accounts/.github/workflows/deploy.yml

50 lines
1.6 KiB
YAML

name: Build and Deploy to Cloud Run
on:
push:
branches: [ "main" ]
env:
PROJECT_ID: your-project-id
REGION: asia-northeast1 # 既然你在日本,建议选东京或大阪
SERVICE_NAME: my-node-app
REPOSITORY: my-repo
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
contents: 'read'
id-token: 'write' # WIF 身份验证必填
steps:
- name: Checkout
uses: actions/checkout@v4
# 1. 身份验证 (使用 Workload Identity Federation)
- name: Google Auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: 'my-service-account@your-project-id.iam.gserviceaccount.com'
# 2. 配置 Docker 认证
- name: Docker Auth
run: |-
gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev --quiet
# 3. 构建并推送镜像
- name: Build and Push Container
run: |-
DOCKER_TAG="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE_NAME }}:${{ github.sha }}"
docker build -t $DOCKER_TAG .
docker push $DOCKER_TAG
# 4. 部署到 Cloud Run
- name: Deploy to Cloud Run
uses: google-github-actions/deploy-cloudrun@v2
with:
service: ${{ env.SERVICE_NAME }}
region: ${{ env.REGION }}
image: ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE_NAME }}:${{ github.sha }}