sourcebot/.github/workflows/_gcp-deploy.yml

name: GCP Deploy

on:
  workflow_call:
    inputs:
      environment:
        required: true
        description: 'The environment to deploy to'
        type: string

jobs:
  gcp-deploy:
    runs-on: ubuntu-latest
    environment: ${{ inputs.environment }}
    env:
      IMAGE_PATH: us-west1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/sourcebot/sourcebot-${{ vars.NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT }}
    steps:
      - name: 'Checkout'
        uses: 'actions/checkout@v3'
        with:
          submodules: "true"

      # @see: https://github.com/google-github-actions/auth?tab=readme-ov-file#direct-wif
      - name: 'Google auth'
        id: 'auth'
        uses: 'google-github-actions/auth@v2'
        with:
          project_id: '${{ secrets.GCP_PROJECT_ID }}'
          workload_identity_provider: '${{ secrets.GCP_WIF_PROVIDER }}'
          
      - name: 'Set up Cloud SDK'
        uses: 'google-github-actions/setup-gcloud@v1'
        with:
          project_id: '${{ secrets.GCP_PROJECT_ID }}'
          
      - name: 'Docker auth'
        run: |-
          gcloud auth configure-docker us-west1-docker.pkg.dev          

      - name: Configure SSH
        run: |
          mkdir -p ~/.ssh/
          echo "${{ secrets.GCP_SSH_PRIVATE_KEY }}" > ~/.ssh/private.key
          chmod 600 ~/.ssh/private.key
          echo "${{ secrets.GCP_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts          
      
      - name: Build Docker image
        id: build
        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
          tags: |
            ${{ env.IMAGE_PATH }}:${{ github.sha }}
            ${{ env.IMAGE_PATH }}:latest            
          build-args: |
            NEXT_PUBLIC_SOURCEBOT_VERSION=${{ github.ref_name }}
            NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT=${{ vars.NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT }}
            NEXT_PUBLIC_SENTRY_ENVIRONMENT=${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
            NEXT_PUBLIC_SENTRY_WEBAPP_DSN=${{ vars.NEXT_PUBLIC_SENTRY_WEBAPP_DSN }}
            NEXT_PUBLIC_SENTRY_BACKEND_DSN=${{ vars.NEXT_PUBLIC_SENTRY_BACKEND_DSN }}
            NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY=${{ vars.NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY }}
            NEXT_PUBLIC_LANGFUSE_BASE_URL=${{ vars.NEXT_PUBLIC_LANGFUSE_BASE_URL }}
            SENTRY_SMUAT=${{ secrets.SENTRY_SMUAT }}
            SENTRY_ORG=${{ vars.SENTRY_ORG }}
            SENTRY_WEBAPP_PROJECT=${{ vars.SENTRY_WEBAPP_PROJECT }}
            SENTRY_BACKEND_PROJECT=${{ vars.SENTRY_BACKEND_PROJECT }}            

      
      - name: Deploy to GCP
        run: |
          ssh -i ~/.ssh/private.key ${{ secrets.GCP_USERNAME }}@${{ secrets.GCP_HOST }} << 'EOF'
            # First pull the new image
            docker pull ${{ env.IMAGE_PATH }}:${{ github.sha }}

            # Stop and remove any existing container
            docker stop -t 60 sourcebot || true
            docker rm sourcebot || true

            # Run the new container
            docker run -d \
              -p 80:3000 \
              --env-file .env \
              -v /mnt/data:/data \
              --name sourcebot \
              ${{ env.IMAGE_PATH }}:${{ github.sha }}
          EOF