github.com/massongit/reviewdog@v0.0.0-20240331071725-4a16675475a8/.github/workflows/deploy-doghouse.yml (about) 1 name: Deploy doghouse 2 on: 3 push: 4 tags: 5 - "v*.*.*" 6 workflow_dispatch: 7 8 jobs: 9 test: 10 permissions: 11 contents: read 12 runs-on: ubuntu-latest 13 steps: 14 - uses: actions/checkout@v4 15 with: 16 fetch-depth: 50 # Need git history for testing. 17 - uses: actions/setup-go@v5 18 with: 19 # must sync doghouse/appengine/app.yaml 20 go-version: "1.21" 21 - run: go test -v -race ./... 22 deploy: 23 permissions: 24 contents: read 25 needs: [test] 26 runs-on: ubuntu-latest 27 defaults: 28 run: 29 shell: bash 30 working-directory: ./doghouse/appengine/ 31 steps: 32 - uses: actions/checkout@v4 33 - uses: google-github-actions/setup-gcloud@v2.1.0 34 with: 35 project_id: review-dog 36 service_account_key: ${{ secrets.GCP_SA_KEY }} 37 export_default_credentials: true 38 - name: Decrypt keys 39 env: 40 GAE_KEYRING_NAME: reviewdog-doghouse-deploy 41 GAE_KEY_NAME: secret-env 42 run: |- 43 gcloud kms decrypt --location=global \ 44 --keyring="$GAE_KEYRING_NAME" \ 45 --key="$GAE_KEY_NAME" \ 46 --ciphertext-file=secret/encrypted-reviewdog.private-key.pem.bin \ 47 --plaintext-file=secret/reviewdog.private-key.pem 48 gcloud kms decrypt --location=global \ 49 --keyring="$GAE_KEYRING_NAME" \ 50 --key="$GAE_KEY_NAME" \ 51 --ciphertext-file=secret/encrypted-secret.yaml.bin \ 52 --plaintext-file=secret/secret.yaml 53 - name: Deploy 54 run: gcloud --quiet app deploy app.yaml 55 - name: Cleanup 56 run: |- 57 rm secret/reviewdog.private-key.pem 58 rm secret/secret.yaml