From c09db1b119b0c18a2efb9f560e0a96608089759b Mon Sep 17 00:00:00 2001 From: Olivier Chafik Date: Thu, 23 Apr 2026 14:19:59 +0100 Subject: [PATCH] ci: add optional Cloud Run deploy job gated on repo variables The deploy job is skipped unless GCP_PROJECT_ID is set as a repository variable, so it is a no-op for the public repo and forks. A downstream mirror that sets the required variables (GCP_PROJECT_ID, GCP_WIF_PROVIDER, CLOUD_RUN_SERVICE, CLOUD_RUN_REGION, BASE_URI, CLOUD_RUN_VPC_CONNECTOR, CLOUD_RUN_SERVICE_ACCOUNT) gets automatic deploys on push to main without carrying a workflow diff. Sets --memory=1Gi since the default 512Mi was running at 95-98% utilization under typical load. --- .github/workflows/main.yml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1ca5b2e..0b52da5 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -24,3 +24,40 @@ jobs: - run: npm test - run: npm run lint + + deploy: + runs-on: ubuntu-latest + needs: build + if: github.ref == 'refs/heads/main' && vars.GCP_PROJECT_ID != '' + permissions: + contents: read + id-token: write + + steps: + - uses: actions/checkout@v4 + + - uses: google-github-actions/auth@v2 + with: + project_id: ${{ vars.GCP_PROJECT_ID }} + workload_identity_provider: ${{ vars.GCP_WIF_PROVIDER }} + + - id: deploy + uses: google-github-actions/deploy-cloudrun@v2 + with: + service: ${{ vars.CLOUD_RUN_SERVICE }} + region: ${{ vars.CLOUD_RUN_REGION }} + source: . + env_vars: |- + BASE_URI=${{ vars.BASE_URI }} + NODE_ENV=production + REDIS_TLS=0 + secrets: |- + REDIS_URL=REDIS_URL:latest + flags: |- + --vpc-connector=${{ vars.CLOUD_RUN_VPC_CONNECTOR }} + --service-account=${{ vars.CLOUD_RUN_SERVICE_ACCOUNT }} + --allow-unauthenticated + --min-instances=1 + --max-instances=20 + --concurrency=250 + --memory=1Gi