Add GitHub action for running Core Web Vitals LCP Docker Container (#180)

Author: rdforte

.github/workflows/cwv-stats-monthly.yml

@@ -0,0 +1,43 @@
+name: CWV Stats Monthly
+
+on:
+  # http archive crawl usually starts on the 2nd Tuesday of the month and finishes within ~2weeks usually by the 1st
+  # of the following month therefore we run the crawl on the 7th to give a full weeks buffer after the crawl finishes.
+  # https://har.fyi/guides/release-cycle/#running-the-crawl
+  schedule:
+    - cron: '0 0 7 * *' # At 00:00 on day-of-month 7 (UTC)
+  workflow_dispatch: # Allow manual triggering
+
+jobs:
+  run-cwv-stats-lcp:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - uses: 'google-github-actions/auth@v3'
+        with:
+          project_id: 'httparchive'
+          workload_identity_provider: '${{ secrets.GCP_WIF_PROVIDER}}'
+          service_account: '${{ secrets.GCP_SA_EMAIL }}'
+
+      - name: Build cwv-stats-lcp image
+        run: docker build . --target cwv-stats-lcp -t cwv-stats-lcp
+
+      # Auth writes credentials to a new path each run and sets GOOGLE_APPLICATION_CREDENTIALS for later steps.
+      # The credentials file generated by the auth step is owned by the github action user therefore we set the user
+      # of the container to that of the action thereby allowing the container to read the credentials file.
+      - name: Run cwv-stats-lcp container
+        env:
+          GOOGLE_CLOUD_PROJECT: httparchive
+        run: |
+          docker run --rm \
+            --user "$(id -u):$(id -g)" \
+            -e GOOGLE_APPLICATION_CREDENTIALS=/app/application_default_credentials.json \
+            -e GOOGLE_CLOUD_PROJECT \
+            -v "$GOOGLE_APPLICATION_CREDENTIALS:/app/application_default_credentials.json:ro" \
+            cwv-stats-lcp