diff --git a/.github/actions/deploy/deploy.mjs b/.github/actions/deploy/deploy.mjs index c2fa7608f1..20dffc17d3 100644 --- a/.github/actions/deploy/deploy.mjs +++ b/.github/actions/deploy/deploy.mjs @@ -21,6 +21,7 @@ const { AFFINE_GOOGLE_CLIENT_ID, AFFINE_GOOGLE_CLIENT_SECRET, CLOUD_SQL_IAM_ACCOUNT, + CLOUD_LOGGER_IAM_ACCOUNT, GCLOUD_CONNECTION_NAME, GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT, REDIS_HOST, @@ -59,7 +60,9 @@ const createHelmCommand = ({ isDryRun }) => { ? [ `--set-json web.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`, `--set-json graphql.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`, + `--set-json graphql.serviceAccount.annotations=\"{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_LOGGER_IAM_ACCOUNT}\\"}\"`, `--set-json sync.service.annotations=\"{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }\"`, + `--set-json sync.serviceAccount.annotations=\"{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_LOGGER_IAM_ACCOUNT}\\"}\"`, `--set-json cloud-sql-proxy.serviceAccount.annotations=\"{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_SQL_IAM_ACCOUNT}\\" }\"`, `--set-json cloud-sql-proxy.nodeSelector=\"{ \\"iam.gke.io/gke-metadata-server-enabled\\": \\"true\\" }\"`, ] diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 4a534fa63b..ea405fc697 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -295,6 +295,7 @@ jobs: REDIS_HOST: ${{ secrets.REDIS_HOST }} REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }} CLOUD_SQL_IAM_ACCOUNT: ${{ secrets.CLOUD_SQL_IAM_ACCOUNT }} + CLOUD_LOGGER_IAM_ACCOUNT: ${{ secrets.CLOUD_LOGGER_IAM_ACCOUNT }} STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }} STRIPE_WEBHOOK_KEY: ${{ secrets.STRIPE_WEBHOOK_KEY }} STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }}