Skip to content

Move from Google Cloud to Railsway #335

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ai wants to merge 2 commits into from
Closed

Move from Google Cloud to Railsway #335

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d18a9b7
Replace deploy to Google Cloud with publishing Docker image to GitHub
ai Feb 18, 2026
54f0be0
Start preview deploy only on preview tag to improve security
ai Feb 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 0 additions & 90 deletions .github/actions/deploy/action.yml
View file
Open in desktop

This file was deleted.

27 changes: 11 additions & 16 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ jobs:
if: github.ref == 'refs/heads/main'
permissions:
contents: read
id-token: write
packages: write
concurrency:
group: staging-web
runs-on: ubuntu-latest
Expand All @@ -74,29 +74,24 @@ jobs:
allowed-endpoints: >
9236a389bd48b984df91adc1bc924620.r2.cloudflarestorage.com:443
api.github.com:443
artifactregistry.googleapis.com:443
cgr.dev:443
dl.google.com:443
europe-west1-docker.pkg.dev:443
europe-west1-run.googleapis.com:443
github.com:443
iamcredentials.googleapis.com:443
raw.githubusercontent.com:443
run.googleapis.com:443
serviceusage.googleapis.com:443
sts.googleapis.com:443
ghcr.io:443
- name: Checkout the repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Download web assets from test step
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
name: web-client-assets-${{ github.sha }}
path: web/
- name: Deploy to Google Cloud
uses: ./.github/actions/deploy
- name: Build Docker image
run: docker build -t ghcr.io/hplush/slowreader-web:dev ./web/
- name: Login to GitHub Container Registry
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
projectId: slowreader-453400
region: europe-west1
folder: ./web/
registry: staging/web
service: staging-web
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push Docker image
run: docker push ghcr.io/hplush/slowreader-web:dev
11 changes: 0 additions & 11 deletions .github/workflows/preview-clean.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,6 @@ jobs:
close:
name: Close
runs-on: ubuntu-latest
env:
PROJECT_ID: slowreader-453400
REGION: europe-west1
steps:
- name: Harden the runner
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
Expand All @@ -24,18 +21,10 @@ jobs:
9236a389bd48b984df91adc1bc924620.r2.cloudflarestorage.com:443
api.github.com:443
apk.cgr.dev:443
artifactregistry.googleapis.com:443
cgr.dev:443
dl.google.com:443
europe-west1-docker.pkg.dev:443
europe-west1-run.googleapis.com:443
github.com:443
iamcredentials.googleapis.com:443
nodejs.org:443
raw.githubusercontent.com:443
run.googleapis.com:443
serviceusage.googleapis.com:443
sts.googleapis.com:443
- name: Download PR number from prepare step
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
Expand Down
40 changes: 18 additions & 22 deletions .github/workflows/preview-deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,18 +25,10 @@ jobs:
9236a389bd48b984df91adc1bc924620.r2.cloudflarestorage.com:443
api.github.com:443
apk.cgr.dev:443
artifactregistry.googleapis.com:443
cgr.dev:443
dl.google.com:443
europe-west1-docker.pkg.dev:443
europe-west1-run.googleapis.com:443
github.com:443
iamcredentials.googleapis.com:443
nodejs.org:443
raw.githubusercontent.com:443
run.googleapis.com:443
serviceusage.googleapis.com:443
sts.googleapis.com:443
- name: Checkout the repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Download server from prepare step
Expand All @@ -46,12 +38,19 @@ jobs:
repository: ${{ github.repository_owner }}/${{ github.event.repository.name }}
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.PREVIEW_ARTIFACT_PAT }}
- name: Extract archive to restore symlinks
run: tar -xf server.tar
- name: Extract PR number
run: |
PR_NUMBER=$(cat ./preview-id)
echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
- name: Check preview label
run: |
LABELS=$(gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json labels --jq '.labels[].name')
if ! echo "$LABELS" | grep -qx 'preview'; then
echo "PR #$PR_NUMBER does not have 'preview' label, skipping deploy"
exit 1
fi
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Notify about new deployment
uses: bobheadxi/deployments@648679e8e4915b27893bd7dbc35cb504dc915bc8 # v1.5.0
id: status
Expand All @@ -60,19 +59,16 @@ jobs:
token: ${{ secrets.GITHUB_TOKEN }}
ref: ${{ github.event.workflow_run.head_commit.id }}
env: preview-${{ env.PR_NUMBER }}
- name: Deploy to Google Cloud
id: deploy
uses: ./.github/actions/deploy
- name: Load Docker image
run: docker load < image.tar
- name: Login to GitHub Container Registry
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
projectId: slowreader-453400
region: europe-west1
folder: ./server/
registry: staging/server
service: staging-server
tag: preview-${{ env.PR_NUMBER }}
env: ASSETS=1,DATABASE_URL=memory://,PROXY_ORIGIN=^https:\/\/preview-\d+---staging-server-300174498438\.europe-west1\.run\.app$
# flags: |
# --update-secrets DATABASE_URL=preview-db-url:latest
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push Docker image
run: docker push ghcr.io/hplush/slowreader-proxy:dev
- name: Update deployment status
uses: bobheadxi/deployments@648679e8e4915b27893bd7dbc35cb504dc915bc8 # v1.5.0
if: always()
Expand Down
16 changes: 10 additions & 6 deletions .github/workflows/preview-prepare.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
name: Start Preview Deployment
on:
pull_request:
types:
- labeled
- synchronize
- opened
paths-ignore:
- '**/*.md'
- 'scripts/**'
Expand All @@ -19,6 +23,7 @@ jobs:
prepare:
name: Prepare
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'preview')
steps:
- name: Harden the runner
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
Expand All @@ -42,19 +47,18 @@ jobs:
STAGING: 1
- name: Build server
run: cd server && node --run build
- name: Build Docker image
run: docker build -t ghcr.io/hplush/slowreader:preview-${{ github.event.pull_request.number }} ./server/
- name: Export image to tar
run: docker save ghcr.io/hplush/slowreader:preview-${{ github.event.pull_request.number }} > ./image.tar
- name: Save PR number
run: echo "${{ github.event.pull_request.number }}" > ./preview-id
- name: Create archive to keep symlinks
run: tar -cf server.tar server/dist/
- name: Save server for deploy
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: preview-server
retention-days: 1
include-hidden-files: true
path: |
server/web/
server/Dockerfile
server/.dockerignore
preview-id
server.tar
image.tar
30 changes: 11 additions & 19 deletions .github/workflows/proxy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ on:
- 'pnpm-lock.yaml'
- '.github/workflows/proxy.yml'
- '.github/actions/init-node/action.yml'
- '.github/actions/deploy/action.yml'
pull_request:
paths:
- 'proxy/*'
Expand All @@ -19,7 +18,6 @@ on:
- 'pnpm-lock.yaml'
- '.github/workflows/proxy.yml'
- '.github/actions/init-node/action.yml'
- '.github/actions/deploy/action.yml'
jobs:
test:
name: Proxy Test
Expand Down Expand Up @@ -94,7 +92,7 @@ jobs:
if: github.ref == 'refs/heads/main'
permissions:
contents: read
id-token: write
packages: write
concurrency:
group: staging-proxy
runs-on: ubuntu-latest
Expand All @@ -107,18 +105,11 @@ jobs:
9236a389bd48b984df91adc1bc924620.r2.cloudflarestorage.com:443
api.github.com:443
apk.cgr.dev:443
artifactregistry.googleapis.com:443
cgr.dev:443
dl.google.com:443
europe-west1-docker.pkg.dev:443
europe-west1-run.googleapis.com:443
github.com:443
iamcredentials.googleapis.com:443
nodejs.org:443
raw.githubusercontent.com:443
run.googleapis.com:443
serviceusage.googleapis.com:443
sts.googleapis.com:443
ghcr.io:443
- name: Checkout the repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Download web assets from test step
Expand All @@ -128,12 +119,13 @@ jobs:
path: ./
- name: Extract archive to restore symlinks
run: tar -xf proxy.tar
- name: Deploy to Google Cloud
uses: ./.github/actions/deploy
- name: Build Docker image
run: docker build -t ghcr.io/hplush/slowreader-proxy:dev ./proxy/
- name: Login to GitHub Container Registry
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
projectId: slowreader-453400
region: europe-west1
folder: ./proxy/
registry: staging/proxy
service: staging-proxy
env: STAGING=1,PROXY_ORIGIN=^https:\/\/dev\.slowreader\.app$
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push Docker image
run: docker push ghcr.io/hplush/slowreader-proxy:dev
Loading