Merge pull request 0xPolygon#2596 from 0xPolygon/SPEC-889-Add-github-workflow-to-publish-docker-img

GCP Deployment for docker image updated.

Author: sshrihar

.github/workflows/build_and_deploy_gcp.yml

@@ -0,0 +1,88 @@
+on:
+  workflow_call:
+    inputs:
+      environment:
+        required: false
+        type: string
+        default: "dev"
+      core_app:
+        required: false
+        type: string
+        description: "Core app name"
+        default: "polygon-docs"
+
+env:
+  REGISTRY: europe-west2-docker.pkg.dev/prj-polygonlabs-shared-prod/polygonlabs-docker-prod
+  IMAGE_NAME: ${{ inputs.core_app }}
+  OIDC_PROVIDER: projects/23849419004/locations/global/workloadIdentityPools/polygonlabs-shared-prod/providers/oidc-shared-prod
+  OIDC_SERVICE_ACCOUNT: shared-prod-oidc-sa@prj-polygonlabs-shared-prod.iam.gserviceaccount.com
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  build_and_deploy:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
+    steps:
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Install pipenv
+        run: pip install pipenv
+
+      - name: Checkout Code Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Authenticate GitHub CLI
+        run: gh auth login --with-token <<< "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Build Site
+        run: |
+          python build_branches.py -env "${{ inputs.environment }}"
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Authenticate with GCP via OIDC
+        uses: google-github-actions/auth@v2
+        with:
+          token_format: access_token
+          workload_identity_provider: ${{ env.OIDC_PROVIDER }}
+          service_account: ${{ env.OIDC_SERVICE_ACCOUNT }}
+
+      - name: Configure Artifact Registry authentication
+        run: |
+          echo '{"credHelpers": {"europe-west2-docker.pkg.dev": "gcloud"}}' > ~/.docker/config.json
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+          flavor: |
+            latest=false
+
+      - name: Push to GCP Artifact Registry
+        uses: docker/build-push-action@v6
+        with:
+          file: ${{ inputs.dockerfile_path }}
+          context: ${{ inputs.dockerfile_context }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/deploy_gcp.yml

@@ -0,0 +1,34 @@
+name: Docs Deployment GCP
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+  push:
+    branches:
+      - dev
+      - main
+  workflow_dispatch:
+    inputs:
+      environment:
+        required: false
+        type: choice
+        description: "Select the environment to deploy to (only required for production deployment)"
+        options:
+          - staging
+          - prod
+
+jobs:
+  deploy:
+    if: |
+      (github.event_name == 'pull_request' && startsWith(github.head_ref, 'hosted/')) || 
+      (github.event_name == 'push' && github.ref == 'refs/heads/dev') || 
+      (github.event_name == 'push' && github.ref == 'refs/heads/main') || 
+      (github.event_name == 'workflow_dispatch' && inputs.environment == 'prod')
+    uses: ./.github/workflows/build_and_deploy_gcp.yml
+    with:
+      environment: ${{ inputs.environment || 
+                    (github.ref == 'refs/heads/dev' && 'dev') || 
+                    (github.ref == 'refs/heads/main' && 'staging') || 
+                    (github.event_name == 'pull_request' && 'dev') || 
+                    'dev' }}
+    secrets: inherit