A template project for a web front end with a RESTful service in the backend.
A Web based front end
$ cd react-ui
See react-ui for details.
See Spring Boot API for details.
This project leverages GitHub Actions, Google Cloud and Firebase for builds and deployments.
Additionally, Auth0 is used for authentication. A target application on the Auth0 platform must be created and configured in GitHub Secrets as a pre-requisite.
This template project uses Cloud SQL to host a PostreSQL instance for the cloud hosted app deployment. An alternative location may also be configured.
In order to use the GitHub Action workflows, the database instance must already exist and the following steps must be completed:
- Enable the Cloud SQL Admin API
- Ensure the service account has access to the database
These secrets are required in the GitHub repository for use in the workflows:
| Key | Description |
|---|---|
| GCP_PROJECT | The globally unique Google Cloud project id where the application will be deployed. |
| GCP_CREDENTIALS | This should be a service account key. See Creating and managing service account keys for details. |
| GCP_REGION | The Google Cloud Region to deploy where the application will be deployed. Currently, it assumes only a single region. |
| FIREBASE_TOKEN | A Firebase Auth token used to interact with firebase. See Use the Firebase CLI with CI systems. |
| UI_HOSTNAME | The fully qualified domain name for the web based front end. |
| API_HOSTNAME | The fully qualified domain name for the API. |
| AUTH0_CLIENT_ID | The client id of the Auth0 application. |
| AUTH0_DOMAIN | The fully qualified domain name hosted by Auth0. |
| AUTH0_AUDIENCE | The audience value of an Auth0 API. |
The Google Cloud service account will require some IAM permissions:
| Permission | Description |
|---|---|
| Cloud Run: Cloud Run Admin | Allows deployment of containers to Cloud Run. |
| Cloud Build: Cloud Build Service Account | Allows use of Cloud Build to build API images and push them to Container Registry. |
| Cloud Build: Cloud Build Editor | Needed to access the Cloud Build logs as described in Missing permissions on cloud container builder role. |
| Cloud SQL: Cloud SQL Client | Allow connections to Cloud SQL databases. |
| Project: Viewer | Needed to access the Cloud Build logs as described in Missing permissions on cloud container builder role. |
Additionally, the Compute Engine default service user (project-id-compute@developer.gserviceaccount.com) will need the ability to run as the service account used in the GitHub Actions. See Cloud Run IAM Roles for details.
For deployment, some DNS entries are needed for each deployed component:
| Purpose | Type | Name | Data |
|---|---|---|---|
| Static Content hosted by Firebase | A |
www.example.com |
151.101.1.195 |
| Static Content hosted by Firebase | A |
www.example.com |
151.101.65.195 |
| API in Cloud Run | CNAME |
api.example.com |
ghs.googlehosted.com |
In the case of the API, custom domains for Cloud Run are in beta and cannot be configured until after the service is deployed for the first time. See Mapping custom domains for details.