Skip to content

feat: add docker-build and cloudrun-deploy composite actions#5

Open
gamechanger1s wants to merge 8 commits into
mainfrom
feat/docker-build-cloudrun-actions
Open

feat: add docker-build and cloudrun-deploy composite actions#5
gamechanger1s wants to merge 8 commits into
mainfrom
feat/docker-build-cloudrun-actions

Conversation

@gamechanger1s
Copy link
Copy Markdown

@gamechanger1s gamechanger1s commented May 25, 2026
edited
Loading

Summary

The existing `build@v2` and `deploy@v2` composite actions are designed around a static-site deployment pattern — they produce a file artifact, upload it between jobs, and push it to a GCS bucket + CDN. They cannot be reused as-is for projects that build a Docker image and deploy to a container runtime.

Rather than adding standalone actions, this PR extends the existing `build@v2` and `deploy@v2` actions with conditional Docker/Cloud Run paths via new opt-in inputs. Existing callers are completely unaffected — all new inputs default to empty and every new step is gated behind its discriminator.

`build@v2` — Docker path (activated by `image-name`)

When `image-name` is set the action switches to Docker build+push mode. The static-build steps (`Build`, `Upload artifact`) are skipped via `if: inputs.image-name == ''`. New steps run in their place:

  • Configures the Docker credential helper for Artifact Registry (`gcloud auth configure-docker`)
  • Optionally fetches build-time env vars from Secret Manager → writes to `.env.production` so framework-level public vars are baked into the client bundle before the image is assembled
  • Sets up Docker Buildx
  • Builds and pushes directly to Artifact Registry (SHA tag + `latest`) in a single step — no inter-job image cache needed

`deploy@v2` — Cloud Run path (activated by `cloudrun-service`)

When `cloudrun-service` is set the action switches to Cloud Run deploy mode. The standard `Deploy` step is skipped via `if: inputs.cloudrun-service == ''`. New steps run in their place:

  • Optionally fetches runtime env vars from Secret Manager, masks each value, formats them as `KEY=VALUE,...` and prepends `GOOGLE_CLOUD_PROJECT`
  • Deploys the image to Cloud Run via `deploy-cloudrun@v2` with the `overwrite` env var strategy

Design decisions

  • Single discriminator per action — `image-name` for build, `cloudrun-service` for deploy. Non-empty = new path, empty = existing path. No ambiguous mode flags.
  • Shared auth step — the existing `Authenticate` step is unchanged and runs for both paths whenever GCP/AWS credentials are provided.
  • `Summary` step handles both paths — emits image info on Docker path, env+output on static path.
  • Standalone actions removed — `docker-build` and `cloudrun-deploy` introduced in the first commit of this branch have been removed in favour of this approach.

Test plan

  • Existing caller (`frontend-web` using `build@v2` with `node-version` + `output: artifact`) continues to work unchanged
  • New Docker caller passes `image-name` → Docker path runs, static steps are skipped
  • `build@v2` correctly writes `.env.production` when `gcp-secret-name` is provided, skips when empty
  • New Cloud Run caller passes `cloudrun-service` → Cloud Run path runs, standard deploy step is skipped
  • `deploy@v2` injects env vars correctly when `gcp-secret-name` is provided, deploys cleanly when empty
  • Merge and move the `v2` tag to this commit

🤖 Generated with Claude Code

gamechanger1s and others added 8 commits May 25, 2026 17:01
@gamechanger1s @claude
feat: add docker-build and cloudrun-deploy composite actions
dadfba0 
docker-build: WIF auth → Secret Manager → .env.production → buildx build+push to Artifact Registry
cloudrun-deploy: WIF auth → Secret Manager → format env_vars → deploy-cloudrun
Both actions eliminate the need for separate publish jobs or inter-job Docker caches.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@gamechanger1s @claude
feat: extend build and deploy actions with Docker/Cloud Run path
becb1b1 
Add Docker build+push path to build@v2 (activated by image-name input)
and Cloud Run deploy path to deploy@v2 (activated by cloudrun-service input).
Existing static-site callers are unaffected — new inputs default to empty
and all new steps are gated behind their respective discriminator inputs.
Remove standalone docker-build and cloudrun-deploy actions.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@gamechanger1s
fix: replace Unicode box-drawing chars with plain ASCII in action com…
11fe6d0 
…ments

GitHub's YAML parser rejected inputs from both actions because UTF-8
multi-byte characters (U+2500, U+2014) in comment lines caused silent
parse failure, making all inputs appear undefined.
@gamechanger1s @claude
chore: pin third-party action refs to commit SHAs
21b5c44 
Replaces mutable version tags with pinned commit SHAs in the Docker
and Cloud Run steps of build and deploy actions to prevent supply
chain attacks.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@gamechanger1s @claude
fix: write maintainedVersion to .semrelrc instead of using CLI flag
8163572 
The --maintained-version CLI flag expects a semver constraint (e.g. 1)
not a prerelease identifier. Writing maintainedVersion to .semrelrc matches
how go-semantic-release expects the config, producing v{major}.x.y-rc.N tags.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@gamechanger1s @claude
docs: update README with Docker/Cloud Run paths and versioning behaviour
7cca49b 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@gamechanger1s @claude
revert: restore --maintained-version CLI flag in version.yml
0ed068e 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@gamechanger1s @claude
docs: revert version prerelease section from README
1596972 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gamechanger1s