Skip to content

Commit c58c551

Browse files
SamyPesseSamyPesse
authored
Simplify envs management for deployments (#2943)
1 parent f574858 commit c58c551

File tree

9 files changed

+127
-126
lines changed

9 files changed

+127
-126
lines changed

.github/composite/deploy-cloudflare/action.yaml

Lines changed: 24 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -1,51 +1,24 @@
11
name: 'Deploy cloudflare'
22
description: 'Deploy GitBook to Cloudflare'
33
inputs:
4+
opItem:
5+
description: '1Password item to load secrets from'
6+
required: true
7+
opServiceAccount:
8+
description: '1Password service account token'
9+
required: true
410
apiToken:
511
description: 'Cloudflare API token'
612
required: true
713
accountId:
814
description: 'Cloudflare account ID'
915
required: true
1016
environment:
11-
description: 'Environment to deploy to'
17+
description: 'Cloudflare environment to deploy to (staging, production, preview)'
1218
required: true
1319
deploy:
1420
description: 'Deploy as main version for all traffic instead of uploading versions'
1521
required: true
16-
NEXT_SERVER_ACTIONS_ENCRYPTION_KEY:
17-
description: 'Next server actions encryption key'
18-
required: true
19-
GITBOOK_URL:
20-
description: 'GitBook URL'
21-
required: true
22-
GITBOOK_SECRET:
23-
description: 'GitBook secret'
24-
required: true
25-
GITBOOK_APP_URL:
26-
description: 'GitBook app URL'
27-
required: false
28-
GITBOOK_API_URL:
29-
description: 'GitBook API URL'
30-
required: false
31-
GITBOOK_INTEGRATIONS_HOST:
32-
description: 'GitBook integrations host'
33-
required: false
34-
GITBOOK_IMAGE_RESIZE_SIGNING_KEY:
35-
description: 'GitBook image resize signing key'
36-
required: true
37-
GITBOOK_IMAGE_RESIZE_URL:
38-
description: 'GitBook image resize URL'
39-
required: true
40-
GITBOOK_ICONS_URL:
41-
description: 'GitBook icons URL'
42-
required: true
43-
GITBOOK_ICONS_TOKEN:
44-
description: 'GitBook icons token'
45-
required: true
46-
GITBOOK_ASSETS_PREFIX:
47-
description: 'GitBook assets prefix'
48-
required: false
4922
outputs:
5023
deployment-url:
5124
description: "Deployment URL"
@@ -60,21 +33,25 @@ runs:
6033
shell: bash
6134
env:
6235
PUPPETEER_SKIP_DOWNLOAD: 1
36+
- name: Load secret
37+
uses: 1password/load-secrets-action@v2
38+
env:
39+
OP_SERVICE_ACCOUNT_TOKEN: ${{ inputs.opServiceAccount }}
40+
GITBOOK_URL: ${{ inputs.opItem }}/GITBOOK_URL
41+
GITBOOK_ICONS_URL: ${{ inputs.opItem }}/GITBOOK_ICONS_URL
42+
GITBOOK_ICONS_TOKEN: ${{ inputs.opItem }}/GITBOOK_ICONS_TOKEN
43+
NEXT_SERVER_ACTIONS_ENCRYPTION_KEY: ${{ inputs.opItem }}/NEXT_SERVER_ACTIONS_ENCRYPTION_KEY
44+
GITBOOK_SECRET: ${{ inputs.opItem }}/GITBOOK_SECRET
45+
GITBOOK_APP_URL: ${{ inputs.opItem }}/GITBOOK_APP_URL
46+
GITBOOK_API_URL: ${{ inputs.opItem }}/GITBOOK_API_URL
47+
GITBOOK_API_TOKEN: ${{ inputs.opItem }}/GITBOOK_API_TOKEN
48+
GITBOOK_INTEGRATIONS_HOST: ${{ inputs.opItem }}/GITBOOK_INTEGRATIONS_HOST
49+
GITBOOK_IMAGE_RESIZE_SIGNING_KEY: ${{ inputs.opItem }}/GITBOOK_IMAGE_RESIZE_SIGNING_KEY
50+
GITBOOK_IMAGE_RESIZE_URL: ${{ inputs.opItem }}/GITBOOK_IMAGE_RESIZE_URL
51+
GITBOOK_ASSETS_PREFIX: ${{ inputs.opItem }}/GITBOOK_ASSETS_PREFIX
6352
- name: Build worker
6453
run: bun run turbo build:v2:cloudflare
6554
shell: bash
66-
env:
67-
NEXT_SERVER_ACTIONS_ENCRYPTION_KEY: ${{ inputs.NEXT_SERVER_ACTIONS_ENCRYPTION_KEY }}
68-
GITBOOK_URL: ${{ inputs.GITBOOK_URL }}
69-
GITBOOK_SECRET: ${{ inputs.GITBOOK_SECRET }}
70-
GITBOOK_APP_URL: ${{ inputs.GITBOOK_APP_URL }}
71-
GITBOOK_API_URL: ${{ inputs.GITBOOK_API_URL }}
72-
GITBOOK_INTEGRATIONS_HOST: ${{ inputs.GITBOOK_INTEGRATIONS_HOST }}
73-
GITBOOK_IMAGE_RESIZE_SIGNING_KEY: ${{ inputs.GITBOOK_IMAGE_RESIZE_SIGNING_KEY }}
74-
GITBOOK_IMAGE_RESIZE_URL: ${{ inputs.GITBOOK_IMAGE_RESIZE_URL }}
75-
GITBOOK_ICONS_URL: ${{ inputs.GITBOOK_ICONS_URL }}
76-
GITBOOK_ICONS_TOKEN: ${{ inputs.GITBOOK_ICONS_TOKEN }}
77-
GITBOOK_ASSETS_PREFIX: ${{ inputs.GITBOOK_ASSETS_PREFIX }}
7855
- id: deploy
7956
name: Deploy to Cloudflare
8057
uses: cloudflare/[email protected]
@@ -84,7 +61,7 @@ runs:
8461
workingDirectory: ./
8562
wranglerVersion: '3.112.0'
8663
environment: ${{ inputs.environment }}
87-
command: ${{ inputs.deploy && 'deploy' || 'versions upload' }} --config ./packages/gitbook-v2/wrangler.toml
64+
command: ${{ fromJSON(inputs.deploy) == true && 'deploy' || 'versions upload' }} --config ./packages/gitbook-v2/wrangler.toml
8865
- name: Outputs
8966
shell: bash
9067
env:

.github/composite/deploy-vercel/action.yaml

Lines changed: 33 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,21 @@
11
name: 'Deploy vercel'
22
description: 'Deploy GitBook to Vercel'
33
inputs:
4-
vercel-org:
4+
vercelOrg:
55
description: 'Vercel organization'
66
required: true
7-
vercel-project:
7+
vercelProject:
88
description: 'Vercel project'
99
required: true
10-
vercel-token:
10+
vercelToken:
1111
description: 'Vercel token'
1212
required: true
13+
opItem:
14+
description: '1Password item to load secrets from'
15+
required: true
16+
opServiceAccount:
17+
description: '1Password service account token'
18+
required: true
1319
environment:
1420
description: 'Environment to deploy to'
1521
required: true
@@ -27,31 +33,42 @@ runs:
2733
shell: bash
2834
env:
2935
PUPPETEER_SKIP_DOWNLOAD: 1
30-
- name: Sets env vars for environment
31-
shell: bash
32-
run: |
33-
echo "VERCEL_ENVIRONMENT=${{ inputs.environment }}" >> $GITHUB_ENV
3436
- name: Pull Vercel Environment Information
35-
run: bun run vercel pull --yes --environment=$VERCEL_ENVIRONMENT --token=${{ inputs.vercel-token }}
37+
run: bun run vercel pull --yes --environment=${{ inputs.environment }} --token=${{ inputs.vercelToken }}
3638
shell: bash
3739
env:
38-
VERCEL_ORG_ID: ${{ inputs.vercel-org }}
39-
VERCEL_PROJECT_ID: ${{ inputs.vercel-project }}
40+
VERCEL_ORG_ID: ${{ inputs.vercelOrg }}
41+
VERCEL_PROJECT_ID: ${{ inputs.vercelProject }}
42+
- name: Load secret
43+
uses: 1password/load-secrets-action@v2
44+
env:
45+
OP_SERVICE_ACCOUNT_TOKEN: ${{ inputs.opServiceAccount }}
46+
GITBOOK_URL: ${{ inputs.opItem }}/GITBOOK_URL
47+
GITBOOK_ICONS_URL: ${{ inputs.opItem }}/GITBOOK_ICONS_URL
48+
GITBOOK_ICONS_TOKEN: ${{ inputs.opItem }}/GITBOOK_ICONS_TOKEN
49+
GITBOOK_SECRET: ${{ inputs.opItem }}/GITBOOK_SECRET
50+
GITBOOK_APP_URL: ${{ inputs.opItem }}/GITBOOK_APP_URL
51+
GITBOOK_API_URL: ${{ inputs.opItem }}/GITBOOK_API_URL
52+
GITBOOK_API_TOKEN: ${{ inputs.opItem }}/GITBOOK_API_TOKEN
53+
GITBOOK_INTEGRATIONS_HOST: ${{ inputs.opItem }}/GITBOOK_INTEGRATIONS_HOST
54+
GITBOOK_IMAGE_RESIZE_SIGNING_KEY: ${{ inputs.opItem }}/GITBOOK_IMAGE_RESIZE_SIGNING_KEY
55+
GITBOOK_IMAGE_RESIZE_URL: ${{ inputs.opItem }}/GITBOOK_IMAGE_RESIZE_URL
56+
GITBOOK_ASSETS_PREFIX: ${{ inputs.opItem }}/GITBOOK_ASSETS_PREFIX
4057
- name: Build Project Artifacts
41-
run: bun run vercel build --target=$VERCEL_ENVIRONMENT --token=${{ inputs.vercel-token }}
58+
run: bun run vercel build --target=${{ inputs.environment }} --token=${{ inputs.vercelToken }}
4259
shell: bash
4360
env:
44-
VERCEL_ORG_ID: ${{ inputs.vercel-org }}
45-
VERCEL_PROJECT_ID: ${{ inputs.vercel-project }}
61+
VERCEL_ORG_ID: ${{ inputs.vercelOrg }}
62+
VERCEL_PROJECT_ID: ${{ inputs.vercelProject }}
4663
- name: Deploy Project Artifacts to Vercel
4764
id: deploy
4865
shell: bash
4966
run: |
50-
DEPLOYMENT_URL=$(bun run vercel deploy --prebuilt --target=$VERCEL_ENVIRONMENT --token=${{ inputs.vercel-token }})
67+
DEPLOYMENT_URL=$(bun run vercel deploy --prebuilt --target=${{ inputs.environment }} --token=${{ inputs.vercelToken }})
5168
echo "deployment-url=$DEPLOYMENT_URL" >> "$GITHUB_OUTPUT"
5269
env:
53-
VERCEL_ORG_ID: ${{ inputs.vercel-org }}
54-
VERCEL_PROJECT_ID: ${{ inputs.vercel-project }}
70+
VERCEL_ORG_ID: ${{ inputs.vercelOrg }}
71+
VERCEL_PROJECT_ID: ${{ inputs.vercelProject }}
5572
- name: Outputs
5673
shell: bash
5774
run: |

.github/workflows/deploy-preview.yaml

Lines changed: 20 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,9 @@ jobs:
1010
deploy-v1-cloudflare:
1111
name: Deploy v1 to Cloudflare Pages
1212
runs-on: ubuntu-latest
13+
environment:
14+
name: ${{ github.ref == 'refs/heads/main' && '1c-production' || '1c-preview' }}
15+
url: ${{ steps.deploy.outputs.deployment-url }}
1316
permissions:
1417
contents: read
1518
deployments: write
@@ -63,56 +66,45 @@ jobs:
6366
deploy-v2-vercel:
6467
name: Deploy v2 to Vercel (preview)
6568
runs-on: ubuntu-latest
66-
permissions:
67-
contents: read
68-
deployments: write
69-
issues: write
70-
pull-requests: write
71-
checks: write
72-
statuses: write
69+
environment:
70+
name: 2v-preview
71+
url: ${{ steps.deploy.outputs.deployment-url }}
7372
outputs:
7473
deployment-url: ${{ steps.deploy.outputs.deployment-url }}
7574
steps:
7675
- name: Checkout
7776
uses: actions/checkout@v4
78-
- name: Deploy ${{ github.ref == 'refs/heads/main' && 'production' || 'preview' }}
77+
- name: Deploy to Vercel
7978
id: deploy
8079
uses: ./.github/composite/deploy-vercel
8180
with:
82-
environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'preview' }}
83-
vercel-org: ${{ secrets.VERCEL_ORG_ID }}
84-
vercel-project: ${{ secrets.VERCEL_PROJECT_ID }}
85-
vercel-token: ${{ secrets.VERCEL_TOKEN }}
81+
environment: preview
82+
vercelOrg: ${{ secrets.VERCEL_ORG_ID }}
83+
vercelProject: ${{ secrets.VERCEL_PROJECT_ID }}
84+
vercelToken: ${{ secrets.VERCEL_TOKEN }}
85+
opItem: op://gitbook-open/2v-preview
86+
opServiceAccount: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
8687
deploy-v2-cloudflare:
8788
name: Deploy v2 to Cloudflare Worker (preview)
8889
runs-on: ubuntu-latest
89-
permissions:
90-
contents: read
91-
deployments: write
92-
issues: write
93-
pull-requests: write
94-
checks: write
95-
statuses: write
90+
environment:
91+
name: 2c-preview
92+
url: ${{ steps.deploy.outputs.deployment-url }}
9693
outputs:
9794
deployment-url: ${{ steps.deploy.outputs.deployment-url }}
9895
steps:
9996
- name: Checkout
10097
uses: actions/checkout@v4
101-
- name: Deploy ${{ github.ref == 'refs/heads/main' && 'production' || 'preview' }}
98+
- name: Deploy to Cloudflare
10299
id: deploy
103100
uses: ./.github/composite/deploy-cloudflare
104101
with:
105-
environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'preview' }}
102+
environment: preview
106103
deploy: ${{ github.ref == 'refs/heads/main' }}
107104
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
108105
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
109-
NEXT_SERVER_ACTIONS_ENCRYPTION_KEY: ${{ secrets.NEXT_SERVER_ACTIONS_ENCRYPTION_KEY }}
110-
GITBOOK_URL: ${{ github.ref == 'refs/heads/main' && vars.PRODUCTION_2C_GITBOOK_URL || vars.PREVIEW_2C_GITBOOK_URL }}
111-
GITBOOK_IMAGE_RESIZE_SIGNING_KEY: ${{ secrets.PREVIEW_GITBOOK_IMAGE_RESIZE_SIGNING_KEY }}
112-
GITBOOK_IMAGE_RESIZE_URL: ${{ vars.GITBOOK_IMAGE_RESIZE_URL }}
113-
GITBOOK_ICONS_URL: ${{ vars.GITBOOK_ICONS_URL }}
114-
GITBOOK_ICONS_TOKEN: ${{ vars.GITBOOK_ICONS_TOKEN }}
115-
GITBOOK_SECRET: ${{ github.ref == 'refs/heads/main' && secrets.PRODUCTION_GITBOOK_SECRET|| '' }}
106+
opItem: op://gitbook-open/2c-preview
107+
opServiceAccount: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
116108
- name: Outputs
117109
run: |
118110
echo "URL: ${{ steps.deploy.outputs.deployment-url }}"

.github/workflows/deploy-production.yaml

Lines changed: 15 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ jobs:
99
deploy-v2-vercel:
1010
name: Deploy v2 to Vercel (production)
1111
runs-on: ubuntu-latest
12+
environment:
13+
name: 2v-production
14+
url: ${{ steps.deploy.outputs.deployment-url }}
1215
outputs:
1316
deployment-url: ${{ steps.deploy.outputs.deployment-url }}
1417
steps:
@@ -18,13 +21,18 @@ jobs:
1821
id: deploy
1922
uses: ./.github/composite/deploy-vercel
2023
with:
21-
environment: production
22-
vercel-org: ${{ secrets.VERCEL_ORG_ID }}
23-
vercel-project: ${{ secrets.VERCEL_PROJECT_ID }}
24-
vercel-token: ${{ secrets.VERCEL_TOKEN }}
24+
environment: production
25+
vercelOrg: ${{ secrets.VERCEL_ORG_ID }}
26+
vercelProject: ${{ secrets.VERCEL_PROJECT_ID }}
27+
vercelToken: ${{ secrets.VERCEL_TOKEN }}
28+
opItem: op://gitbook-open/2v-production
29+
opServiceAccount: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
2530
deploy-v2-cloudflare:
2631
name: Deploy v2 to Cloudflare Worker (production)
2732
runs-on: ubuntu-latest
33+
environment:
34+
name: 2c-production
35+
url: ${{ steps.deploy.outputs.deployment-url }}
2836
outputs:
2937
deployment-url: ${{ steps.deploy.outputs.deployment-url }}
3038
steps:
@@ -34,16 +42,11 @@ jobs:
3442
id: deploy
3543
uses: ./.github/composite/deploy-cloudflare
3644
with:
37-
environment: staging
45+
environment: production
3846
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
3947
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
40-
NEXT_SERVER_ACTIONS_ENCRYPTION_KEY: ${{ secrets.NEXT_SERVER_ACTIONS_ENCRYPTION_KEY }}
41-
GITBOOK_URL: ${{ vars.STAGING_2C_GITBOOK_URL }}
42-
GITBOOK_IMAGE_RESIZE_SIGNING_KEY: ${{ secrets.STAGING_GITBOOK_IMAGE_RESIZE_SIGNING_KEY }}
43-
GITBOOK_IMAGE_RESIZE_URL: ${{ vars.GITBOOK_IMAGE_RESIZE_URL }}
44-
GITBOOK_ICONS_URL: ${{ vars.GITBOOK_ICONS_URL }}
45-
GITBOOK_ICONS_TOKEN: ${{ vars.GITBOOK_ICONS_TOKEN }}
46-
GITBOOK_ASSETS_PREFIX: ${{ vars.STAGING_2C_GITBOOK_ASSETS_PREFIX }}
48+
opItem: op://gitbook-open/2c-production
49+
opServiceAccount: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
4750
- name: Outputs
4851
run: |
4952
echo "URL: ${{ steps.deploy.outputs.deployment-url }}"

.github/workflows/deploy-staging.yaml

Lines changed: 14 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ jobs:
99
deploy-v2-vercel:
1010
name: Deploy v2 to Vercel (staging)
1111
runs-on: ubuntu-latest
12+
environment:
13+
name: 2v-staging
14+
url: ${{ steps.deploy.outputs.deployment-url }}
1215
outputs:
1316
deployment-url: ${{ steps.deploy.outputs.deployment-url }}
1417
steps:
@@ -18,13 +21,18 @@ jobs:
1821
id: deploy
1922
uses: ./.github/composite/deploy-vercel
2023
with:
21-
environment: staging
22-
vercel-org: ${{ secrets.VERCEL_ORG_ID }}
23-
vercel-project: ${{ secrets.VERCEL_PROJECT_ID }}
24-
vercel-token: ${{ secrets.VERCEL_TOKEN }}
24+
environment: staging
25+
vercelOrg: ${{ secrets.VERCEL_ORG_ID }}
26+
vercelProject: ${{ secrets.VERCEL_PROJECT_ID }}
27+
vercelToken: ${{ secrets.VERCEL_TOKEN }}
28+
opItem: op://gitbook-open/2v-staging
29+
opServiceAccount: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
2530
deploy-v2-cloudflare:
2631
name: Deploy v2 to Cloudflare Worker (staging)
2732
runs-on: ubuntu-latest
33+
environment:
34+
name: 2c-staging
35+
url: ${{ steps.deploy.outputs.deployment-url }}
2836
outputs:
2937
deployment-url: ${{ steps.deploy.outputs.deployment-url }}
3038
steps:
@@ -38,17 +46,8 @@ jobs:
3846
deploy: true
3947
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
4048
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
41-
NEXT_SERVER_ACTIONS_ENCRYPTION_KEY: ${{ secrets.NEXT_SERVER_ACTIONS_ENCRYPTION_KEY }}
42-
GITBOOK_URL: ${{ vars.STAGING_2C_GITBOOK_URL }}
43-
GITBOOK_SECRET: ${{ secrets.STAGING_GITBOOK_SECRET }}
44-
GITBOOK_APP_URL: https://app.gitbook-staging.com
45-
GITBOOK_API_URL: https://api.gitbook-staging.com
46-
GITBOOK_INTEGRATIONS_HOST: https://integrations.gitbook-staging.com
47-
GITBOOK_IMAGE_RESIZE_SIGNING_KEY: ${{ secrets.STAGING_GITBOOK_IMAGE_RESIZE_SIGNING_KEY }}
48-
GITBOOK_IMAGE_RESIZE_URL: ${{ vars.GITBOOK_IMAGE_RESIZE_URL }}
49-
GITBOOK_ICONS_URL: ${{ vars.GITBOOK_ICONS_URL }}
50-
GITBOOK_ICONS_TOKEN: ${{ vars.GITBOOK_ICONS_TOKEN }}
51-
GITBOOK_ASSETS_PREFIX: ${{ vars.STAGING_2C_GITBOOK_ASSETS_PREFIX }}
49+
opItem: op://gitbook-open/2c-staging
50+
opServiceAccount: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
5251
- name: Outputs
5352
run: |
5453
echo "URL: ${{ steps.deploy.outputs.deployment-url }}"

0 commit comments

Comments
 (0)