This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CI/CD: Build and Deploy to Cloud Run" | |
| on: | |
| repository_dispatch: | |
| types: [update_blog] | |
| workflow_dispatch: | |
| push: | |
| branches: [master, dev] | |
| paths-ignore: | |
| - 'src/content/posts/**' | |
| - 'public/images/blog/**' | |
| env: | |
| PROJECT_ID: poetic-avenue-438401-a7 | |
| REGION: us-east1 | |
| REPO_NAME: nucleus-repo | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Determine Target Branch | |
| run: | | |
| if [ "${{ github.event_name }}" == "repository_dispatch" ]; then | |
| echo "TARGET_BRANCH=dev" >> $GITHUB_ENV | |
| else | |
| echo "TARGET_BRANCH=${{ github.ref_name }}" >> $GITHUB_ENV | |
| fi | |
| - name: Checkout Website | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GH_PAT }} | |
| ref: ${{ env.TARGET_BRANCH }} | |
| - name: Checkout Blogs (Master only) | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: WithNucleusAI/engineering-blogs | |
| token: ${{ secrets.GH_PAT }} | |
| path: temp_blogs | |
| ref: master | |
| - name: Setup Node 20 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| - name: Process Blogs | |
| run: | | |
| npm ci | |
| # Install system deps for Mermaid/Puppeteer | |
| sudo apt-get update && sudo apt-get install -y ca-certificates fonts-liberation libnss3 lsb-release xdg-utils | |
| echo '{"args": ["--no-sandbox"]}' > puppeteer-config.json | |
| node scripts/process-blogs.mjs | |
| env: | |
| PUPPETEER_CONFIG: ./puppeteer-config.json | |
| - name: Authenticate to GCP | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.GCP_SA_KEY }} | |
| - name: Build and Push Docker Image | |
| run: | | |
| TAG="${{ env.TARGET_BRANCH }}-${{ github.sha }}" | |
| IMAGE_NAME="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPO_NAME }}/nucleus-blog:${TAG}" | |
| # Explicit Docker Login (Fixes the Unauthenticated error) | |
| gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://${{ env.REGION }}-docker.pkg.dev | |
| docker build -t $IMAGE_NAME . | |
| docker push $IMAGE_NAME | |
| echo "IMAGE_URL=$IMAGE_NAME" >> $GITHUB_ENV | |
| - name: Deploy to Cloud Run | |
| uses: google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| service: nucleus-blog-${{ env.TARGET_BRANCH }} | |
| image: ${{ env.IMAGE_URL }} | |
| region: ${{ env.REGION }} | |
| flags: '--allow-unauthenticated' |