Removed some usage of getDefaultAccountForSite
#2162
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CICD | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - labeled | |
| - unlabeled | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| id-token: write | |
| contents: read | |
| packages: write | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Biome | |
| uses: biomejs/setup-biome@v2 | |
| - name: Run Biome | |
| run: biome ci . | |
| check-yarn-lock: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "lts/*" | |
| cache: "yarn" | |
| - name: Check yarn.lock | |
| run: yarn install --frozen-lockfile | |
| build-test-push: | |
| name: Build, Test and Push | |
| environment: build | |
| runs-on: ubuntu-latest | |
| needs: [lint, check-yarn-lock] | |
| outputs: | |
| migrations_docker_version: ${{ steps.migrations-docker-metadata.outputs.version }} | |
| activitypub_docker_version: ${{ steps.activitypub-docker-metadata-private.outputs.version }} | |
| steps: | |
| - name: "Checkout" | |
| uses: actions/checkout@v4 | |
| - name: "ActivityPub Docker metadata for private registry" | |
| id: activitypub-docker-metadata-private | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| europe-docker.pkg.dev/ghost-activitypub/activitypub/activitypub | |
| tags: | | |
| ${{ github.ref == 'refs/heads/main' && 'type=edge,branch=main' || '' }} | |
| ${{ github.event_name == 'pull_request' && format('type=raw,value=pr-{0}', github.event.pull_request.number) || '' }} | |
| type=raw,value=${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha,priority=1100 | |
| labels: | | |
| org.opencontainers.image.title=Ghost — ActivityPub | |
| org.opencontainers.image.description=Federate your Ghost site with ActivityPub to join the world's largest open network. | |
| org.opencontainers.image.vendor=Ghost Foundation | |
| org.opencontainers.image.licenses=MIT | |
| org.opencontainers.image.documentation=https://github.com/TryGhost/ActivityPub | |
| org.opencontainers.image.source=https://github.com/TryGhost/ActivityPub | |
| - name: "ActivityPub Docker metadata for public registry" | |
| id: activitypub-docker-metadata-public | |
| if: github.ref == 'refs/heads/main' | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/tryghost/activitypub | |
| tags: | | |
| type=edge,branch=main | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha,priority=1100 | |
| labels: | | |
| org.opencontainers.image.title=Ghost — ActivityPub | |
| org.opencontainers.image.description=Federate your Ghost site with ActivityPub to join the world's largest open network. | |
| org.opencontainers.image.vendor=Ghost Foundation | |
| org.opencontainers.image.licenses=MIT | |
| org.opencontainers.image.documentation=https://github.com/TryGhost/ActivityPub | |
| org.opencontainers.image.source=https://github.com/TryGhost/ActivityPub | |
| - name: "Migrations Docker meta for private registry" | |
| id: migrations-docker-metadata | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| europe-docker.pkg.dev/ghost-activitypub/activitypub/migrations | |
| tags: | | |
| ${{ github.ref == 'refs/heads/main' && 'type=edge,branch=main' || '' }} | |
| ${{ github.event_name == 'pull_request' && format('type=raw,value=pr-{0}', github.event.pull_request.number) || '' }} | |
| type=raw,value=${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha,priority=1100 | |
| - name: "ActivityPub Migrations Docker metadata for public registry" | |
| id: activitypub-migrations-docker-metadata-public | |
| if: github.ref == 'refs/heads/main' | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/tryghost/activitypub-migrations | |
| tags: | | |
| type=edge,branch=main | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha,priority=1100 | |
| labels: | | |
| org.opencontainers.image.title=Ghost — ActivityPub | |
| org.opencontainers.image.description=Federate your Ghost site with ActivityPub to join the world's largest open network. | |
| org.opencontainers.image.vendor=Ghost Foundation | |
| org.opencontainers.image.licenses=MIT | |
| org.opencontainers.image.documentation=https://github.com/TryGhost/ActivityPub | |
| org.opencontainers.image.source=https://github.com/TryGhost/ActivityPub | |
| - name: "Build Docker Image for ActivityPub" | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| load: true | |
| tags: ${{ steps.activitypub-docker-metadata-private.outputs.tags }} | |
| labels: ${{ steps.activitypub-docker-metadata-private.outputs.labels }} | |
| - name: "Build Docker Image for Migrations" | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: migrate | |
| load: true | |
| tags: ${{ steps.migrations-docker-metadata.outputs.tags }} | |
| - name: "Run Tests" | |
| run: yarn test | |
| - name: "Authenticate with GCP" | |
| if: github.ref == 'refs/heads/main' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened' || github.event.action == 'labeled' || github.event.action == 'unlabeled')) | |
| id: gcp-auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| workload_identity_provider: projects/687476608778/locations/global/workloadIdentityPools/github-oidc-activitypub/providers/github-provider-activitypub | |
| service_account: [email protected] | |
| - name: "Login to GCP Artifact Registry (private registry)" | |
| if: github.ref == 'refs/heads/main' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened' || github.event.action == 'labeled' || github.event.action == 'unlabeled')) | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: europe-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.gcp-auth.outputs.access_token }} | |
| - name: "Login to GitHub Container Registry (public registry)" | |
| if: github.ref == 'refs/heads/main' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Push ActivityPub Docker image to private registry" | |
| if: github.ref == 'refs/heads/main' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened' || github.event.action == 'labeled' || github.event.action == 'unlabeled')) | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.activitypub-docker-metadata-private.outputs.tags }} | |
| labels: ${{ steps.activitypub-docker-metadata-private.outputs.labels }} | |
| platforms: linux/amd64 | |
| - name: "Push ActivityPub Docker image to public registry" | |
| if: github.ref == 'refs/heads/main' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.activitypub-docker-metadata-public.outputs.tags }} | |
| labels: ${{ steps.activitypub-docker-metadata-public.outputs.labels }} | |
| platforms: linux/amd64 | |
| - name: "Push Migrations Docker image to private registry" | |
| if: github.ref == 'refs/heads/main' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened' || github.event.action == 'labeled' || github.event.action == 'unlabeled')) | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: migrate | |
| push: true | |
| tags: ${{ steps.migrations-docker-metadata.outputs.tags }} | |
| - name: "Push Migrations Docker image to public registry" | |
| if: github.ref == 'refs/heads/main' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: migrate | |
| push: true | |
| tags: ${{ steps.activitypub-migrations-docker-metadata-public.outputs.tags }} | |
| labels: ${{ steps.activitypub-migrations-docker-metadata-public.outputs.labels }} | |
| platforms: linux/amd64 | |
| - uses: tryghost/actions/actions/slack-build@main | |
| if: failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| with: | |
| status: ${{ job.status }} | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| deploy-pr: | |
| if: github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened' || github.event.action == 'labeled' || github.event.action == 'unlabeled') | |
| name: (ephemeral staging) Deploy | |
| runs-on: ubuntu-latest | |
| needs: [build-test-push] | |
| environment: staging | |
| steps: | |
| - name: "Check if any label matches *.ghost.is" | |
| id: check-labels | |
| env: | |
| LABELS: ${{ toJson(github.event.pull_request.labels) }} | |
| run: | | |
| export LABEL_NAMES=$(echo "$LABELS" | jq -r '[.[] | select(.name | test("\\.ghost\\.is$")) | .name] | join(",")') | |
| echo "Label names: $LABEL_NAMES" | |
| if [ "$LABEL_NAMES" != "" ]; then | |
| echo "Label matching *.ghost.is found." | |
| echo "is_ephemeral_staging=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "No label matching .*.ghost.is found." | |
| echo "is_ephemeral_staging=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: "Checkout activitypub-infra repo" | |
| if: ${{ steps.check-labels.outputs.is_ephemeral_staging == 'true' }} | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: TryGhost/activitypub-infra | |
| ssh-key: ${{ secrets.ACTIVITYPUB_INFRA_DEPLOY_KEY }} | |
| path: activitypub-infra | |
| - name: "Checkout terraform repo" | |
| if: ${{ steps.check-labels.outputs.is_ephemeral_staging == 'true' }} | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: TryGhost/terraform | |
| ssh-key: ${{ secrets.TERRAFORM_DEPLOY_KEY }} | |
| path: terraform | |
| - name: "Get terraform version" | |
| if: ${{ steps.check-labels.outputs.is_ephemeral_staging == 'true' }} | |
| id: terraform-version | |
| run: | | |
| echo "terraform_version=$(cat activitypub-infra/infrastructure/activitypub-staging-environments/.terraform-version)" >> "$GITHUB_OUTPUT" | |
| - name: "Setup terraform" | |
| if: ${{ steps.check-labels.outputs.is_ephemeral_staging == 'true' }} | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ steps.terraform-version.outputs.terraform_version }} | |
| - name: "Change github.com url in modules to local directories and add backend prefix" | |
| if: ${{ steps.check-labels.outputs.is_ephemeral_staging == 'true' }} | |
| run: | | |
| cd activitypub-infra/infrastructure/activitypub-staging-environments | |
| sed -i 's/github\.com\/TryGhost/\.\.\/\.\.\/\.\./gI' main.tf | |
| sed -i 's/\?ref=main//g' main.tf | |
| sed -i 's/REPLACE_ME/${{ github.event.pull_request.number }}/g' terraform.tf | |
| - name: "Authenticate with GCP" | |
| if: ${{ steps.check-labels.outputs.is_ephemeral_staging == 'true' }} | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| workload_identity_provider: projects/687476608778/locations/global/workloadIdentityPools/github-oidc-activitypub/providers/github-provider-activitypub | |
| service_account: stg-activitypub-cicd-stg-envs@ghost-activitypub.iam.gserviceaccount.com | |
| - name: "Terraform init" | |
| if: ${{ steps.check-labels.outputs.is_ephemeral_staging == 'true' }} | |
| run: | | |
| cd activitypub-infra/infrastructure/activitypub-staging-environments | |
| terraform init | |
| - name: "Terraform apply" | |
| if: ${{ steps.check-labels.outputs.is_ephemeral_staging == 'true' }} | |
| run: | | |
| cd activitypub-infra/infrastructure/activitypub-staging-environments | |
| export TF_VAR_github_pr_number=${{ github.event.pull_request.number }} | |
| export TF_VAR_primary_region_name=netherlands | |
| export TF_VAR_migrations_image=europe-docker.pkg.dev/ghost-activitypub/activitypub/migrations:pr-${{ github.event.pull_request.number }} | |
| export TF_VAR_api_image=europe-docker.pkg.dev/ghost-activitypub/activitypub/activitypub:pr-${{ github.event.pull_request.number }} | |
| export TF_VAR_fedify_queue_image=europe-docker.pkg.dev/ghost-activitypub/activitypub/activitypub:pr-${{ github.event.pull_request.number }} | |
| export TF_VAR_ghost_queue_image=europe-docker.pkg.dev/ghost-activitypub/activitypub/activitypub:pr-${{ github.event.pull_request.number }} | |
| terraform apply -auto-approve | |
| - name: "Deploy Migrations to Cloud Run" | |
| if: ${{ steps.check-labels.outputs.is_ephemeral_staging == 'true' }} | |
| uses: google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| image: europe-docker.pkg.dev/ghost-activitypub/activitypub/migrations:pr-${{ github.event.pull_request.number }} | |
| region: europe-west4 | |
| job: stg-pr-${{ github.event.pull_request.number }}-migrations | |
| flags: --wait --execute-now | |
| skip_default_labels: true | |
| labels: |- | |
| commit-sha=${{ github.sha }} | |
| - name: "Destroy Tests databases" | |
| if: ${{ steps.check-labels.outputs.is_ephemeral_staging == 'true' }} | |
| env: | |
| GCP_PROJECT: ghost-activitypub | |
| run: | | |
| TEST_DATABASES=$(gcloud sql databases list --instance=stg-netherlands-activitypub --filter="name~pr_${{ github.event.pull_request.number }}_test*" --format="value(name)" --project ${GCP_PROJECT}) | |
| for TEST_DATABASE in ${TEST_DATABASES}; do | |
| gcloud sql databases delete ${TEST_DATABASE} --instance=stg-netherlands-activitypub --quiet --project ${GCP_PROJECT} | |
| done | |
| - name: "Add route to GCP Load Balancer" | |
| if: ${{ steps.check-labels.outputs.is_ephemeral_staging == 'true' }} | |
| env: | |
| LABELS: ${{ toJson(github.event.pull_request.labels) }} | |
| GCP_PROJECT: ghost-activitypub | |
| run: | | |
| set -euo pipefail | |
| # Get current config | |
| gcloud compute url-maps export stg-activitypub --global --project ${GCP_PROJECT} > config.yml | |
| # Delete unnecessary fields | |
| yq -i 'del(.fingerprint)' config.yml | |
| yq -i 'del(.creationTimestamp)' config.yml | |
| export DEFAULT_SERVICE="https://www.googleapis.com/compute/v1/projects/ghost-activitypub/global/backendServices/stg-netherlands-activitypub-api" | |
| export PR_SERVICE="https://www.googleapis.com/compute/v1/projects/ghost-activitypub/global/backendServices/stg-pr-${{ github.event.pull_request.number }}-api" | |
| # Add host rules and path matchers if they don't exist | |
| yq -i '.hostRules = (.hostRules // [{"hosts": ["activitypub.ghostinfra.net"], "pathMatcher": "all-paths"}])' config.yml | |
| yq -i '.pathMatchers = (.pathMatchers // [{"name": "all-paths", "defaultService": "'"$DEFAULT_SERVICE"'", "routeRules": []}])' config.yml | |
| # Remove existing route rules for the PR service | |
| yq -i '.pathMatchers[] |= (.routeRules |= map(select((.routeAction.weightedBackendServices // []) | length == 0 or .routeAction.weightedBackendServices[0].backendService != env(PR_SERVICE))))' config.yml | |
| # Add new route rules for the PR service | |
| export MAX_PRIORITY=$(yq '[.pathMatchers[] | select(.name == "all-paths") | .routeRules[]?.priority] | max // 0' config.yml) | |
| export NEXT_PRIORITY=$((MAX_PRIORITY + 1)) | |
| LABELS_JSON=$(echo "$LABELS" | jq -c '[.[] | select(.name | test("\\.ghost\\.is$")) | .name]') | |
| for LABEL in $(echo "$LABELS_JSON" | jq -r '.[]'); do | |
| echo "Adding route for label: $LABEL" | |
| yq -i '.pathMatchers[0].routeRules += [{"priority": '$NEXT_PRIORITY', "matchRules": [{"prefixMatch": "/", "headerMatches": [{ "headerName": "X-Forwarded-Host", "exactMatch": "'$LABEL'" }]}], "routeAction": {"weightedBackendServices": [ { "backendService": "'$PR_SERVICE'", "weight": 100 } ] } }]' config.yml | |
| export NEXT_PRIORITY=$((NEXT_PRIORITY + 1)) | |
| done | |
| echo "Updating url map with:" | |
| cat config.yml | |
| gcloud compute url-maps import stg-activitypub --source=config.yml --global --project ${GCP_PROJECT} --quiet | |
| deploy-staging: | |
| if: github.ref == 'refs/heads/main' | |
| name: (staging) Deploy | |
| runs-on: ubuntu-latest | |
| needs: [build-test-push] | |
| strategy: | |
| matrix: | |
| region: [europe-west4, europe-west3] | |
| include: | |
| - region: europe-west4 | |
| region_name: netherlands | |
| - region: europe-west3 | |
| region_name: frankfurt | |
| steps: | |
| - name: "Authenticate with GCP (staging envs)" | |
| if: ${{ matrix.region == 'europe-west4' }} | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| workload_identity_provider: projects/687476608778/locations/global/workloadIdentityPools/github-oidc-activitypub/providers/github-provider-activitypub | |
| service_account: stg-activitypub-cicd-stg-envs@ghost-activitypub.iam.gserviceaccount.com | |
| - name: "Destroy Tests databases" | |
| if: ${{ matrix.region == 'europe-west4' }} | |
| env: | |
| GCP_PROJECT: ghost-activitypub | |
| run: | | |
| TEST_DATABASES=$(gcloud sql databases list --instance=stg-netherlands-activitypub --filter="name~test*" --format="value(name)" --project ${GCP_PROJECT}) | |
| for TEST_DATABASE in ${TEST_DATABASES}; do | |
| gcloud sql databases delete ${TEST_DATABASE} --instance=stg-netherlands-activitypub --quiet --project ${GCP_PROJECT} | |
| done | |
| - name: "Authenticate with GCP" | |
| id: gcp-auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| workload_identity_provider: projects/687476608778/locations/global/workloadIdentityPools/github-oidc-activitypub/providers/github-provider-activitypub | |
| service_account: [email protected] | |
| - name: "Deploy Migrations to Cloud Run" | |
| if: ${{ matrix.region == 'europe-west4' }} | |
| uses: google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| image: europe-docker.pkg.dev/ghost-activitypub/activitypub/migrations:${{ needs.build-test-push.outputs.migrations_docker_version }} | |
| region: ${{ matrix.region }} | |
| job: stg-${{ matrix.region_name }}-activitypub-migrations | |
| flags: --wait --execute-now | |
| skip_default_labels: true | |
| labels: |- | |
| commit-sha=${{ github.sha }} | |
| - name: "Deploy ActivityPub Fedify Queue to Cloud Run" | |
| uses: google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| image: europe-docker.pkg.dev/ghost-activitypub/activitypub/activitypub:${{ needs.build-test-push.outputs.activitypub_docker_version }} | |
| region: ${{ matrix.region }} | |
| service: stg-${{ matrix.region_name }}-activitypub-fedify-queue | |
| skip_default_labels: true | |
| labels: |- | |
| commit-sha=${{ github.sha }} | |
| - name: "Deploy ActivityPub Ghost Queue to Cloud Run" | |
| uses: google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| image: europe-docker.pkg.dev/ghost-activitypub/activitypub/activitypub:${{ needs.build-test-push.outputs.activitypub_docker_version }} | |
| region: ${{ matrix.region }} | |
| service: stg-${{ matrix.region_name }}-activitypub-ghost-queue | |
| skip_default_labels: true | |
| labels: |- | |
| commit-sha=${{ github.sha }} | |
| - name: "Deploy ActivityPub External to Cloud Run" | |
| uses: google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| image: europe-docker.pkg.dev/ghost-activitypub/activitypub/activitypub:${{ needs.build-test-push.outputs.activitypub_docker_version }} | |
| region: ${{ matrix.region }} | |
| service: stg-${{ matrix.region_name }}-activitypub-external | |
| skip_default_labels: true | |
| labels: |- | |
| commit-sha=${{ github.sha }} | |
| - name: "Deploy ActivityPub API to Cloud Run" | |
| uses: google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| image: europe-docker.pkg.dev/ghost-activitypub/activitypub/activitypub:${{ needs.build-test-push.outputs.activitypub_docker_version }} | |
| region: ${{ matrix.region }} | |
| service: stg-${{ matrix.region_name }}-activitypub-api | |
| skip_default_labels: true | |
| labels: |- | |
| commit-sha=${{ github.sha }} | |
| - uses: tryghost/actions/actions/slack-build@main | |
| if: failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| with: | |
| status: ${{ job.status }} | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| deploy-production: | |
| if: github.ref == 'refs/heads/main' | |
| name: (production) Deploy | |
| runs-on: ubuntu-latest | |
| needs: [build-test-push, deploy-staging] | |
| strategy: | |
| matrix: | |
| region: [europe-west4, europe-west3] | |
| include: | |
| - region: europe-west4 | |
| region_name: netherlands | |
| - region: europe-west3 | |
| region_name: frankfurt | |
| steps: | |
| - name: "Authenticate with GCP" | |
| id: gcp-auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| workload_identity_provider: projects/687476608778/locations/global/workloadIdentityPools/github-oidc-activitypub/providers/github-provider-activitypub | |
| service_account: [email protected] | |
| - name: "Deploy Migrations to Cloud Run" | |
| if: ${{ matrix.region == 'europe-west4' }} | |
| uses: google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| image: europe-docker.pkg.dev/ghost-activitypub/activitypub/migrations:${{ needs.build-test-push.outputs.migrations_docker_version }} | |
| region: ${{ matrix.region }} | |
| job: prd-${{ matrix.region_name }}-activitypub-migrations | |
| flags: --wait --execute-now | |
| skip_default_labels: true | |
| labels: |- | |
| commit-sha=${{ github.sha }} | |
| - name: "Deploy ActivityPub Fedify Queue to Cloud Run" | |
| uses: google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| image: europe-docker.pkg.dev/ghost-activitypub/activitypub/activitypub:${{ needs.build-test-push.outputs.activitypub_docker_version }} | |
| region: ${{ matrix.region }} | |
| service: prd-${{ matrix.region_name }}-activitypub-fedify-queue | |
| skip_default_labels: true | |
| labels: |- | |
| commit-sha=${{ github.sha }} | |
| - name: "Deploy ActivityPub Ghost Queue to Cloud Run" | |
| uses: google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| image: europe-docker.pkg.dev/ghost-activitypub/activitypub/activitypub:${{ needs.build-test-push.outputs.activitypub_docker_version }} | |
| region: ${{ matrix.region }} | |
| service: prd-${{ matrix.region_name }}-activitypub-ghost-queue | |
| skip_default_labels: true | |
| labels: |- | |
| commit-sha=${{ github.sha }} | |
| - name: "Deploy ActivityPub External to Cloud Run" | |
| uses: google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| image: europe-docker.pkg.dev/ghost-activitypub/activitypub/activitypub:${{ needs.build-test-push.outputs.activitypub_docker_version }} | |
| region: ${{ matrix.region }} | |
| service: prd-${{ matrix.region_name }}-activitypub-external | |
| skip_default_labels: true | |
| labels: |- | |
| commit-sha=${{ github.sha }} | |
| - name: "Deploy ActivityPub API to Cloud Run" | |
| uses: google-github-actions/deploy-cloudrun@v2 | |
| with: | |
| image: europe-docker.pkg.dev/ghost-activitypub/activitypub/activitypub:${{ needs.build-test-push.outputs.activitypub_docker_version }} | |
| region: ${{ matrix.region }} | |
| service: prd-${{ matrix.region_name }}-activitypub-api | |
| skip_default_labels: true | |
| labels: |- | |
| commit-sha=${{ github.sha }} | |
| - uses: tryghost/actions/actions/slack-build@main | |
| if: failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| with: | |
| status: ${{ job.status }} | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| cleanup-staging-tests-dbs: | |
| name: Cleanup Staging Tests Databases | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: "Authenticate with GCP" | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| workload_identity_provider: projects/687476608778/locations/global/workloadIdentityPools/github-oidc-activitypub/providers/github-provider-activitypub | |
| service_account: stg-activitypub-cicd-stg-envs@ghost-activitypub.iam.gserviceaccount.com | |
| - name: "Destroy Tests databases" | |
| env: | |
| GCP_PROJECT: ghost-activitypub | |
| run: | | |
| TEST_DATABASES=$(gcloud sql databases list --instance=stg-netherlands-activitypub --filter="name~test*" --format="value(name)" --project ${GCP_PROJECT}) | |
| for TEST_DATABASE in ${TEST_DATABASES}; do | |
| gcloud sql databases delete ${TEST_DATABASE} --instance=stg-netherlands-activitypub --quiet --project ${GCP_PROJECT} | |
| done | |
| build-cleanup-job: | |
| name: Build & Push cleanup job | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: "Checkout" | |
| uses: actions/checkout@v4 | |
| - name: "Check for changes in cleanup job" | |
| id: changes | |
| uses: dorny/paths-filter@v3 | |
| with: | |
| filters: | | |
| cleanup: | |
| - 'jobs/cleanup-expired-key-value-records/**' | |
| - name: "Authenticate with GCP" | |
| if: steps.changes.outputs.cleanup == 'true' | |
| id: gcp-auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| workload_identity_provider: projects/687476608778/locations/global/workloadIdentityPools/github-oidc-activitypub/providers/github-provider-activitypub | |
| service_account: [email protected] | |
| - name: "Login to GCP Artifact Registry" | |
| if: steps.changes.outputs.cleanup == 'true' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: europe-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.gcp-auth.outputs.access_token }} | |
| - name: "Docker metadata" | |
| if: steps.changes.outputs.cleanup == 'true' | |
| id: cleanup-meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: europe-docker.pkg.dev/ghost-activitypub/activitypub/cleanup-expired-key-value-records | |
| tags: | | |
| type=sha | |
| type=edge,branch=main | |
| - name: "Build & Push cleanup job image" | |
| if: steps.changes.outputs.cleanup == 'true' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: jobs/cleanup-expired-key-value-records | |
| push: true | |
| tags: ${{ steps.cleanup-meta.outputs.tags }} | |
| - uses: tryghost/actions/actions/slack-build@main | |
| if: failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| with: | |
| status: ${{ job.status }} | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| build-populate-explore-json-job: | |
| name: Build & Push populate explore json job | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: "Checkout" | |
| uses: actions/checkout@v4 | |
| - name: "Check for changes in populate explore json job" | |
| id: changes | |
| uses: dorny/paths-filter@v3 | |
| with: | |
| filters: | | |
| populate-explore-json: | |
| - 'jobs/populate-explore-json/**' | |
| - name: "Authenticate with GCP" | |
| if: steps.changes.outputs.populate-explore-json == 'true' | |
| id: gcp-auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| workload_identity_provider: projects/687476608778/locations/global/workloadIdentityPools/github-oidc-activitypub/providers/github-provider-activitypub | |
| service_account: [email protected] | |
| - name: "Login to GCP Artifact Registry" | |
| if: steps.changes.outputs.populate-explore-json == 'true' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: europe-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.gcp-auth.outputs.access_token }} | |
| - name: "Docker metadata" | |
| if: steps.changes.outputs.populate-explore-json == 'true' | |
| id: populate-explore-json-meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: europe-docker.pkg.dev/ghost-activitypub/activitypub/populate-explore-json | |
| tags: | | |
| type=sha | |
| type=edge,branch=main | |
| - name: "Build & Push populate explore json job image" | |
| if: steps.changes.outputs.populate-explore-json == 'true' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: jobs/populate-explore-json | |
| push: true | |
| tags: ${{ steps.populate-explore-json-meta.outputs.tags }} | |
| - uses: tryghost/actions/actions/slack-build@main | |
| if: failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| with: | |
| status: ${{ job.status }} | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |