Skip to content

Commit

Permalink
Move back to artefact registry
Browse files Browse the repository at this point in the history
  • Loading branch information
adamjtaylor committed Jun 5, 2024
1 parent 72d9f68 commit c7f8fa3
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 16 deletions.
18 changes: 11 additions & 7 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ on:

env:
REGISTRY: ghcr.io
GCP_PROJECT: htan-dcc
CONTAINER_NAME: data-release-validatio

jobs:
build-container:
Expand All @@ -22,18 +24,19 @@ jobs:
- name: Checkout GitHub Action
uses: actions/checkout@v3

- name: Login to GitHub Container Registry (GHCR)
uses: docker/login-action@v2
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
credentials_json: '${{ secrets.GCP_SA_KEY }}'

- name: Configure Docker to use Artifact Registry
run: gcloud auth configure-docker ${{ env.REGISTRY }}

- name: Extract Docker metadata
id: metadata
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ github.repository }}
images: ${{ env.REGISTRY }}/${{ env.GCP_PROJECT }}/${{ env.CONTAINER_NAME }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
Expand All @@ -42,14 +45,15 @@ jobs:
type=sha
latest
- name: Build and push to GHCR
- name: Build and push to Artifact Registry
uses: docker/build-push-action@v4
with:
context: ./src
push: true
tags: ${{ steps.metadata.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}


deploy-cloud-run:
runs-on: ubuntu-latest
needs: build-container
Expand Down
24 changes: 16 additions & 8 deletions iam.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,33 +2,41 @@ data "google_project" "project" {
project_id = var.project_id
}

resource "google_service_account" "sa" {
project = var.project_id
data "google_service_account" "existing_sa" {
project = var.project_id
account_id = var.account_id
depends_on = [data.google_project.project]
}

resource "google_service_account" "sa" {
project = var.project_id
account_id = var.account_id
display_name = "Service Account used by Cloud Run Job to run data release validation"

# Create only if the service account does not already exist
count = length(data.google_service_account.existing_sa.email) == 0 ? 1 : 0
}

resource "google_project_iam_member" "sa_bigquery_editor" {
project = var.project_id
role = "roles/bigquery.dataEditor"
member = "serviceAccount:${google_service_account.sa.email}"
member = "serviceAccount:${var.account_id}@${var.project_id}.iam.gserviceaccount.com"
}

resource "google_project_iam_member" "sa_bigquery_viewer" {
project = var.project_id
role = "roles/bigquery.dataViewer"
member = "serviceAccount:${google_service_account.sa.email}"
member = "serviceAccount:${var.account_id}@${var.project_id}.iam.gserviceaccount.com"
}

resource "google_project_iam_member" "sa_bigquery_job_user" {
project = var.project_id
role = "roles/bigquery.jobUser"
member = "serviceAccount:${google_service_account.sa.email}"
member = "serviceAccount:${var.account_id}@${var.project_id}.iam.gserviceaccount.com"
}

resource "google_project_iam_member" "sa_secret_accessor" {
project = var.project_id
role = "roles/secretmanager.secretAccessor"
member = "serviceAccount:${google_service_account.sa.email}"
}

member = "serviceAccount:${var.account_id}@${var.project_id}.iam.gserviceaccount.com"
}
2 changes: 1 addition & 1 deletion terraform.tfvars
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
project_id = "htan-dcc"
region = "us-east1"
image_url = "ghcr.io/ncihtan/data-release-cloud-run:latest"
image_url = "us-docker.pkg.dev/htan-dcc/gcr.io/data-release-validation:latest"
secret_id = "synapse_service_pat"

# service account variables
Expand Down

0 comments on commit c7f8fa3

Please sign in to comment.