Skip to content
Sync Cloud Run Env

Prepare LongBridge platform runtime config #13

Sign in to view logs

Prepare LongBridge platform runtime config

Prepare LongBridge platform runtime config #13

Workflow file for this run

.github/workflows/sync-cloud-run-env.yml at a92a8ae
name: Sync Cloud Run Env
on:
push:
branches: [ main ]
jobs:
sync-hk:
name: Sync HK Cloud Run Env
runs-on: ubuntu-latest
environment: longbridge-hk
env:
ENABLE_GITHUB_ENV_SYNC: ${{ vars.ENABLE_GITHUB_ENV_SYNC }}
# Set CLOUD_RUN_REGION per Environment so HK/SG can target different regions.
CLOUD_RUN_REGION: ${{ vars.CLOUD_RUN_REGION }}
CLOUD_RUN_SERVICE: ${{ vars.CLOUD_RUN_SERVICE }}
ACCOUNT_PREFIX: ${{ vars.ACCOUNT_PREFIX }}
SERVICE_NAME: ${{ vars.SERVICE_NAME }}
STRATEGY_PROFILE: ${{ vars.STRATEGY_PROFILE || 'semiconductor_rotation_income' }}
ACCOUNT_REGION: ${{ vars.ACCOUNT_REGION || 'HK' }}
LONGPORT_SECRET_NAME: ${{ vars.LONGPORT_SECRET_NAME }}
NOTIFY_LANG: ${{ vars.NOTIFY_LANG }}
GLOBAL_TELEGRAM_CHAT_ID: ${{ vars.GLOBAL_TELEGRAM_CHAT_ID }}
GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_TOKEN }}
LONGPORT_APP_KEY: ${{ secrets.LONGPORT_APP_KEY }}
LONGPORT_APP_SECRET: ${{ secrets.LONGPORT_APP_SECRET }}
steps:
- name: Check whether env sync is configured
id: config
run: |
set -euo pipefail
if [ "${ENABLE_GITHUB_ENV_SYNC:-}" != "true" ]; then
echo "enabled=false" >> "$GITHUB_OUTPUT"
echo "Skipping HK Cloud Run env sync because ENABLE_GITHUB_ENV_SYNC is not set to true." >&2
exit 0
fi
required_vars=(
CLOUD_RUN_REGION
CLOUD_RUN_SERVICE
ACCOUNT_PREFIX
SERVICE_NAME
LONGPORT_SECRET_NAME
NOTIFY_LANG
GLOBAL_TELEGRAM_CHAT_ID
GCP_SA_KEY
TELEGRAM_TOKEN
LONGPORT_APP_KEY
LONGPORT_APP_SECRET
)
missing_vars=()
for var_name in "${required_vars[@]}"; do
if [ -z "${!var_name:-}" ]; then
missing_vars+=("${var_name}")
fi
done
if [ "${#missing_vars[@]}" -gt 0 ]; then
echo "enabled=false" >> "$GITHUB_OUTPUT"
echo "HK Cloud Run env sync is enabled, but these values are missing:" >&2
echo " - If HK and SG run in different regions, set CLOUD_RUN_REGION on the longbridge-hk Environment." >&2
printf ' - %s\n' "${missing_vars[@]}" >&2
exit 1
fi
echo "enabled=true" >> "$GITHUB_OUTPUT"
- name: Authenticate to Google Cloud
id: auth
if: steps.config.outputs.enabled == 'true'
uses: google-github-actions/auth@v3
with:
credentials_json: ${{ env.GCP_SA_KEY }}
- name: Set up gcloud
if: steps.config.outputs.enabled == 'true'
uses: google-github-actions/setup-gcloud@v3
with:
project_id: ${{ steps.auth.outputs.project_id }}
version: ">= 416.0.0"
- name: Sync Cloud Run environment
if: steps.config.outputs.enabled == 'true'
run: |
set -euo pipefail
gcloud run services update "${CLOUD_RUN_SERVICE}" \
--region "${CLOUD_RUN_REGION}" \
--remove-env-vars "TELEGRAM_CHAT_ID" \
--update-env-vars "TELEGRAM_TOKEN=${TELEGRAM_TOKEN},GLOBAL_TELEGRAM_CHAT_ID=${GLOBAL_TELEGRAM_CHAT_ID},NOTIFY_LANG=${NOTIFY_LANG},LONGPORT_APP_KEY=${LONGPORT_APP_KEY},LONGPORT_APP_SECRET=${LONGPORT_APP_SECRET},LONGPORT_SECRET_NAME=${LONGPORT_SECRET_NAME},ACCOUNT_PREFIX=${ACCOUNT_PREFIX},SERVICE_NAME=${SERVICE_NAME},STRATEGY_PROFILE=${STRATEGY_PROFILE},ACCOUNT_REGION=${ACCOUNT_REGION}"
sync-sg:
name: Sync SG Cloud Run Env
runs-on: ubuntu-latest
environment: longbridge-sg
env:
ENABLE_GITHUB_ENV_SYNC: ${{ vars.ENABLE_GITHUB_ENV_SYNC }}
# Set CLOUD_RUN_REGION per Environment so HK/SG can target different regions.
CLOUD_RUN_REGION: ${{ vars.CLOUD_RUN_REGION }}
CLOUD_RUN_SERVICE: ${{ vars.CLOUD_RUN_SERVICE }}
ACCOUNT_PREFIX: ${{ vars.ACCOUNT_PREFIX }}
SERVICE_NAME: ${{ vars.SERVICE_NAME }}
STRATEGY_PROFILE: ${{ vars.STRATEGY_PROFILE || 'semiconductor_rotation_income' }}
ACCOUNT_REGION: ${{ vars.ACCOUNT_REGION || 'SG' }}
LONGPORT_SECRET_NAME: ${{ vars.LONGPORT_SECRET_NAME }}
NOTIFY_LANG: ${{ vars.NOTIFY_LANG }}
GLOBAL_TELEGRAM_CHAT_ID: ${{ vars.GLOBAL_TELEGRAM_CHAT_ID }}
GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_TOKEN }}
LONGPORT_APP_KEY: ${{ secrets.LONGPORT_APP_KEY }}
LONGPORT_APP_SECRET: ${{ secrets.LONGPORT_APP_SECRET }}
steps:
- name: Check whether env sync is configured
id: config
run: |
set -euo pipefail
if [ "${ENABLE_GITHUB_ENV_SYNC:-}" != "true" ]; then
echo "enabled=false" >> "$GITHUB_OUTPUT"
echo "Skipping SG Cloud Run env sync because ENABLE_GITHUB_ENV_SYNC is not set to true." >&2
exit 0
fi
required_vars=(
CLOUD_RUN_REGION
CLOUD_RUN_SERVICE
ACCOUNT_PREFIX
SERVICE_NAME
LONGPORT_SECRET_NAME
NOTIFY_LANG
GLOBAL_TELEGRAM_CHAT_ID
GCP_SA_KEY
TELEGRAM_TOKEN
LONGPORT_APP_KEY
LONGPORT_APP_SECRET
)
missing_vars=()
for var_name in "${required_vars[@]}"; do
if [ -z "${!var_name:-}" ]; then
missing_vars+=("${var_name}")
fi
done
if [ "${#missing_vars[@]}" -gt 0 ]; then
echo "enabled=false" >> "$GITHUB_OUTPUT"
echo "SG Cloud Run env sync is enabled, but these values are missing:" >&2
echo " - If HK and SG run in different regions, set CLOUD_RUN_REGION on the longbridge-sg Environment." >&2
printf ' - %s\n' "${missing_vars[@]}" >&2
exit 1
fi
echo "enabled=true" >> "$GITHUB_OUTPUT"
- name: Authenticate to Google Cloud
id: auth
if: steps.config.outputs.enabled == 'true'
uses: google-github-actions/auth@v3
with:
credentials_json: ${{ env.GCP_SA_KEY }}
- name: Set up gcloud
if: steps.config.outputs.enabled == 'true'
uses: google-github-actions/setup-gcloud@v3
with:
project_id: ${{ steps.auth.outputs.project_id }}
version: ">= 416.0.0"
- name: Sync Cloud Run environment
if: steps.config.outputs.enabled == 'true'
run: |
set -euo pipefail
gcloud run services update "${CLOUD_RUN_SERVICE}" \
--region "${CLOUD_RUN_REGION}" \
--remove-env-vars "TELEGRAM_CHAT_ID" \
--update-env-vars "TELEGRAM_TOKEN=${TELEGRAM_TOKEN},GLOBAL_TELEGRAM_CHAT_ID=${GLOBAL_TELEGRAM_CHAT_ID},NOTIFY_LANG=${NOTIFY_LANG},LONGPORT_APP_KEY=${LONGPORT_APP_KEY},LONGPORT_APP_SECRET=${LONGPORT_APP_SECRET},LONGPORT_SECRET_NAME=${LONGPORT_SECRET_NAME},ACCOUNT_PREFIX=${ACCOUNT_PREFIX},SERVICE_NAME=${SERVICE_NAME},STRATEGY_PROFILE=${STRATEGY_PROFILE},ACCOUNT_REGION=${ACCOUNT_REGION}"