xinyin025/ChatGPT-Next-Web
1
0
Fork 0
mirror of https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web.git synced 2025-09-27 13:46:37 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

One more try.

Browse Source
This commit is contained in:
DominicJamesWhite 2025-04-10 19:28:14 +02:00
parent 1e8e16ae4a
commit 17f96adf51
1 changed files with 56 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
.github/workflows/deploy-cloud-run.yml vendored
View File

@ -1,4 +1,4 @@
name: Build and Deploy Cloud Run Services
name: Deploy Cloud Run Services
# Trigger manually from the Actions tab
on:
@ -6,78 +6,64 @@ on:
env:
GCP_PROJECT_ID: funny-new-goose
GCP_REGION: us-central1 # Cloud Run region
GAR_LOCATION: us-central1 # Artifact Registry location (often same as region)
GAR_REPOSITORY: github-actions-builds # Name of your Artifact Registry repo
IMAGE_NAME: canyon-humctl-interface # Name for the image in Artifact Registry
GCP_REGION: us-central1 # Or choose another region if needed
GAR_LOCATION: us-central1 # Location of the Artifact Registry repository
GAR_REPOSITORY: github-actions-builds # Name of the Artifact Registry repository
IMAGE_NAME: canyonchat # Name for the Docker image
jobs:
build-and-deploy:
deploy:
runs-on: ubuntu-latest
# IMPORTANT: Add all potential *_ENV secret names referenced in the SERVICE_CONFIG variable here!
# The script below uses SERVICE_CONFIG to pick the correct one for each service.
# Environment variables for the job
env:
SERVICE_CONFIG: ${{ vars.SERVICE_CONFIG }} # Read from GitHub Actions Variable
SERVICE_CONFIG: ${{ vars.SERVICE_CONFIG }} # Read from GitHub Actions Variable (contains list of service names)
GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }} # Read from GitHub Actions Secret
# Add secrets referenced in SERVICE_CONFIG here (e.g., DOMINICWHITE01_ENV):
DOMINICWHITE01_ENV: ${{ secrets.DOMINICWHITE01_ENV }}
# EXAMPLE_SERVICE_ENV: ${{ secrets.EXAMPLE_SERVICE_ENV }} # Add more as needed
# Grant GITHUB_TOKEN permissions to write to Artifact Registry
permissions:
contents: 'read'
id-token: 'write' # Required for google-github-actions/auth
CLOUD_RUN_ENV_VARS: ${{ secrets.CLOUD_RUN_ENV_VARS }} # Read from GitHub Actions Secret (contains structured env vars for all services)
steps:
- name: Checkout code
uses: actions/checkout@v4
# --- Build and Push Docker Image ---
- name: Authenticate to Google Cloud (for GAR)
id: auth
uses: 'google-github-actions/auth@v2'
with:
credentials_json: ${{ env.GCP_SA_KEY }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2
- name: Configure Docker for GAR
run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev --quiet
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push Docker image
id: build-push
uses: docker/build-push-action@v5
with:
context: . # Build from the root of the repo
push: true
tags: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Echo Built Image URI
run: echo "Built image URI: ${{ steps.build-push.outputs.digest }}"
# --- Deploy Services ---
- name: Install yq (YAML Processor)
run: |
sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq
sudo chmod +x /usr/bin/yq
shell: bash
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ env.GCP_SA_KEY }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Google Artifact Registry
run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev --quiet
shell: bash
- name: Build and Push Docker Image
id: build-push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Deploy Services Script
id: deploy
env:
# Make the built image URI available to the script
BUILT_IMAGE_URI: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
run: |
echo "Using Image URI: $BUILT_IMAGE_URI"
# Define the image URI based on the build step
BUILT_IMAGE_URI="${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}"
echo "Using built image: $BUILT_IMAGE_URI"
echo "Parsing SERVICE_CONFIG variable:"
echo "${{ env.SERVICE_CONFIG }}"
@ -95,45 +81,39 @@ jobs:
echo "Found $service_count services to process."
# Loop through services using index
for i in $(seq 0 $(($service_count - 1))); do
echo "Processing service index $i..."
service_name=$(echo "${{ env.SERVICE_CONFIG }}" | yq -r ".services[$i].name")
secret_env_var_name=$(echo "${{ env.SERVICE_CONFIG }}" | yq -r ".services[$i].secret_name")
# Validate CLOUD_RUN_ENV_VARS secret structure
if ! echo "${{ env.CLOUD_RUN_ENV_VARS }}" | yq '.' > /dev/null 2>&1; then
echo "::error::CLOUD_RUN_ENV_VARS secret is empty or not valid YAML/JSON."
exit 1
fi
# Loop through service names defined in SERVICE_CONFIG variable
echo "${{ env.SERVICE_CONFIG }}" | yq -r '.services[]' | while IFS= read -r service_name; do
echo "" # Newline for readability
echo "--- Processing service: $service_name (Index: $i) ---"
echo "--- Processing service: $service_name ---"
if [ -z "$service_name" ] || [ "$service_name" == "null" ]; then
echo "::warning::Skipping service with missing or null name in SERVICE_CONFIG."
continue
fi
if [ -z "$secret_env_var_name" ] || [ "$secret_env_var_name" == "null" ]; then
echo "::warning::Skipping service '$service_name' due to missing or null secret_name in SERVICE_CONFIG."
continue
fi
echo "Using environment secret variable name: $secret_env_var_name"
# --- Extract and Format environment variables for this service ---
# Use yq to extract the object for the current service_name from the CLOUD_RUN_ENV_VARS secret,
# then convert it to KEY=value pairs, and join them with commas.
formatted_env_vars=$(echo "${{ env.CLOUD_RUN_ENV_VARS }}" | yq e ".${service_name} | select(.) | to_entries | map(.key + \"=\\\"\" + .value + \"\\\"\") | join(\",\")" -) # Use yq eval 'e'
# --- Get the environment variable string ---
# Use indirect parameter expansion to get the value of the env var whose name is stored in secret_env_var_name
raw_env_vars="${!secret_env_var_name}"
if [ -z "$raw_env_vars" ]; then
echo "::warning::Environment variable string for secret '$secret_env_var_name' (service '$service_name') is empty or the secret is not defined in the workflow's 'env' block."
formatted_env_vars="" # Deploy with no env vars if secret is empty/missing
if [ -z "$formatted_env_vars" ] || [ "$formatted_env_vars" == "null" ]; then
echo "::warning::No environment variables found for service '$service_name' in CLOUD_RUN_ENV_VARS secret, or the service key doesn't exist."
formatted_env_vars="" # Deploy with no env vars if none found
else
# --- Format environment variables for gcloud ---
# Convert space-separated KEY=VALUE pairs to comma-separated KEY=VALUE
# Handles potential extra whitespace between pairs
formatted_env_vars=$(echo "$raw_env_vars" | tr ' ' '\n' | grep '=' | paste -sd,)
echo "Formatted env vars for gcloud: $formatted_env_vars"
# Mask sensitive values in log output (simple masking, might not catch all formats)
masked_vars=$(echo "$formatted_env_vars" | sed -E 's/(=[^,]+)/=***/g')
echo "Formatted env vars (masked): $masked_vars"
fi
# --- Normalize service name for Cloud Run ---
# --- Normalize service name for Cloud Run ---
# Lowercase, replace underscores/spaces with hyphens, remove invalid chars, limit length
normalized_service_name=$(echo "$service_name" | tr '[:upper:]' '[:lower:]' | sed -e 's/[_ ]/-/g' -e 's/[^a-z0-9-]//g')
# Remove leading/trailing hyphens