50 lines
1.6 KiB
YAML
50 lines
1.6 KiB
YAML
name: Build and Deploy to Cloud Run
|
|
|
|
on:
|
|
push:
|
|
branches: [ "main" ]
|
|
|
|
env:
|
|
PROJECT_ID: your-project-id
|
|
REGION: asia-northeast1 # 既然你在日本,建议选东京或大阪
|
|
SERVICE_NAME: my-node-app
|
|
REPOSITORY: my-repo
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: 'read'
|
|
id-token: 'write' # WIF 身份验证必填
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
# 1. 身份验证 (使用 Workload Identity Federation)
|
|
- name: Google Auth
|
|
uses: google-github-actions/auth@v2
|
|
with:
|
|
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
|
|
service_account: 'my-service-account@your-project-id.iam.gserviceaccount.com'
|
|
|
|
# 2. 配置 Docker 认证
|
|
- name: Docker Auth
|
|
run: |-
|
|
gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev --quiet
|
|
|
|
# 3. 构建并推送镜像
|
|
- name: Build and Push Container
|
|
run: |-
|
|
DOCKER_TAG="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE_NAME }}:${{ github.sha }}"
|
|
docker build -t $DOCKER_TAG .
|
|
docker push $DOCKER_TAG
|
|
|
|
# 4. 部署到 Cloud Run
|
|
- name: Deploy to Cloud Run
|
|
uses: google-github-actions/deploy-cloudrun@v2
|
|
with:
|
|
service: ${{ env.SERVICE_NAME }}
|
|
region: ${{ env.REGION }}
|
|
image: ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE_NAME }}:${{ github.sha }}
|