Checking for latest ISO 3166 Updates #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Checking for latest ISO 3166 Updates | |
| on: | |
| schedule: | |
| # Run on first of month, every 3 months (https://crontab.guru) | |
| - cron: '0 0 1 */3 *' | |
| # allow for workflow to be manually initiated from the Actions tab | |
| workflow_dispatch: | |
| jobs: | |
| check_updates: | |
| # permissions for Cloud Run app | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 #checkout repo | |
| - uses: google-github-actions/auth@v0 | |
| with: | |
| workload_identity_provider: '${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER}}' | |
| service_account: ${{ secrets.GCP_SA_EMAIL }} | |
| create_credentials_file: true | |
| activate_credentials_file: true | |
| #setup python env | |
| - name: Setup python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.9' | |
| #export gcloud related Python environment variable | |
| - name: Export CLOUDSDK_PYTHON | |
| run: export CLOUDSDK_PYTHON="/usr/bin/python3" | |
| # #setup and authenticate GCP SDK | |
| # - name: Setup gcloud | |
| # uses: google-github-actions/setup-gcloud@v0.2.0 | |
| # with: | |
| # # service_account_email: ${{ secrets.GCP_SA_EMAIL }} | |
| # # service_account_key: ${{ secrets.GCP_SA_KEY }} | |
| # project_id: ${{ secrets.GCP_PROJECT }} | |
| # # export_default_credentials: true | |
| # # | |
| # - name: 'gcloud login' | |
| # run: |- | |
| # gcloud auth login --brief --cred-file=$GOOGLE_APPLICATION_CREDENTIALS | Y | |
| #setup and authenticate GCP SDK | |
| # - name: Setup gcloud | |
| # uses: google-github-actions/auth@v2 | |
| # with: | |
| # workload_identity_provider: '${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER}}' | |
| # service_account: ${{ secrets.GCP_SA_EMAIL }} | |
| #create Google Cloud Run app using Dockerfile that pulls all the latest ISO 3166 updates data and compares with existing object in GCP bucket, | |
| #if updates are found after month date filter applied that aren't in object then they will be appended to it, delete Cloud Run app after | |
| #execution to save on resources | |
| - name: Create Cloud Run application | |
| run: | | |
| cd iso3166-check-for-updates | |
| docker build -t ${{ secrets.GCP_CONTAINER_NAME }} . | |
| gcloud builds submit --tag gcr.io/iso3166-updates/${{ secrets.GCP_CONTAINER_NAME }} | |
| gcloud beta run deploy ${{ secrets.GCP_CLOUD_RUN_NAME }} --image gcr.io/iso3166-updates/${{ secrets.GCP_CONTAINER_NAME }} \ | |
| --region ${{ secrets.GCP_REGION }} --platform managed --memory 1024M --timeout 2700 --allow-unauthenticated \ | |
| --service-account ${{ secrets.GCP_SA_EMAIL}} --update-env-vars BUCKET_NAME=${{ secrets.GCP_BUCKET_NAME }},BLOB_NAME=${{ secrets.GCP_BLOB_NAME }}, \ | |
| ARCHIVE_FOLDER=${{ secrets.GCP_ARCHIVE_FOLDER }},GITHUB_OWNER=${{ secrets.REPO_OWNER }},GITHUB_REPOS=${{ secrets.REPOs }},\ | |
| GITHUB_API_TOKEN=${{ secrets.REPO_API_TOKEN }},MONTH_RANGE=12,CREATE_ISSUE=1,EXPORT=1,EXPORT_CSV=1 | |
| curl $(gcloud run services describe ${{ secrets.GCP_CLOUD_RUN_NAME }} --platform managed --region ${{ secrets.GCP_REGION }} --format 'value(status.url)') | |
| gcloud run services delete ${{ secrets.GCP_CLOUD_RUN_NAME }} | |
| #https://github.com/google-github-actions/auth/blob/main/docs/TROUBLESHOOTING.md | |
| #https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions |