[BDMS-693]: Add dynamic preview deployments with Authentik redirect management + runtime redirect URI fix #65
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Preview deploy to Cloud Run | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened, closed] | |
| jobs: | |
| deploy-preview: | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22.x | |
| cache: npm | |
| cache-dependency-path: package-lock.json | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.GCP_SA_KEY }} | |
| - name: Configure Docker for Artifact Registry | |
| env: | |
| GCP_PROJECT_ID: waterdatainitiative-271000 | |
| run: | | |
| gcloud config set project $GCP_PROJECT_ID | |
| gcloud auth configure-docker us-central1-docker.pkg.dev --quiet | |
| - name: Load secrets | |
| env: | |
| GCP_PROJECT_ID: waterdatainitiative-271000 | |
| run: | | |
| set -euo pipefail | |
| echo "VITE_PUBLIC_POSTHOG_KEY=$(gcloud secrets versions access latest --secret=VITE_PUBLIC_POSTHOG_KEY --project=$GCP_PROJECT_ID)" >> $GITHUB_ENV | |
| echo "VITE_PUBLIC_POSTHOG_HOST=$(gcloud secrets versions access latest --secret=VITE_PUBLIC_POSTHOG_HOST --project=$GCP_PROJECT_ID)" >> $GITHUB_ENV | |
| - name: Build and push | |
| env: | |
| IMAGE_TAG: ${{ github.sha }} | |
| BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
| GCP_PROJECT_ID: waterdatainitiative-271000 | |
| NODE_OPTIONS: --max-old-space-size=6144 | |
| run: | | |
| set -e | |
| SANITIZED=$(echo "$BRANCH_NAME" | sed 's/[^a-zA-Z0-9-]/-/g' | tr '[:upper:]' '[:lower:]' | cut -c1-40) | |
| echo "SANITIZED_BRANCH=$SANITIZED" >> $GITHUB_ENV | |
| npm ci | |
| npx tsc | |
| npx vite build --mode development | |
| docker build \ | |
| --build-arg MODE=development \ | |
| --build-arg VITE_APP_TITLE="Ocotillo Preview" \ | |
| --build-arg VITE_BASE_URL="/" \ | |
| --build-arg VITE_AUTHENTIK_CLIENT_ID=${{ vars.VITE_AUTHENTIK_CLIENT_ID }} \ | |
| --build-arg VITE_AUTHENTIK_URL=${{ vars.VITE_AUTHENTIK_URL }} \ | |
| --build-arg VITE_OCOTILLO_API_URL=${{ vars.VITE_OCOTILLO_API_URL }} \ | |
| --build-arg VITE_MAPBOX_TOKEN=${{ secrets.VITE_MAPBOX_TOKEN }} \ | |
| --build-arg VITE_PUBLIC_POSTHOG_KEY=${{ env.VITE_PUBLIC_POSTHOG_KEY }} \ | |
| --build-arg VITE_PUBLIC_POSTHOG_HOST=${{ env.VITE_PUBLIC_POSTHOG_HOST }} \ | |
| -t "us-central1-docker.pkg.dev/$GCP_PROJECT_ID/ocotillo-previews/preview-$SANITIZED:$IMAGE_TAG" . | |
| docker push "us-central1-docker.pkg.dev/$GCP_PROJECT_ID/ocotillo-previews/preview-$SANITIZED:$IMAGE_TAG" | |
| - name: Deploy to Cloud Run | |
| env: | |
| IMAGE_TAG: ${{ github.sha }} | |
| GCP_PROJECT_ID: waterdatainitiative-271000 | |
| run: | | |
| gcloud run deploy preview-${{ env.SANITIZED_BRANCH }} \ | |
| --image us-central1-docker.pkg.dev/$GCP_PROJECT_ID/ocotillo-previews/preview-${{ env.SANITIZED_BRANCH }}:$IMAGE_TAG \ | |
| --platform managed \ | |
| --region us-central1 \ | |
| --allow-unauthenticated \ | |
| --port 8080 \ | |
| --memory 512Mi \ | |
| --cpu 1 | |
| - name: Set preview URL | |
| id: preview-url | |
| run: | | |
| echo "url=https://preview-${{ env.SANITIZED_BRANCH }}.previews.newmexicowaterdata.org" >> $GITHUB_OUTPUT | |
| - name: Comment PR with preview URL | |
| if: github.event_name == 'pull_request' | |
| env: | |
| PREVIEW_URL: ${{ steps.preview-url.outputs.url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh pr comment ${{ github.event.pull_request.number }} --body "$(cat <<EOF | |
| ## Preview Deployment | |
| **Preview URL:** $PREVIEW_URL | |
| **Note:** This preview uses the staging API endpoints and has auth disabled for testing. | |
| EOF | |
| )" | |
| - name: Delete preview on PR close | |
| if: github.event_name == 'pull_request' && github.event.action == 'closed' | |
| env: | |
| GCP_PROJECT_ID: waterdatainitiative-271000 | |
| run: | | |
| gcloud run services delete preview-${{ env.SANITIZED_BRANCH }} --platform managed --region us-central1 --quiet || true |