I've fixed the following issues in your .github/workflows/google-cloudrun-docker.yml:
- ✅ Fixed branch name (removed extra quotes)
- ✅ Fixed double
$$syntax error - ✅ Fixed Docker build path (now uses
./backend) - ✅ Added environment variables for Cloud Run deployment
- ✅ Fixed output formatting
- ✅ Updated Dockerfile to use Python 3.11 (more stable)
Update these values in the workflow (lines 38-41):
env:
PROJECT_ID: 'YOUR-GCP-PROJECT-ID' # Change this
REGION: 'europe-west3' # Or your preferred region
SERVICE: 'hacknation-backend' # Or your service name
WORKLOAD_IDENTITY_PROVIDER: 'projects/YOUR-PROJECT-NUMBER/locations/global/workloadIdentityPools/github/providers/github-provider'In Google Cloud Console, enable:
- Artifact Registry API
- Cloud Run API
- IAM Credentials API
gcloud services enable artifactregistry.googleapis.com
gcloud services enable run.googleapis.com
gcloud services enable iamcredentials.googleapis.comgcloud artifacts repositories create hacknation-backend \
--repository-format=docker \
--location=europe-west3 \
--description="HackNation Backend Docker images"This allows GitHub Actions to authenticate to Google Cloud without service account keys:
# Create workload identity pool
gcloud iam workload-identity-pools create "github" \
--project="YOUR-PROJECT-ID" \
--location="global" \
--display-name="GitHub Actions Pool"
# Create workload identity provider
gcloud iam workload-identity-pools providers create-oidc "github-provider" \
--project="YOUR-PROJECT-ID" \
--location="global" \
--workload-identity-pool="github" \
--display-name="GitHub Provider" \
--attribute-mapping="google.subject=assertion.sub,attribute.actor=assertion.actor,attribute.repository=assertion.repository" \
--issuer-uri="https://token.actions.githubusercontent.com"
# Create service account
gcloud iam service-accounts create github-actions \
--display-name="GitHub Actions Service Account"
# Grant permissions
gcloud projects add-iam-policy-binding YOUR-PROJECT-ID \
--member="serviceAccount:github-actions@YOUR-PROJECT-ID.iam.gserviceaccount.com" \
--role="roles/artifactregistry.admin"
gcloud projects add-iam-policy-binding YOUR-PROJECT-ID \
--member="serviceAccount:github-actions@YOUR-PROJECT-ID.iam.gserviceaccount.com" \
--role="roles/run.developer"
# Allow GitHub repo to impersonate service account
gcloud iam service-accounts add-iam-policy-binding \
"github-actions@YOUR-PROJECT-ID.iam.gserviceaccount.com" \
--role="roles/iam.workloadIdentityUser" \
--member="principalSet://iam.googleapis.com/projects/YOUR-PROJECT-NUMBER/locations/global/workloadIdentityPools/github/attribute.repository/Cyro292/hacknation2025"In your GitHub repository settings (Settings > Secrets and variables > Actions), add:
-
GCP_SERVICE_ACCOUNT_EMAILgithub-actions@YOUR-PROJECT-ID.iam.gserviceaccount.com -
SUPABASE_URLhttps://rwgiijnjmmrurmovkktb.supabase.co -
SUPABASE_API_KEYYour Supabase service role key -
OPENAI_API_KEYYour OpenAI API key
- Triggers: On every push to
mainbranch - Authenticates: Uses Workload Identity Federation (no keys!)
- Builds: Docker image from
./backend/Dockerfile - Pushes: Image to Google Artifact Registry
- Deploys: To Cloud Run with environment variables
- Outputs: Deployment URL
The Docker build is currently failing due to network timeouts connecting to Docker Hub. This is not a configuration issue.
Quick fixes to try:
- Restart Docker Desktop
- Change DNS:
- Docker Desktop > Settings > Docker Engine
- Add:
"dns": ["8.8.8.8", "8.8.4.4"]
- Try again later (Docker Hub might be slow)
The workflow will build in GitHub Actions (usually faster).
Once the network issue resolves:
cd backend
docker-compose up --buildTest:
curl http://localhost:8000/healthAfter deployment, monitor at:
- https://console.cloud.google.com/run
- View logs in Cloud Logging
- Set up alerts for errors
- Update PROJECT_ID, REGION, SERVICE in workflow
- Enable required Google Cloud APIs
- Create Artifact Registry repository
- Set up Workload Identity Federation
- Add GitHub Secrets
- Push to main branch to trigger deployment
- Verify deployment in Cloud Run console