From 37f516ac17e937c1ce73bf64c7b4b6bd4c92a739 Mon Sep 17 00:00:00 2001
From: aga <aga.labonarska@outlook.com>
Date: Wed, 6 May 2026 22:25:03 +0200
Subject: [PATCH] Configure Cloud Run runtime settings in deployment workflow

---
 .github/workflows/deploy-staging.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml
index 700f05e..1d3a09c 100644
--- a/.github/workflows/deploy-staging.yml
+++ b/.github/workflows/deploy-staging.yml
@@ -15,11 +15,13 @@ env:
   REGION: europe-west3
   REPOSITORY: student-progress-api
   SERVICE: student-progress-api
+  CLOUD_RUN_SERVICE_ACCOUNT: student-progress-app-sa@student-progress-staging.iam.gserviceaccount.com
   IMAGE_URI: europe-west3-docker.pkg.dev/student-progress-staging/student-progress-api/student-progress-api
 
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    environment: staging
 
     permissions:
       contents: read
@@ -60,3 +62,18 @@ jobs:
           service: ${{ env.SERVICE }}
           region: ${{ env.REGION }}
           image: ${{ env.IMAGE_URI }}:${{ github.sha }}
+          service_account: ${{ env.CLOUD_RUN_SERVICE_ACCOUNT }}
+          env_vars: |
+            NODE_ENV=production
+            DB_CONNECTION_TYPE=cloud-sql-iam
+            DB_INSTANCE_CONNECTION_NAME=student-progress-staging:europe-west3:student-progress-mysql-staging
+            DB_USER=student-progress-app-sa
+            DB_NAME=student_progress
+            REDIS_HOST=${{ secrets.REDIS_HOST }}
+            REDIS_PORT=6379
+            REDIS_TTL_SECONDS=60
+          flags: |
+            --network=default
+            --subnet=default
+            --vpc-egress=private-ranges-only
+            --allow-unauthenticated