-
Notifications
You must be signed in to change notification settings - Fork 88
55 lines (47 loc) · 1.8 KB
/
deploy-agent-api.yaml
File metadata and controls
55 lines (47 loc) · 1.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
name: Deploy agent-api
on:
workflow_dispatch:
inputs:
tag:
description: "Container image tag to deploy, e.g. g71fbcda6 (must already exist in Artifact Registry)"
required: true
type: string
jobs:
deploy:
runs-on: ubuntu-24.04
permissions:
contents: read
id-token: write
packages: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get image tag
id: image-tag
run: |
TAG="${{ github.event.inputs.tag }}"
echo "image=us-central1-docker.pkg.dev/estuary-control/ghcr/estuary/control-plane-agent:${TAG}" >> "$GITHUB_OUTPUT"
- name: Authenticate with GCP Workload Identity Federation
uses: google-github-actions/auth@v2
with:
service_account: cd-github-actions@estuary-control.iam.gserviceaccount.com
workload_identity_provider: projects/1084703453822/locations/global/workloadIdentityPools/github-actions/providers/github-actions-provider
- name: Update Cloud Run service `agent-api`
uses: google-github-actions/deploy-cloudrun@v2
with:
service: agent-api
project_id: estuary-control
region: us-central1
image: ${{ steps.image-tag.outputs.image }}
timeout: 10m
env_vars: |-
BUILDS_ROOT=gs://estuary-control/builds/
DATABASE_CA=/etc/db-ca.crt
DATABASE_URL=postgresql://postgres@db.eyrcnmuzzyriypdajwdk.supabase.co:5432/postgres
NO_COLOR=1
secrets: |-
PGPASSWORD=POSTGRES_PASSWORD:latest
CONTROL_PLANE_DB_CA_CERT=CONTROL_PLANE_DB_CA_CERT:latest
CONTROL_PLANE_JWT_SECRET=CONTROL_PLANE_JWT_SECRET:latest
env_vars_update_strategy: overwrite
secrets_update_strategy: overwrite