@@ -15,12 +15,12 @@ jobs:
1515
1616 steps :
1717 - name : Check out source repository
18- uses : actions/checkout@v4
18+ uses : actions/checkout@v6.0.2
1919 with :
2020 fetch-depth : 0
2121
2222 - name : Install uv in container
23- uses : astral-sh/setup-uv@v6
23+ uses : astral-sh/setup-uv@v7.3.1
2424 with :
2525 version : " latest"
2626
3333 --output-file requirements.txt
3434
3535name : Authenticate to Google Cloud
36- uses : ' google-github-actions/auth@v2 '
36+ uses : ' google-github-actions/auth@v3 '
3737 with :
3838 credentials_json : ${{ secrets.CLOUD_DEPLOY_SERVICE_ACCOUNT_KEY }}
3939
@@ -47,34 +47,37 @@ jobs:
4747 run : |
4848 uv run alembic upgrade head
4949
50- # Uses Google Cloud Secret Manager to store secret credentials
51- - name : Create app.yaml
50+ name : Ensure envsubst is available
5251 run : |
53- cat <<EOF > app.yaml
54- service: ocotillo-api-staging
55- runtime: python313
56- entrypoint: gunicorn -w 4 -k uvicorn.workers.UvicornWorker main:app
57- service_account: "${{ secrets.CLOUD_SQL_USER }}.gserviceaccount.com"
58- instance_class: F4
59- handlers:
60- - url: /.*
61- secure: always
62- script: auto
63- env_variables:
64- MODE: "production"
65- DB_DRIVER: "cloudsql"
66- CLOUD_SQL_INSTANCE_NAME: "${{ secrets.CLOUD_SQL_INSTANCE_NAME }}"
67- CLOUD_SQL_DATABASE: "${{ vars.CLOUD_SQL_DATABASE }}"
68- CLOUD_SQL_USER: "${{ secrets.CLOUD_SQL_USER }}"
69- CLOUD_SQL_IAM_AUTH: true
70- GCS_SERVICE_ACCOUNT_KEY: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
71- GCS_BUCKET_NAME: "${{ vars.GCS_BUCKET_NAME }}"
72- AUTHENTIK_URL: "${{ vars.AUTHENTIK_URL }}"
73- AUTHENTIK_CLIENT_ID: "${{ vars.AUTHENTIK_CLIENT_ID }}"
74- AUTHENTIK_AUTHORIZE_URL: "${{ vars.AUTHENTIK_AUTHORIZE_URL }}"
75- AUTHENTIK_TOKEN_URL: "${{ vars.AUTHENTIK_TOKEN_URL }}"
76- SESSION_SECRET_KEY: "${{ secrets.SESSION_SECRET_KEY }}"
77- EOF
52+ if ! command -v envsubst >/dev/null 2>&1; then
53+ sudo apt-get update
54+ sudo apt-get install -y gettext-base
55+ fi
56+
57+ name : Render app.yaml
58+ env :
59+ SERVICE_NAME : " ocotillo-api-staging"
60+ ENVIRONMENT : " staging"
61+ CLOUD_SQL_INSTANCE_NAME : " ${{ secrets.CLOUD_SQL_INSTANCE_NAME }}"
62+ CLOUD_SQL_DATABASE : " ${{ vars.CLOUD_SQL_DATABASE }}"
63+ CLOUD_SQL_USER : " ${{ secrets.CLOUD_SQL_USER }}"
64+ PYGEOAPI_POSTGRES_DB : " ${{ vars.CLOUD_SQL_DATABASE }}"
65+ PYGEOAPI_POSTGRES_USER : " ${{ secrets.PYGEOAPI_POSTGRES_USER }}"
66+ PYGEOAPI_POSTGRES_HOST : " ${{ vars.PYGEOAPI_POSTGRES_HOST || '127.0.0.1' }}"
67+ PYGEOAPI_POSTGRES_PORT : " ${{ vars.PYGEOAPI_POSTGRES_PORT || '5432' }}"
68+ PYGEOAPI_POSTGRES_PASSWORD : " ${{ secrets.PYGEOAPI_POSTGRES_PASSWORD }}"
69+ PYGEOAPI_SERVER_URL : " ${{ vars.PYGEOAPI_SERVER_URL }}"
70+ CLOUD_SQL_IAM_AUTH : " true"
71+ GCS_SERVICE_ACCOUNT_KEY : " ${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
72+ GCS_BUCKET_NAME : " ${{ vars.GCS_BUCKET_NAME }}"
73+ AUTHENTIK_URL : " ${{ vars.AUTHENTIK_URL }}"
74+ AUTHENTIK_CLIENT_ID : " ${{ vars.AUTHENTIK_CLIENT_ID }}"
75+ AUTHENTIK_AUTHORIZE_URL : " ${{ vars.AUTHENTIK_AUTHORIZE_URL }}"
76+ AUTHENTIK_TOKEN_URL : " ${{ vars.AUTHENTIK_TOKEN_URL }}"
77+ SESSION_SECRET_KEY : " ${{ secrets.SESSION_SECRET_KEY }}"
78+ APITALLY_CLIENT_ID : " ${{ vars.APITALLY_CLIENT_ID }}"
79+ run : |
80+ envsubst < .github/app.template.yaml > app.yaml
7881
7982name : Deploy to Google Cloud
8083 run : |
0 commit comments