BetterCodeWiki/.github/workflows/deploy-api.yml at b86b94bd414e9e1bb352beea2b2199d36c63d5fb · REDFOX1899/BetterCodeWiki · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Deploy API to Cloud Run

on:
  workflow_dispatch:
  push:
    branches: [main]
    paths:
      - "api/**"
      - "docker/Dockerfile.backend"
      - ".github/workflows/deploy-api.yml"

concurrency:
  group: deploy-api-${{ github.ref }}
  cancel-in-progress: false

env:
  REGION: us-central1
  GAR_REPO: us-central1-docker.pkg.dev/gitunderstand/bettercodewiki
  SERVICE_NAME: gitunderstand-api

jobs:
  build-and-deploy:
    name: Build & Deploy API
    runs-on: ubuntu-latest

    permissions:
      contents: read
      id-token: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Authenticate to Google Cloud
        id: auth
        uses: google-github-actions/auth@v2
        with:
          workload_identity_provider: "projects/${{ secrets.GCP_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/github-pool/providers/github-provider"
          service_account: "deploy-sa@gitunderstand.iam.gserviceaccount.com"

      - name: Set up Cloud SDK
        uses: google-github-actions/setup-gcloud@v2

      - name: Configure Docker for Artifact Registry
        run: gcloud auth configure-docker us-central1-docker.pkg.dev --quiet

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build and push API image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: docker/Dockerfile.backend
          push: true
          tags: |
            ${{ env.GAR_REPO }}/api:${{ github.sha }}
            ${{ env.GAR_REPO }}/api:latest
          cache-from: type=gha,scope=api
          cache-to: type=gha,mode=max,scope=api

      - name: Deploy to Cloud Run
        uses: google-github-actions/deploy-cloudrun@v2
        with:
          service: ${{ env.SERVICE_NAME }}
          region: ${{ env.REGION }}
          image: ${{ env.GAR_REPO }}/api:${{ github.sha }}
          flags: |
            --allow-unauthenticated
            --port=8001
            --cpu=1
            --memory=2Gi
            --min-instances=0
            --max-instances=3
            --service-account=runtime-sa@gitunderstand.iam.gserviceaccount.com
            --set-env-vars=ENVIRONMENT=production,WIKI_STORAGE_TYPE=gcs,GCS_BUCKET=gitunderstand-wikicache,DEEPWIKI_EMBEDDER_TYPE=google
            --set-secrets=GOOGLE_API_KEY=google-api-key:latest,OPENAI_API_KEY=openai-api-key:latest,CLERK_SECRET_KEY=clerk-secret-key:latest,SUPABASE_URL=supabase-url:latest,SUPABASE_SERVICE_ROLE_KEY=supabase-service-role-key:latest

      - name: Verify deployment health
        run: |
          URL=$(gcloud run services describe ${{ env.SERVICE_NAME }} --region ${{ env.REGION }} --format 'value(status.url)')
          for i in 1 2 3 4 5; do
            STATUS=$(curl -s -o /dev/null -w "%{http_code}" "$URL/health" || echo "000")
            if [ "$STATUS" = "200" ]; then echo "Health check passed"; exit 0; fi
            echo "Attempt $i: status=$STATUS, retrying..."
            sleep 10
          done
          echo "Health check failed after 5 attempts"
          exit 1

      - name: Show deployment URL
        run: |
          echo "## API Deployment" >> $GITHUB_STEP_SUMMARY
          echo "Image: \`${{ env.GAR_REPO }}/api:${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY
          URL=$(gcloud run services describe ${{ env.SERVICE_NAME }} --region ${{ env.REGION }} --format 'value(status.url)')
          echo "URL: $URL" >> $GITHUB_STEP_SUMMARY

      - name: Notify Slack on failure
        if: failure()
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
        run: |
          [ -z "$SLACK_WEBHOOK_URL" ] && exit 0
          curl -s -X POST "$SLACK_WEBHOOK_URL" \
            -H 'Content-Type: application/json' \
            -d '{
              "blocks": [
                {
                  "type": "header",
                  "text": {"type": "plain_text", "text": "API Deploy Failed", "emoji": true}
                },
                {
                  "type": "section",
                  "fields": [
                    {"type": "mrkdwn", "text": "*Service:*\ngitunderstand-api"},
                    {"type": "mrkdwn", "text": "*Commit:*\n`${{ github.sha }}`"},
                    {"type": "mrkdwn", "text": "*Triggered by:*\n${{ github.actor }}"},
                    {"type": "mrkdwn", "text": "*Branch:*\n`${{ github.ref_name }}`"}
                  ]
                },
                {
                  "type": "actions",
                  "elements": [
                    {
                      "type": "button",
                      "text": {"type": "plain_text", "text": "View Run"},
                      "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
                    }
                  ]
                }
              ]
            }'