-
Notifications
You must be signed in to change notification settings - Fork 59
63 lines (51 loc) · 1.81 KB
/
deploy-agent-api.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
name: Deploy agent-api
on:
workflow_dispatch: {}
push:
branches: [johnny/dpc-cd]
env:
CARGO_INCREMENTAL: 0 # Faster from-scratch builds.
jobs:
build:
runs-on: ubuntu-24.04
permissions:
# Permissions required of the Github token in order for
# federated identity and authorization to work.
contents: read
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
lfs: true
- uses: supabase/setup-cli@v1
- run: supabase start
- name: Build `agent`
run: cargo build --release -p agent
- run: mv target/release/agent crates/agent/
- name: Authenticate with GCP Workload Identity Federation
uses: google-github-actions/auth@v2
with:
service_account: [email protected]
workload_identity_provider: projects/1084703453822/locations/global/workloadIdentityPools/github-actions/providers/github-actions-provider
- name: Update Cloud Run service `agent-api`
uses: google-github-actions/deploy-cloudrun@v2
with:
service: agent-api
project_id: estuary-control
region: us-central1
source: crates/agent/
timeout: 10m
# Temporary during testing.
no_traffic: true
env_vars: |-
BUILDS_ROOT=gs://estuary-control/builds/
DATABASE_CA=/etc/db-ca.crt
DATABASE_URL=postgresql://[email protected]:5432/postgres
NO_COLOR=1
secrets: |-
PGPASSWORD=POSTGRES_PASSWORD:latest
CONTROL_PLANE_DB_CA_CERT=CONTROL_PLANE_DB_CA_CERT:latest
# env_vars_update_strategy: overwrite
# secrets_update_strategy: overwrite