Web — Release Guide
GitHub Actions Secrets & Variables
The deploy workflows (.github/workflows/deploy-web-dev.yaml and
.github/workflows/deploy-web-prod.yaml) share a reusable workflow
(.github/workflows/workflow-deploy.yaml) and require the following secrets and
variables configured in the GitHub repository settings (Settings → Secrets and
variables → Actions).
Secrets
| Name |
Description |
GCP_SA_KEY |
GCP service account JSON key. The service account must have the Artifact Registry Writer and Cloud Run Developer roles. |
Variables
| Name |
Example |
Description |
GCP_REGION |
us-central1 |
GCP region for both Artifact Registry and Cloud Run. |
GCP_AR_REPO_URL |
us-central1-docker.pkg.dev/my-gcp-project/my-repo |
Full Artifact Registry repository URL. The workflow appends /{image_name}:{tag} to form the complete image reference. |
Derived values (computed by the workflow — do not set manually)
| Value |
Formula |
Example |
IMAGE_FULLNAME |
{GCP_AR_REPO_URL}/{release_type}-{app_name}:v{build_no} |
us-central1-docker.pkg.dev/my-project/my-repo/dev-web:v47 |
IMAGE_TAG |
v{build_no} |
v47 |
GCP_RUN_SERVICE |
{release_type}-{app_name} |
dev-web, prod-web |
Triggering a Release
The tag format is determined by the branch you are on. Run from the appropriate
branch:
mise run release:tag web
The task reads the current branch to determine release type (develop → dev,
main → prod) and the build number from the +N portion of the version in
projects/web/package.json (e.g. 0.0.1+47).
| Branch |
Tag created |
Workflow triggered |
develop |
web-dev-v47 |
deploy-web-dev.yaml |
main |
web-prod-v47 |
deploy-web-prod.yaml |
Image Naming
| Component |
Value |
Example |
| Registry path |
{GCP_AR_REPO_URL} |
us-central1-docker.pkg.dev/my-gcp-project/my-repo |
| Image name |
{release_type}-{app_name} |
dev-web, prod-web |
| Tag |
v{build_number} |
v47 |
| Full reference |
{GCP_AR_REPO_URL}/{image_name}:{tag} |
us-central1-docker.pkg.dev/my-gcp-project/my-repo/dev-web:v47 |