@vaharoni/devops 1.1.9 → 1.1.11

package/dist/cli/cloudrun.js

@@ -2,7 +2,7 @@ import { CLICommandParser, printUsageAndExit, StrongParams } from "./common";
 import { buildDev, deploy } from "../libs/cloudrun-helpers";
 const oneLiner = "Supports cloudrun images";
 const keyExamples = `
-    $ devops cloudrun deploy cloudrun-image SHA --env staging --region us-central1 [--forward-env ENV1,ENV2 --allow-unauthenticated]
+    $ devops cloudrun deploy cloudrun-image SHA --env staging --region us-east1 [--forward-env ENV1,ENV2 --allow-unauthenticated]
     $ devops cloudrun build-dev cloudrun-image
 `.trim();
 const usage = `

package/dist/libs/cloudrun-helpers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cloudrun-helpers.d.ts","sourceRoot":"","sources":["../../src/libs/cloudrun-helpers.ts"],"names":[],"mappings":"AA0CA,wBAAsB,QAAQ,CAAC,KAAK,EAAE,MAAM,iBAyB3C;AAED,wBAAsB,MAAM,CAAC,EAC3B,KAAK,EACL,GAAG,EACH,GAAG,EACH,MAAM,EACN,UAAe,EACf,oBAA4B,EAC5B,GAAY,EACZ,MAAgB,EAChB,YAAgB,EAChB,YAAgB,EAChB,OAAe,EACf,SAAc,GACf,EAAE;IACD,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,iBAsBA"}
+{"version":3,"file":"cloudrun-helpers.d.ts","sourceRoot":"","sources":["../../src/libs/cloudrun-helpers.ts"],"names":[],"mappings":"AA0CA,wBAAsB,QAAQ,CAAC,KAAK,EAAE,MAAM,iBA0B3C;AAED,wBAAsB,MAAM,CAAC,EAC3B,KAAK,EACL,GAAG,EACH,GAAG,EACH,MAAM,EACN,UAAe,EACf,oBAA4B,EAC5B,GAAY,EACZ,MAAgB,EAChB,YAAgB,EAChB,YAAgB,EAChB,OAAe,EACf,SAAc,GACf,EAAE;IACD,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,iBAsBA"}

package/dist/libs/cloudrun-helpers.js

@@ -52,8 +52,9 @@ export async function buildDev(image) {
     await new CommandExecutor(`docker push ${tag}`, { env }).spawn();
     console.warn(`\n✅ Built and pushed ${tag}\n`);
     console.warn('Run "devops cloudrun deploy" next. For example:');
-    console.warn(chalk.blue(`./devops cloudrun deploy ${image} ${sha} --env ${env} --allow-unauthenticated --region us-east1 --forward-env ENV1,ENV2`));
-    console.warn();
+    console.warn(chalk.blue(`./devops cloudrun deploy ${image} ${sha} --env ${env} --allow-unauthenticated --region us-east1 --forward-env ENV1,ENV2 --service-account RUNTIME_SA`));
+    console.warn(chalk.yellow(`\n\nRUNTIME_SA is the name of the service account used to run the Cloud Run service.`));
+    console.warn(chalk.yellow(`Find it with "gcloud iam service-accounts list"\n`));
     console.log(tag);
 }
 export async function deploy({ image, env, sha, region, forwardEnv = [], allowUnauthenticated = false, cpu = "0.25", memory = "256Mi", minInstances = 0, maxInstances = 1, timeout = "60s", extraArgs = "", }) {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@vaharoni/devops",
   "type": "module",
-  "version": "1.1.9",
+  "version": "1.1.11",
   "description": "Devops utility",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",

package/src/cli/cloudrun.ts

@@ -4,7 +4,7 @@ import { buildDev, deploy } from "../libs/cloudrun-helpers";
 const oneLiner =
   "Supports cloudrun images";
 const keyExamples = `
-    $ devops cloudrun deploy cloudrun-image SHA --env staging --region us-central1 [--forward-env ENV1,ENV2 --allow-unauthenticated]
+    $ devops cloudrun deploy cloudrun-image SHA --env staging --region us-east1 [--forward-env ENV1,ENV2 --allow-unauthenticated]
     $ devops cloudrun build-dev cloudrun-image
 `.trim();
 

package/src/libs/cloudrun-helpers.ts

@@ -62,8 +62,9 @@ export async function buildDev(image: string) {
 
   console.warn(`\n✅ Built and pushed ${tag}\n`);
   console.warn('Run "devops cloudrun deploy" next. For example:')
-  console.warn(chalk.blue(`./devops cloudrun deploy ${image} ${sha} --env ${env} --allow-unauthenticated --region us-east1 --forward-env ENV1,ENV2`));
-  console.warn();
+  console.warn(chalk.blue(`./devops cloudrun deploy ${image} ${sha} --env ${env} --allow-unauthenticated --region us-east1 --forward-env ENV1,ENV2 --service-account RUNTIME_SA`));
+  console.warn(chalk.yellow(`\n\nRUNTIME_SA is the name of the service account used to run the Cloud Run service.`));
+  console.warn(chalk.yellow(`Find it with "gcloud iam service-accounts list"\n`));
   console.log(tag);
 }
 

package/src/target-templates/infra-variants/digitalocean/.github/workflows/k8s-build.yaml

@@ -9,6 +9,8 @@ on:
 permissions:
   contents: read
   packages: read
+  # For deploying images to Cloud Run
+  # id-token: write
 
 jobs:
   build_images:
@@ -35,6 +37,14 @@ jobs:
           access_token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
           cluster_name: ${{ secrets.DIGITALOCEAN_CLUSTER_NAME }}
 
+      # For deploying images to Cloud Run
+      # - name: Connect to Cloud Run
+      #   uses: ./.github/actions/connect-to-cloud-run@v1
+      #   with:
+      #     project_id: ${{ vars.GCP_PROJECT_ID }}
+      #     project_number: ${{ vars.GCP_PROJECT_NUMBER }}
+      #     region: ${{ vars.GCP_ARTIFACT_REGISTRY_REGION }}
+
       - name: Build image
         uses: ./.github/actions/build-image@v1
         with:
@@ -59,15 +69,23 @@ jobs:
         with:
           access_token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
           cluster_name: ${{ secrets.DIGITALOCEAN_CLUSTER_NAME }}
-          
+
+      # For deploying images to Cloud Run
+      # - name: Connect to Cloud Run
+      #   uses: ./.github/actions/connect-to-cloud-run@v1
+      #   with:
+      #     project_id: ${{ vars.GCP_PROJECT_ID }}
+      #     project_number: ${{ vars.GCP_PROJECT_NUMBER }}
+      #     region: ${{ vars.GCP_ARTIFACT_REGISTRY_REGION }}
+
       - name: Run DB Migrate
         uses: ./.github/actions/db-migrate@v1
 
       # Repeat per image (it checks if the image is affected and deploys it if it is)
       - name: Deploy main node
-        uses: ./.github/actions/deploy-image@v1
+        uses: ./.github/actions/deploy-image-k8s@v1
         with: { "image_name": "main-node" }
 
       - name: Deploy main python
-        uses: ./.github/actions/deploy-image@v1
+        uses: ./.github/actions/deploy-image-k8s@v1
         with: { "image_name": "main-python" }

package/src/target-templates/infra-variants/gcloud/.github/workflows/k8s-build.yaml

@@ -9,6 +9,8 @@ on:
 permissions:
   contents: read
   packages: read
+  # For deploying images to Cloud Run
+  # id-token: write
 
 jobs:
   build_images:
@@ -35,7 +37,15 @@ jobs:
           project_id: ${{ secrets.GCLOUD_PROJECT_ID }}
           zone: ${{ secrets.GCLOUD_ZONE }}
           cluster_name: ${{ secrets.GCLOUD_CLUSTER_NAME }}
-          service_account_key: ${{ secrets.GCLOUD_SA_KEY }}        
+          service_account_key: ${{ secrets.GCLOUD_SA_KEY }}
+
+      # For deploying images to Cloud Run
+      # - name: Connect to Cloud Run
+      #   uses: ./.github/actions/connect-to-cloud-run@v1
+      #   with:
+      #     project_id: ${{ vars.GCP_PROJECT_ID }}
+      #     project_number: ${{ vars.GCP_PROJECT_NUMBER }}
+      #     region: ${{ vars.GCP_ARTIFACT_REGISTRY_REGION }}
 
       - name: Build image
         uses: ./.github/actions/build-image@v1
@@ -64,14 +74,22 @@ jobs:
           cluster_name: ${{ secrets.GCLOUD_CLUSTER_NAME }}
           service_account_key: ${{ secrets.GCLOUD_SA_KEY }}
 
+      # For deploying images to Cloud Run
+      # - name: Connect to Cloud Run
+      #   uses: ./.github/actions/connect-to-cloud-run@v1
+      #   with:
+      #     project_id: ${{ vars.GCP_PROJECT_ID }}
+      #     project_number: ${{ vars.GCP_PROJECT_NUMBER }}
+      #     region: ${{ vars.GCP_ARTIFACT_REGISTRY_REGION }}
+
       - name: Run DB Migrate
         uses: ./.github/actions/db-migrate@v1
 
       # Repeat per image (it checks if the image is affected and deploys it if it is)
       - name: Deploy main node
-        uses: ./.github/actions/deploy-image@v1
+        uses: ./.github/actions/deploy-image-k8s@v1
         with: { "image_name": "main-node" }
 
       - name: Deploy main python
-        uses: ./.github/actions/deploy-image@v1
+        uses: ./.github/actions/deploy-image-k8s@v1
         with: { "image_name": "main-python" }

package/src/target-templates/infra-variants/hetzner/.github/workflows/k8s-build.yaml

@@ -9,6 +9,8 @@ on:
 permissions:
   contents: read
   packages: read
+  # For deploying images to Cloud Run
+  # id-token: write
 
 jobs:
   build_images:
@@ -34,7 +36,15 @@ jobs:
         with:
           kubeconfig: ${{ secrets.HCLOUD_KUBECONFIG }}
           harbor_user: ${{ secrets.HARBOR_USER }}
-          harbor_password: ${{ secrets.HARBOR_PASSWORD }}        
+          harbor_password: ${{ secrets.HARBOR_PASSWORD }}
+
+      # For deploying images to Cloud Run
+      # - name: Connect to Cloud Run
+      #   uses: ./.github/actions/connect-to-cloud-run@v1
+      #   with:
+      #     project_id: ${{ vars.GCP_PROJECT_ID }}
+      #     project_number: ${{ vars.GCP_PROJECT_NUMBER }}
+      #     region: ${{ vars.GCP_ARTIFACT_REGISTRY_REGION }}
 
       - name: Build image
         uses: ./.github/actions/build-image@v1
@@ -60,16 +70,24 @@ jobs:
         with:
           kubeconfig: ${{ secrets.HCLOUD_KUBECONFIG }}
           harbor_user: ${{ secrets.HARBOR_USER }}
-          harbor_password: ${{ secrets.HARBOR_PASSWORD }}        
+          harbor_password: ${{ secrets.HARBOR_PASSWORD }}
+
+      # For deploying images to Cloud Run
+      # - name: Connect to Cloud Run
+      #   uses: ./.github/actions/connect-to-cloud-run@v1
+      #   with:
+      #     project_id: ${{ vars.GCP_PROJECT_ID }}
+      #     project_number: ${{ vars.GCP_PROJECT_NUMBER }}
+      #     region: ${{ vars.GCP_ARTIFACT_REGISTRY_REGION }}
 
       - name: Run DB Migrate
         uses: ./.github/actions/db-migrate@v1
 
       # Repeat per image (it checks if the image is affected and deploys it if it is)
       - name: Deploy main node
-        uses: ./.github/actions/deploy-image@v1
+        uses: ./.github/actions/deploy-image-k8s@v1
         with: { "image_name": "main-node" }
 
       - name: Deploy main python
-        uses: ./.github/actions/deploy-image@v1
+        uses: ./.github/actions/deploy-image-k8s@v1
         with: { "image_name": "main-python" }

package/src/target-templates/lang-variants-common/typescript/.github/actions/deploy-image-cloudrun@v1/action.yaml

@@ -0,0 +1,71 @@
+name: "Deploy image"
+description: "Deploy the specified image if it's affected and set its version"
+inputs:
+  project_id: 
+    description: 'The GCP project ID of the Cloud Run service'
+    required: true
+  image_name:
+    description: 'The image key in images.yaml'
+    required: true
+  region:
+    description: 'The region of the Cloud Run service'
+    required: true
+  sa_id:
+    description: 'The name of the service account used to run the Cloud Run service'
+    required: true
+  forward_env:
+    description: 'The environment variables to forward to the Cloud Run service (comma separated, e.g. ENV1,ENV2)'
+    required: false
+  allow_unauthenticated:
+    description: 'Whether to allow unauthenticated access to the Cloud Run service. Send "true" to allow unauthenticated access.'
+    required: false
+outputs:
+  affected:
+    description: 'Whether the specified image is affected (computed before deploy)'
+    value: ${{ steps.check_affected.outputs.affected }}
+runs:
+  using: "composite"
+  steps:
+    - name: Setup basic vars
+      shell: bash
+      run: |
+        echo "IMAGE_NAME=${{ inputs.image_name }}" >> $GITHUB_ENV
+
+    - name: Check if affected
+      id: check_affected
+      shell: bash
+      run: |
+        AFFECTED=$(devops affected image $IMAGE_NAME --from-live-version)
+        echo "affected=$AFFECTED" >> $GITHUB_OUTPUT
+        echo "affected=$AFFECTED"
+        if [[ "$AFFECTED" == "true" ]]; then
+          echo "${{ env.IMAGE_NAME }} is affected. Proceeding with deployment."
+        else
+          echo "${{ env.IMAGE_NAME }} is not affected. Skipping."
+        fi
+
+    - name: Deploy
+      shell: bash
+      if: steps.check_affected.outputs.affected == 'true'
+      run: |
+        RUNTIME_SA="${{ inputs.sa_id }}@${{ inputs.project_id }}.iam.gserviceaccount.com"
+
+        if [[ -z "${{ inputs.forward_env }}" ]]; then
+          FORWARD_ENV=""
+        else
+          FORWARD_ENV="--forward-env ${{ inputs.forward_env }}"
+        fi
+
+        if [[ "${{ inputs.allow_unauthenticated }}" == "true" ]]; then
+          ALLOW_UNAUTHENTICATED="--allow-unauthenticated"
+        else
+          ALLOW_UNAUTHENTICATED="--no-allow-unauthenticated"
+        fi
+
+        devops cloudrun deploy ${{ env.IMAGE_NAME }} ${{ github.sha }} \
+          --region ${{ inputs.region }} \
+          --service-account ${RUNTIME_SA} \
+          ${FORWARD_ENV} \
+          ${ALLOW_UNAUTHENTICATED}
+
+        devops image version set ${{ env.IMAGE_NAME }} ${{ github.sha }}