Add deployment actions

[thclark]

Feature request

Use Case

Octue deploy commands are a bit difficult to execute and use, and our deployment process is still extremely rough around the edges.

What would be great is if our deployment with all its tagging, addressing and traffic routing were seamlessly managed by a GitHub Action, of the following kind:

      - name: Build
        uses: octue/build-python@v1
        # Does stuff like:
        # - name: Set up QEMU
        #   uses: docker/setup-qemu-action@v1

        # - name: Set up Docker Buildx
        #   uses: docker/setup-buildx-action@v1

        # - name: Build
        #   uses: docker/build-push-action@v2
        #   with:
        #     context: .
        #     platforms: linux/amd64
        #     file: .gcloud/api/Dockerfile
        #     load: true # Load built image into the docker engine ready for test...
        #     push: false # ...but don't push it until after test success
        #     tags: api:test
        #     cache-from: type=gha
        #     cache-to: type=gha,mode=max

      - name: Deploy
        uses: octue/deploy-gcp@v1
        region: europe-west-1
        kind: cloud-run # or cloud-function, dataflow, compute-engine
        project: project-name
        options:
          - machine: m1-small
            cpus: 26
            memory: 6 #gb

        # Does stuff like
        # - name: Authenticate with GCP Workload Identity
        #   id: auth
        #   uses: google-github-actions/auth@v0.6.0
        #   with:
        #     # NOTE: If setting create_credentials_file=true, .dockerignore file must include `gha-creds-*.json` to avoid baking these credentials into build
        #     create_credentials_file: true
        #     workload_identity_provider: projects/506632032451/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider
        #     service_account: github-actions@project-name.iam.gserviceaccount.com

        # - name: Setup gcloud
        #   uses: "google-github-actions/setup-gcloud@v0"

        # - name: Configure Docker for GCP
        #   run: gcloud auth configure-docker europe-west1-docker.pkg.dev

        # - name: Push main container with latest and version tags
        #   if: ${{ github.event_name == 'push' && steps.branch.outputs.branch_tag == 'main'}}
        #   uses: docker/build-push-action@v2
        #   with:
        #     context: .
        #     platforms: linux/amd64
        #     file: .gcloud/api/Dockerfile
        #     push: true
        #     tags: |
        #       europe-west1-docker.pkg.dev/project-name/api/api:latest
        #       europe-west1-docker.pkg.dev/project-name/api/api:${{steps.version.outputs.version}}
        #     build-args: |
        #       PERSONAL_ACCESS_TOKEN_GITHUB=${{ secrets.PACKAGE_TOKEN_GITHUB }}

        # - name: Push branch container with latest tag
        #   if: ${{ github.event_name != 'push' || steps.branch.outputs.branch_tag != 'main'}}
        #   uses: docker/build-push-action@v2
        #   with:
        #     context: .
        #     platforms: linux/amd64
        #     file: .gcloud/api/Dockerfile
        #     push: true
        #     tags: europe-west1-docker.pkg.dev/project-name/api/api:${{ steps.branch.outputs.branch_tag}}-latest
        #
        # - Then invoke terraform to deploy etc

Current state

We use the octue deploy command to generate a dockerfile and a custom cloud build script which then must be invoked by cloudbuild.

[thclark]

We could start this with an action that creates deployment-specific Topic and Subscription resources, which would be a good way of nibbling in. This should be modelled on the work we're doing in the windquest services to create revision-specific deployments.

[cortadocodes]

We now have these actions:

• octue/get-deployment-info
• octue/create-push-subscription
• octue/register-service-revision

A next step could be to create a reusable workflow from the workflows we already have in various services' repositories to automate this further.