app-gcp-api-CI.yml

name: api-CI

on:
  workflow_dispatch:
  pull_request:
    paths: 'api/**'

jobs:
  api-CI:
    name: api-CI
    permissions:
      contents: 'read'
      id-token: 'write'

    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./api/

    strategy:
      matrix:
        node-version: [18.x]

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'npm'
          cache-dependency-path: api/package-lock.json

      - name: install dependency
        run: npm ci

      - name: build api-bundled
        run: npm run build api-bundled

      - name: run test
        run: npm test

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Google Auth
        id: auth
        uses: 'google-github-actions/auth@v0'
        with:
          token_format: 'access_token'
          workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider
          service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' # e.g. - my-service-account@my-project.iam.gserviceaccount.com

      # Authenticate Docker to Google Cloud Artifact Registry
      - name: Docker Auth
        id: docker-auth
        uses: 'docker/login-action@v1'
        with:
          username: 'oauth2accesstoken'
          password: '${{ steps.auth.outputs.access_token }}'
          registry: '${{ secrets.GAR_LOCATION }}-docker.pkg.dev'

      - name: Build and push
        uses: docker/build-push-action@v4
        with:
          context: './api'
          push: true
          tags: '${{ secrets.DOCKER_IMAGE_API_TAG }}'
          cache-from: type=gha
          cache-to: type=gha,mode=max