Skip to content

Commit

Permalink
fix(deploy): do not allow public access to prod
Browse files Browse the repository at this point in the history
  • Loading branch information
@gustavovalverde
gustavovalverde committed Jul 15, 2024
1 parent 1e27601 commit 4652db3
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions .github/workflows/sub-cloudrun-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,10 +118,11 @@ jobs:
--set-cloudsql-instances=${{ vars.CLOUDSQL_INSTANCE }}
--add-volume=name=files,type=in-memory
--add-volume-mount=volume=files,mount-path=/app/data
--network=projects/zfnd-dev-net-spoke-0/global/networks/dev-spoke-0
--subnet=projects/zfnd-dev-net-spoke-0/regions/us-east1/subnetworks/dev-default-ue1
--network=${{ vars.GCP_NETWORK }}
--subnet=${{ vars.GCP_SUBNETWORK }}
- name: Allow unauthenticated calls to the service
if: ${{ inputs.environment != 'prod' }}
run: |
gcloud run services add-iam-policy-binding ${{ inputs.app_name }}-${{ needs.versioning.outputs.version || env.GITHUB_HEAD_REF_SLUG || inputs.environment }} \
--region=${{ inputs.region }} --member=allUsers --role=roles/run.invoker --quiet
Expand Down

0 comments on commit 4652db3

Please sign in to comment.