paths:
- .github/workflows/google-registry-nextjs-dev.yaml
- helm/development.yaml
- pages/**
- public/**
- jsconfig.json
- next.config.js
- package-lock.json
- package.json

env:
GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }}
Expand All @@ -75,62 +85,137 @@ env:

jobs:
build:
environment: development
runs-on: ubuntu-latest
environment: develop
# runs-on: self-hosted
if: ${{ !contains(github.event.head_commit.message, '#update') }}
steps:
- name: Checkout
uses: actions/checkout@v3

# Authentication via credentials json
- name: Google Auth
id: auth
uses: google-github-actions/auth@v0
uses: google-github-actions/auth@v2
with:
project_id: ${{ env.GCP_PROJECT_ID }}
credentials_json: ${{ secrets.GCP_SA_KEY }}

# Install Cloud SDK
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v1
with:
install_components: "beta"

# Build image on Google Cloud Artifact Registry
- name: Build Docker Image
run: |-
gcloud builds submit \
--quiet \
--timeout=30m \
--timeout=40m \
--config=cloudbuild.yml \
--substitutions=_GCP_ARTIFACT_REGISTRY_LOCATION=${{ vars.GCP_ARTIFACT_REGISTRY_LOCATION }},_GCP_PROJECT_ID=${{ vars.GCP_PROJECT_ID }},_GCP_ARTIFACT_REGISTRY_NAME=${{ vars.GCP_ARTIFACT_REGISTRY_NAME }},_GCP_IMAGE_NAME=${{ vars.GCP_IMAGE_NAME }},_GITHUB_SHA=${{ github.sha }}

# Uncomment for adding the latest tag to the latest image created
- name: Add 'Latest' Tag to Development Environments
run: |-
gcloud beta artifacts docker tags add \
--quiet \
${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_IMAGE_NAME }}:${{ github.sha }} \
${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_IMAGE_NAME }}:latest
--substitutions=_GCP_ARTIFACT_REGISTRY_LOCATION=${{ vars.GCP_ARTIFACT_REGISTRY_LOCATION }},_GCP_PROJECT_ID=${{ vars.GCP_PROJECT_ID }},_GCP_ARTIFACT_REGISTRY_NAME=${{ vars.GCP_ARTIFACT_REGISTRY_NAME }},_GCP_IMAGE_NAME=${{ vars.GCP_IMAGE_NAME }},_GCP_IMAGE_TAG=${{ github.sha }},_GCP_IMAGE_ENVIRONMENT=${{ env.GKE_APP_NAMESPACE }},_NEXT_PUBLIC_TESSERACT=${{ vars.NEXT_PUBLIC_TESSERACT }}

deploy:
needs: build
environment: development
runs-on: ubuntu-latest
# runs-on: self-hosted
steps:
- name: Checkout
uses: actions/checkout@v3

# Authentication via credentials json
- name: Google Auth
id: auth
uses: google-github-actions/auth@v2
with:
project_id: ${{ env.GCP_PROJECT_ID }}
credentials_json: ${{ secrets.GCP_SA_KEY }}

# Install Cloud SDK
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v1
with:
install_components: "beta"

# Get google kubernetes engine credentials
- name: Get GKE Credentials
uses: google-github-actions/get-gke-credentials@v2
with:
cluster_name: ${{ env.GKE_CLUSTER }}
location: ${{ env.GKE_ZONE }}

# Transform GitHub secrets to base64 encoded
# - name: Set encoded secret values
# run: |
# echo "ENCODED_DB_USER=$(echo -n "${{ secrets.DB_USER }}" | base64 | tr -d '\n')" >> $GITHUB_ENV

# Install Helm chart
# for secrets, use --set secrets.DB_USER=$ENCODED_DB_USER
- name: Helm install
uses: WyriHaximus/github-action-helm3@v2
with:
exec: |
helm upgrade --install --create-namespace \
--namespace ${{ env.GKE_APP_NAMESPACE }} \
--set app.environment=${{ env.GKE_APP_NAMESPACE }} \
--set app.release=${{ env.GKE_APP_NAMESPACE }} \
--set image.repository=${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_IMAGE_NAME }} \
--set image.tag=${{ github.sha }} \
--set nameOverride=${{ env.GKE_APP_NAME }} \
--set fullnameOverride=${{ env.GKE_APP_NAME }} \
--set configmap.NEXT_PUBLIC_TESSERACT=${{ vars.NEXT_PUBLIC_TESSERACT }} \
${{ env.GKE_APP_NAME }} --values=./helm/development.yaml ./helm

update:
environment: development
runs-on: ubuntu-latest
environment: develop
# runs-on: self-hosted
if: ${{ contains(github.event.head_commit.message, '#update') }}
steps:
- name: Checkout
uses: actions/checkout@v3

# Authentication via credentials json
- name: Google Auth
id: auth
uses: google-github-actions/auth@v0
uses: google-github-actions/auth@v2
with:
project_id: ${{ env.GCP_PROJECT_ID }}
credentials_json: ${{ secrets.GCP_SA_KEY }}

# Install Cloud SDK
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v1
with:
install_components: "beta"

# Get google kubernetes engine credentials
- name: Get GKE Credentials
uses: google-github-actions/get-gke-credentials@v0
uses: google-github-actions/get-gke-credentials@v2
with:
cluster_name: ${{ env.GKE_CLUSTER }}
location: ${{ env.GKE_ZONE }}

# Transform GitHub secrets to base64 encoded
# - name: Set encoded secret values
# run: |
# echo "ENCODED_DB_USER=$(echo -n "${{ secrets.DB_USER }}" | base64 | tr -d '\n')" >> $GITHUB_ENV

# Install Helm chart
# for secrets, use --set secrets.DB_USER=$ENCODED_DB_USER
- name: Helm install
uses: WyriHaximus/github-action-helm3@v2
with:
exec: helm upgrade --install --create-namespace --namespace ${{ env.GKE_APP_NAMESPACE }} --set app.environment=${{ env.GKE_APP_NAMESPACE }} --set app.release=${{ env.GKE_APP_RELEASE }} --set image.repository=${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_IMAGE_NAME }} --set image.tag=${{ github.sha }} --set nameOverride=${{ env.GKE_APP_NAME }} --set fullnameOverride=${{ env.GKE_APP_NAME }} ${{ env.GKE_APP_NAME }} ./helm --values=./helm/values.yaml
exec: |
helm upgrade --install --create-namespace \
--namespace ${{ env.GKE_APP_NAMESPACE }} \
--set app.environment=${{ env.GKE_APP_NAMESPACE }} \
--set app.release=${{ env.GKE_APP_NAMESPACE }} \
--set image.repository=${{ env.GCP_ARTIFACT_REGISTRY_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GCP_ARTIFACT_REGISTRY_NAME }}/${{ env.GCP_IMAGE_NAME }} \
--set image.tag=${{ env.GKE_APP_NAMESPACE }} \
--set nameOverride=${{ env.GKE_APP_NAME }} \
--set fullnameOverride=${{ env.GKE_APP_NAME }} \
--set configmap.NEXT_PUBLIC_TESSERACT=${{ vars.NEXT_PUBLIC_TESSERACT }} \
${{ env.GKE_APP_NAME }} --values=./helm/development.yaml ./helm
Loading
Loading