1berry/AFFiNE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add missing annotation to apps serviceAccount (#10484)

Browse Source
This commit is contained in:
LongYinan 2025-02-27 17:34:00 +08:00 committed by GitHub
parent 4c736bc190
commit fc4a716ef1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.github/actions/deploy/deploy.mjs vendored
View File

@ -25,6 +25,7 @@ const {
AFFINE_GOOGLE_CLIENT_ID, AFFINE_GOOGLE_CLIENT_ID,
AFFINE_GOOGLE_CLIENT_SECRET, AFFINE_GOOGLE_CLIENT_SECRET,
CLOUD_SQL_IAM_ACCOUNT, CLOUD_SQL_IAM_ACCOUNT,
APP_IAM_ACCOUNT,
GCLOUD_CONNECTION_NAME, GCLOUD_CONNECTION_NAME,
GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT, GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT,
REDIS_HOST, REDIS_HOST,
@ -99,16 +100,22 @@ const createHelmCommand = ({ isDryRun }) => {
`--set-string global.redis.password="${REDIS_PASSWORD}"`, `--set-string global.redis.password="${REDIS_PASSWORD}"`,
] ]
: []; : [];
const serviceAnnotations = const serviceAnnotations = [
`--set-json web.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
`--set-json graphql.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
`--set-json sync.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
`--set-json doc.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
].concat(
isProduction || isBeta || isInternal isProduction || isBeta || isInternal
? [ ? [
`--set-json web.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`, `--set-json web.service.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
`--set-json graphql.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`, `--set-json graphql.service.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
`--set-json sync.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`, `--set-json sync.service.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
`--set-json cloud-sql-proxy.serviceAccount.annotations=\"{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_SQL_IAM_ACCOUNT}\\" }\"`, `--set-json cloud-sql-proxy.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_SQL_IAM_ACCOUNT}\\" }"`,
`--set-json cloud-sql-proxy.nodeSelector=\"{ \\"iam.gke.io/gke-metadata-server-enabled\\": \\"true\\" }\"`, `--set-json cloud-sql-proxy.nodeSelector="{ \\"iam.gke.io/gke-metadata-server-enabled\\": \\"true\\" }"`,
] ]
: []; : []
);
const cpu = cpuConfig[buildType]; const cpu = cpuConfig[buildType];
const resources = cpu const resources = cpu
@ -136,7 +143,7 @@ const createHelmCommand = ({ isDryRun }) => {
`--namespace ${namespace}`, `--namespace ${namespace}`,
`--set-string global.app.buildType="${buildType}"`, `--set-string global.app.buildType="${buildType}"`,
`--set global.ingress.enabled=true`, `--set global.ingress.enabled=true`,
`--set-json global.ingress.annotations=\"{ \\"kubernetes.io/ingress.class\\": \\"gce\\", \\"kubernetes.io/ingress.allow-http\\": \\"true\\", \\"kubernetes.io/ingress.global-static-ip-name\\": \\"${STATIC_IP_NAME}\\" }\"`, `--set-json global.ingress.annotations="{ \\"kubernetes.io/ingress.class\\": \\"gce\\", \\"kubernetes.io/ingress.allow-http\\": \\"true\\", \\"kubernetes.io/ingress.global-static-ip-name\\": \\"${STATIC_IP_NAME}\\" }"`,
`--set-string global.ingress.host="${host}"`, `--set-string global.ingress.host="${host}"`,
`--set global.objectStorage.r2.enabled=true`, `--set global.objectStorage.r2.enabled=true`,
`--set-string global.objectStorage.r2.accountId="${R2_ACCOUNT_ID}"`, `--set-string global.objectStorage.r2.accountId="${R2_ACCOUNT_ID}"`,

1
.github/workflows/deploy.yml vendored
View File

@ -116,6 +116,7 @@ jobs:
REDIS_HOST: ${{ secrets.REDIS_HOST }} REDIS_HOST: ${{ secrets.REDIS_HOST }}
REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }} REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }}
CLOUD_SQL_IAM_ACCOUNT: ${{ secrets.CLOUD_SQL_IAM_ACCOUNT }} CLOUD_SQL_IAM_ACCOUNT: ${{ secrets.CLOUD_SQL_IAM_ACCOUNT }}
APP_IAM_ACCOUNT: ${{ secrets.APP_IAM_ACCOUNT }}
STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }} STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }}
STRIPE_WEBHOOK_KEY: ${{ secrets.STRIPE_WEBHOOK_KEY }} STRIPE_WEBHOOK_KEY: ${{ secrets.STRIPE_WEBHOOK_KEY }}
STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }} STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }}

2
.github/workflows/sync-i18n.yml vendored
View File

@ -53,7 +53,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
ref: l10n_crowdin_translations ref: l10n_crowdin_translations
- name: Setup Node.js - name: Setup Node.js
uses: ./.github/actions/setup-node uses: ./.github/actions/setup-node
with: with:

2
.prettierignore
View File

@ -1,7 +1,7 @@
# we will make this file shared by prettier|eslint|oxlint # we will make this file shared by prettier|eslint|oxlint
**/node_modules **/node_modules
.yarn .yarn
.github .github/helm
.vscode .vscode
.yarnrc.yml .yarnrc.yml
.docker .docker

2
tsconfig.eslint.json
View File

@ -3,7 +3,7 @@
"compilerOptions": { "compilerOptions": {
"allowJs": true "allowJs": true
}, },
"include": ["."], "include": [".", ".github/actions/*/*.mjs"],
"exclude": [ "exclude": [
"**/target", "**/target",
"**/node_modules", "**/node_modules",