SightLine/.github/workflows/deploy.yml at main · SunflowersLwtech/SightLine · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
# =============================================================================
# SightLine — Automated Cloud Deployment (CI/CD)
# Triggers on push to main: Test → Build → Push → Deploy → Verify
# =============================================================================

name: Deploy to Google Cloud Run

on:
  push:
    branches: [main]
    paths-ignore:
      - '*.md'
      - 'docs/**'
      - 'SightLine/**'          # iOS source changes don't need backend redeploy
      - 'SightLineWatch/**'
      - 'SightLineTests/**'
      - '.gitignore'

  workflow_dispatch:             # Allow manual trigger from GitHub UI

env:
  PROJECT_ID: sightline-hackathon
  REGION: us-central1
  SERVICE_NAME: sightline-backend
  AR_REPO: sightline
  IMAGE: us-central1-docker.pkg.dev/sightline-hackathon/sightline/sightline-backend

jobs:
  # ---------------------------------------------------------------------------
  # Stage 1: Run backend unit tests
  # ---------------------------------------------------------------------------
  test:
    name: Run Tests
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Set up Python 3.12
        uses: actions/setup-python@v5
        with:
          python-version: '3.12'
          cache: 'pip'

      - name: Install dependencies
        run: |
          pip install --upgrade pip
          pip install -r requirements-dev.txt

      - name: Run Ruff
        run: ruff check .

      - name: Run unit tests
        run: pytest tests/ -v --tb=short
        env:
          GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}

  # ---------------------------------------------------------------------------
  # Stage 2: Build Docker image and push to Artifact Registry
  # ---------------------------------------------------------------------------
  build-and-push:
    name: Build & Push Image
    needs: test
    runs-on: ubuntu-latest

    permissions:
      contents: read
      id-token: write           # Required for Workload Identity Federation

    steps:
      - uses: actions/checkout@v4

      - name: Authenticate to Google Cloud
        uses: google-github-actions/auth@v2
        with:
          credentials_json: ${{ secrets.GCP_SA_KEY }}

      - name: Set up Cloud SDK
        uses: google-github-actions/setup-gcloud@v2

      - name: Configure Docker for Artifact Registry
        run: gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev --quiet

      - name: Build Docker image
        run: |
          docker build \
            -t ${{ env.IMAGE }}:latest \
            -t ${{ env.IMAGE }}:${{ github.sha }} \
            .

      - name: Push Docker image
        run: |
          docker push ${{ env.IMAGE }}:latest
          docker push ${{ env.IMAGE }}:${{ github.sha }}

  # ---------------------------------------------------------------------------
  # Stage 3: Deploy to Cloud Run
  # ---------------------------------------------------------------------------
  deploy:
    name: Deploy to Cloud Run
    needs: build-and-push
    runs-on: ubuntu-latest

    permissions:
      contents: read
      id-token: write

    steps:
      - name: Authenticate to Google Cloud
        uses: google-github-actions/auth@v2
        with:
          credentials_json: ${{ secrets.GCP_SA_KEY }}

      - name: Deploy to Cloud Run
        uses: google-github-actions/deploy-cloudrun@v2
        with:
          service: ${{ env.SERVICE_NAME }}
          image: ${{ env.IMAGE }}:${{ github.sha }}
          region: ${{ env.REGION }}
          flags: |
            --allow-unauthenticated
            --min-instances=1
            --max-instances=10
            --timeout=3600
            --memory=2Gi
            --cpu=2
            --no-cpu-throttling
            --concurrency=8
            --cpu-boost
            --service-account=sightline-backend@sightline-hackathon.iam.gserviceaccount.com
            --set-secrets=GOOGLE_API_KEY=gemini-api-key:latest,GOOGLE_MAPS_API_KEY=google-maps-api-key:latest
          env_vars: |
            GOOGLE_GENAI_USE_VERTEXAI=TRUE
            GOOGLE_CLOUD_LOCATION=us-central1
            ALLOWED_ORIGINS=https://sightline-backend-kp47ssyf4q-uc.a.run.app

      - name: Verify deployment
        run: |
          URL=$(gcloud run services describe ${{ env.SERVICE_NAME }} \
            --region=${{ env.REGION }} \
            --format='value(status.url)')
          echo "Service URL: $URL"

          STATUS=$(curl -s -o /dev/null -w "%{http_code}" "$URL/health" --max-time 30 || echo "000")
          echo "Health check: HTTP $STATUS"

          if [ "$STATUS" != "200" ]; then
            echo "::error::Health check returned HTTP $STATUS — deployment may be broken"
            exit 1
          else
            echo "Deployment verified successfully!"
          fi