From 41488a47fbeb0a56d3a4396e558530a0c3c97869 Mon Sep 17 00:00:00 2001
From: Ben Houston <bhouston@threekit.com>
Date: Wed, 4 Sep 2024 16:22:26 -0400
Subject: [PATCH] switch over to artifact registry, keep separate
 dockerizer-deploy steps.

---
 .github/actions/deploy-cloud-run/action.yml   | 36 ++++++-----
 .../actions/dockerize-and-deploy/action.yml   | 62 -------------------
 .github/actions/dockerize/action.yml          | 45 ++++++++------
 .github/workflows/ci.yml                      | 26 ++++++--
 4 files changed, 66 insertions(+), 103 deletions(-)
 delete mode 100644 .github/actions/dockerize-and-deploy/action.yml

diff --git a/.github/actions/deploy-cloud-run/action.yml b/.github/actions/deploy-cloud-run/action.yml
index 58f9367..a980ea9 100644
--- a/.github/actions/deploy-cloud-run/action.yml
+++ b/.github/actions/deploy-cloud-run/action.yml
@@ -10,30 +10,32 @@ inputs:
   credentials_json:
     description: 'Google Cloud Service Account JSON'
     required: true
-  artifact_registry:
-    description: 'Artifact Registry'
-    required: false
+  gar_hostname:
+    description: 'Google Artifact Registry hostname'
+    required: true
     default: us-central1-docker.pkg.dev
+  rollbar_access_token:
+    description: 'Rollbar Access Token'
+    required: false
+    default: ''
 
 runs:
   using: 'composite'
   steps:
-    - id: 'auth'
-      name: gcloud auth
-      uses: google-github-actions/auth@v2
+    - uses: google-github-actions/auth@v2
       with:
         credentials_json: '${{ inputs.credentials_json }}'
 
-    - name: gcloud sdk
-      uses: google-github-actions/setup-gcloud@v2
+    - uses: google-github-actions/deploy-cloudrun@v2
       with:
-        skip_install: true
+        service: ${{ inputs.service_name }}
+        image: ${{ inputs.gar_hostname }}/${{ inputs.project_id }}/shared-docker-registry/${{ inputs.service_name }}:${{ github.sha }}
 
-    - name: gcloud run deploy
-      run: |
-        gcloud run deploy ${{ inputs.service_name }} \
-        --image ${{ inputs.artifact_registry }}/${{ inputs.project_id }}/docker-registry/${{ inputs.service_name }}:${{ github.sha }} \
-        --platform managed \
-        --region us-central1 \
-        --quiet
-      shell: bash
+    - uses: rollbar/github-deploy-action@2.1.2
+      if: ${{ inputs.rollbar_access_token != '' }}
+      with:
+        environment: 'production'
+        version: ${{ github.sha }}
+      env:
+        ROLLBAR_ACCESS_TOKEN: ${{ inputs.rollbar_access_token }}
+        ROLLBAR_USERNAME: ${{ github.actor }}
diff --git a/.github/actions/dockerize-and-deploy/action.yml b/.github/actions/dockerize-and-deploy/action.yml
deleted file mode 100644
index 780a2a2..0000000
--- a/.github/actions/dockerize-and-deploy/action.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-name: dockerize
-description: 'Build, Push Docker Container'
-inputs:
-  project_id:
-    description: 'Google Cloud Project ID'
-    required: true
-  service_name:
-    description: 'Google Cloud Run Service Name'
-    required: true
-  credentials_json:
-    description: 'Google Cloud Service Account JSON'
-    required: true
-  dockerfile:
-    description: 'Location of Dockerfile'
-    required: true
-    default: ./Dockerfile
-  artifact_registry:
-    description: 'Artifact Registry'
-    required: false
-    default: us-central1-docker.pkg.dev
-
-runs:
-  using: 'composite'
-  steps:
-    - id: 'auth'
-      name: gcloud auth
-      uses: google-github-actions/auth@v2
-      with:
-        credentials_json: '${{ inputs.credentials_json }}'
-
-    - name: gcloud sdk
-      uses: google-github-actions/setup-gcloud@v2
-      with:
-        skip_install: true
-
-    - name: gcloud configure docker
-      run: gcloud auth configure-docker ${{ inputs.artifact_registry }}
-      shell: bash
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-    # guide to docker caching: https://blacksmith.sh/blog/cache-is-king-a-guide-for-docker-layer-caching-in-github-actions
-    - name: Build and push
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        file: ${{ inputs.dockerfile }}
-        push: true
-        tags: ${{ inputs.artifact_registry }}/${{ inputs.project_id }}/docker-registry/${{ inputs.service_name }}:${{ github.sha }}
-        cache-from: type=registry,ref=${{ inputs.artifact_registry }}/${{ inputs.project_id }}/docker-registry/${{ inputs.service_name }}/app:buildcache
-        cache-to: type=registry,ref=${{ inputs.artifact_registry }}/${{ inputs.project_id }}/docker-registry/${{ inputs.service_name }}/app:buildcache,mode=max
-
-    - name: gcloud run deploy
-      if: ${{ github.ref == 'refs/heads/main' }}
-      run: |
-        gcloud run deploy ${{ inputs.service_name }} \
-        --image ${{ inputs.artifact_registry }}/${{ inputs.project_id }}/docker-registry/${{ inputs.service_name }}:${{ github.sha }} \
-        --platform managed \
-        --region us-central1 \
-        --quiet
-      shell: bash
diff --git a/.github/actions/dockerize/action.yml b/.github/actions/dockerize/action.yml
index e908ea7..9722603 100644
--- a/.github/actions/dockerize/action.yml
+++ b/.github/actions/dockerize/action.yml
@@ -1,4 +1,4 @@
-name: dockerize-and-deploy
+name: dockerize
 description: 'Build, Push Docker Container'
 inputs:
   project_id:
@@ -10,43 +10,52 @@ inputs:
   credentials_json:
     description: 'Google Cloud Service Account JSON'
     required: true
+  gar_hostname:
+    description: 'Google Artifact Registry hostname'
+    required: true
+    default: us-central1-docker.pkg.dev
   dockerfile:
     description: 'Location of Dockerfile'
     required: true
     default: ./Dockerfile
-  artifact_registry:
-    description: 'Artifact Registry'
+  secret_envs:
+    description: 'Secret environment variables'
     required: false
-    default: us-central1-docker.pkg.dev
 
 runs:
   using: 'composite'
   steps:
-    - id: 'auth'
-      name: gcloud auth
-      uses: google-github-actions/auth@v2
+    - run: nproc
+      shell: bash
+
+    - uses: google-github-actions/auth@v2
       with:
         credentials_json: '${{ inputs.credentials_json }}'
 
-    - name: gcloud sdk
-      uses: google-github-actions/setup-gcloud@v2
+    - uses: google-github-actions/setup-gcloud@v2
       with:
         skip_install: true
 
-    - name: gcloud configure docker
-      run: gcloud auth configure-docker ${{ inputs.artifact_registry }}
+    - run: gcloud auth configure-docker ${{ inputs.gar_hostname }}
       shell: bash
 
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+    - uses: docker/setup-buildx-action@v3
+
+    - run: |
+        if docker manifest inspect ${{ inputs.gar_hostname }}/${{ inputs.project_id }}/shared-docker-registry/${{ inputs.service_name }}:${{ github.sha }} > /dev/null; then
+          echo "Image exists. Skipping build and push."
+          echo "SKIP_BUILD=true" >> $GITHUB_ENV
+        else
+          echo "Image does not exist. Proceeding with build and push."
+          echo "SKIP_BUILD=false" >> $GITHUB_ENV
+        fi
+      shell: bash
 
-    # guide to docker caching: https://blacksmith.sh/blog/cache-is-king-a-guide-for-docker-layer-caching-in-github-actions
-    - name: Build and push
+    - if: env.SKIP_BUILD == 'false'
       uses: docker/build-push-action@v5
       with:
         context: .
         file: ${{ inputs.dockerfile }}
         push: true
-        tags: ${{ inputs.artifact_registry }}/${{ inputs.project_id }}/docker-registry/${{ inputs.service_name }}:${{ github.sha }}
-        cache-from: type=registry,ref=${{ inputs.artifact_registry }}/${{ inputs.project_id }}/docker-registry/${{ inputs.service_name }}/app:buildcache
-        cache-to: type=registry,ref=${{ inputs.artifact_registry }}/${{ inputs.project_id }}/docker-registry/${{ inputs.service_name }}/app:buildcache,mode=max
+        tags: ${{ inputs.gar_hostname }}/${{ inputs.project_id }}/shared-docker-registry/${{ inputs.service_name }}:${{ github.sha }}
+        build-args: ${{ inputs.secret_envs }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8cde276..c1b7c44 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -43,16 +43,30 @@ jobs:
       - name: npm run lint:check
         run: npm run lint:check
 
-  dockerize-and-deploy:
-    name: dockerize-and-deploy
+  dockerize:
     runs-on: ubuntu-latest
-    needs: [test, lint, build]
     steps:
-      - name: git checkout
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Dockerize
+        uses: ./.github/actions/dockerize
+        with:
+          credentials_json: ${{ secrets.GCP_SA_KEY }}
+          project_id: ${{ env.PROJECT_ID }}
+          service_name: ${{ env.SERVICE_NAME }}
+          dockerfile: ./Dockerfile
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: [test, lint, build, dockerize]
+    if: ${{ github.ref == 'refs/heads/main' }}
+    steps:
+      - name: Checkout
         uses: actions/checkout@v4
 
-      - name: prepare docker and deploy
-        uses: ./.github/actions/dockerize-and-deploy
+      - name: Deploy
+        uses: ./.github/actions/deploy-cloud-run
         with:
           credentials_json: ${{ secrets.GCP_SA_KEY }}
           project_id: ${{ env.PROJECT_ID }}