Skip to content
Preview deploy to Cloud Run

[BDMS-693]: Add dynamic preview deployments with Authentik redirect management + runtime redirect URI fix #65

Sign in to view logs

[BDMS-693]: Add dynamic preview deployments with Authentik redirect management + runtime redirect URI fix

[BDMS-693]: Add dynamic preview deployments with Authentik redirect management + runtime redirect URI fix #65

Workflow file for this run

.github/workflows/CD_preview.yml at 4c60a55
name: Preview deploy to Cloud Run
on:
pull_request:
types: [opened, synchronize, reopened, closed]
jobs:
deploy-preview:
runs-on: ubuntu-latest
environment: staging
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 22.x
cache: npm
cache-dependency-path: package-lock.json
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
- name: Configure Docker for Artifact Registry
env:
GCP_PROJECT_ID: waterdatainitiative-271000
run: |
gcloud config set project $GCP_PROJECT_ID
gcloud auth configure-docker us-central1-docker.pkg.dev --quiet
- name: Load secrets
env:
GCP_PROJECT_ID: waterdatainitiative-271000
run: |
set -euo pipefail
echo "VITE_PUBLIC_POSTHOG_KEY=$(gcloud secrets versions access latest --secret=VITE_PUBLIC_POSTHOG_KEY --project=$GCP_PROJECT_ID)" >> $GITHUB_ENV
echo "VITE_PUBLIC_POSTHOG_HOST=$(gcloud secrets versions access latest --secret=VITE_PUBLIC_POSTHOG_HOST --project=$GCP_PROJECT_ID)" >> $GITHUB_ENV
- name: Build and push
env:
IMAGE_TAG: ${{ github.sha }}
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
GCP_PROJECT_ID: waterdatainitiative-271000
NODE_OPTIONS: --max-old-space-size=6144
run: |
set -e
SANITIZED=$(echo "$BRANCH_NAME" | sed 's/[^a-zA-Z0-9-]/-/g' | tr '[:upper:]' '[:lower:]' | cut -c1-40)
echo "SANITIZED_BRANCH=$SANITIZED" >> $GITHUB_ENV
npm ci
npx tsc
npx vite build --mode development
docker build \
--build-arg MODE=development \
--build-arg VITE_APP_TITLE="Ocotillo Preview" \
--build-arg VITE_BASE_URL="/" \
--build-arg VITE_AUTHENTIK_CLIENT_ID=${{ vars.VITE_AUTHENTIK_CLIENT_ID }} \
--build-arg VITE_AUTHENTIK_URL=${{ vars.VITE_AUTHENTIK_URL }} \
--build-arg VITE_OCOTILLO_API_URL=${{ vars.VITE_OCOTILLO_API_URL }} \
--build-arg VITE_MAPBOX_TOKEN=${{ secrets.VITE_MAPBOX_TOKEN }} \
--build-arg VITE_PUBLIC_POSTHOG_KEY=${{ env.VITE_PUBLIC_POSTHOG_KEY }} \
--build-arg VITE_PUBLIC_POSTHOG_HOST=${{ env.VITE_PUBLIC_POSTHOG_HOST }} \
-t "us-central1-docker.pkg.dev/$GCP_PROJECT_ID/ocotillo-previews/preview-$SANITIZED:$IMAGE_TAG" .
docker push "us-central1-docker.pkg.dev/$GCP_PROJECT_ID/ocotillo-previews/preview-$SANITIZED:$IMAGE_TAG"
- name: Deploy to Cloud Run
env:
IMAGE_TAG: ${{ github.sha }}
GCP_PROJECT_ID: waterdatainitiative-271000
run: |
gcloud run deploy preview-${{ env.SANITIZED_BRANCH }} \
--image us-central1-docker.pkg.dev/$GCP_PROJECT_ID/ocotillo-previews/preview-${{ env.SANITIZED_BRANCH }}:$IMAGE_TAG \
--platform managed \
--region us-central1 \
--allow-unauthenticated \
--port 8080 \
--memory 512Mi \
--cpu 1
- name: Set preview URL
id: preview-url
run: |
echo "url=https://preview-${{ env.SANITIZED_BRANCH }}.previews.newmexicowaterdata.org" >> $GITHUB_OUTPUT
- name: Comment PR with preview URL
if: github.event_name == 'pull_request'
env:
PREVIEW_URL: ${{ steps.preview-url.outputs.url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh pr comment ${{ github.event.pull_request.number }} --body "$(cat <<EOF
## Preview Deployment
**Preview URL:** $PREVIEW_URL
**Note:** This preview uses the staging API endpoints and has auth disabled for testing.
EOF
)"
- name: Delete preview on PR close
if: github.event_name == 'pull_request' && github.event.action == 'closed'
env:
GCP_PROJECT_ID: waterdatainitiative-271000
run: |
gcloud run services delete preview-${{ env.SANITIZED_BRANCH }} --platform managed --region us-central1 --quiet || true