Skip to content

Automatic Deployment

Jump to bottom
Dakshika Srivastava edited this page Mar 8, 2020 · 1 revision

The ACC website uses the GitHub API to retrieve data about each project (including its members, its category, the tools used, etc). Once the user’s device loads the /projects page, the project data is cached for 24 hours. However, each redeployment kills the /projects page (for 24 hours) and makes another API call, thus increasing the number of calls made.

For this reason, we use an API key / GitHub token (Creating a personal access token), which is created using the ACC account, with certain specific permissions / scopes. This key holds sensitive information and shouldn’t be added to the code published on GitHub. Therefore, this key is temporarily inserted into the app.yaml file during deployment and does not need to be made public.

A GitHub action workflow is used to automate the deployment process. Any time a change is pushed to master (which essentially means that a branch is merged with master), the website is re-deployed and the changes get reflected on the actual website.

A Google Cloud service account was set up (and its key was also generated) and this account was given the following 4 permissions for auto-deploying:

  • App Engine Deployer
  • App Engine Service Admin
  • Cloud Build Service Admin
  • Storage Admin

The workflow we use is a gae_action (gae meaning Google App Engine) created by another GitHub user (see repo here). Points to be noted:

  • The service account key should be stored in JSON format and will later have to be converted to a base-64 string (the command to do so is base64 -i FILENAME.json).
  • The gae_action will rewrite your service_account_key (read below) secret into a JSON file so don’t worry about that. Our workflow is called deploy.yml and deploys the correctly uploaded code.

One catch: Correctly uploaded code would be something that has passed all the checks (do npm run fix if your code’s standard styling format is incorrect) when it is pushed and then merged into the master after review.

We created GitHub secrets for all the 4 variables used in the workflow, namely

  • service_account_email (the email id for the Google Cloud service account)
  • service_account_key (the above mentioned service account’s key)
  • project_id (the project id for the GCP project you’re using)
  • gae_variables (these would be inserted into app.yaml during deployment and would in this case, be just the one, GITHUB_TOKEN) and encrypted them with the respective information. These secrets were then inserted into the workflow.

In case the deployment fails, make sure that your code is correct. You can look in the .github/workflows directory and find deploy.yml to see what checks are being run on your code and then make the necessary rectifications.

Once all the checks are passed, the website will be deployed in a few seconds!

Clone this wiki locally