GitHub Action which allows interacting with Google Cloud Platform.
To use gcloud in your workflow use:
- uses: actions-hub/gcloud@master
env:
PROJECT_ID: test
APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
with:
args: infoYou can also use gsutil from Google Cloud SDK package.
- uses: actions-hub/gcloud@master
env:
PROJECT_ID: test
APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
with:
args: cp your-file.txt gs://your-bucket/
cli: gsutilYou can also use kubectl from Google Cloud SDK package.
- uses: actions-hub/gcloud@master
env:
PROJECT_ID: test
APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
with:
args: create deployment hello-server --image=gcr.io/google-samples/hello-app:1.0
cli: kubectlAPPLICATION_CREDENTIALS - To authorize in GCP you need to have a service account key.
The recommended way to store the credentials in the secrets it previously encode file with base64. To encode a JSON file use: base64 ~/<account_id>.json. Or you can put a JSON structure to the secret.
PROJECT_ID - must be provided to activate a specific project.
Alternatively, you can set the environment variable CLOUDSDK_AUTH_ACCESS_TOKEN to a valid OAUTH token; this allows the step to be used with Workload Identity Federation.
- id: google_cloud_auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v1
with:
workload_identity_provider: 'projects/${{ secrets.gcp_project_number }}/locations/global/workloadIdentityPools/${{ secrets.workload_identity_pool }/providers/${{ secrets.workload_identity_provider }}'
service_account: '${{ secrets.workload_identity_service_account }}@${{ secrets.gcp_project_name }}.iam.gserviceaccount.com'
token_format: 'access_token'
- uses: actions-hub/gcloud@master
env:
PROJECT_ID: ${{ secrets.gcp_project_name }}
CLOUDSDK_AUTH_ACCESS_TOKEN: '${{ steps.google_cloud_auth.outputs.access_token }}'
with:
args: infoTwo important notes:
- If
CLOUDSDK_AUTH_ACCESS_TOKENis set, it will override any other auth configuration - The
gsutilcommand does not support theCLOUDSDK_AUTH_ACCESS_TOKENvariable; use gcloud storage to interact with GCS.
args - command to run.
cli - (optional) command line tool you want to use. Defaults to gcloud, allowed values: gcloud, gsutil.
For each new release of gcloud master branch is updated to the latest version. Also, the tag is creating with the same number as the gcloud version. If you want to always have the latest version of gcloud, use @master branch.
But if you need some specific version of gcloud just use a specific tag. For example @271.0.0.
name: gcloud
on: [push]
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-hub/gcloud@master
env:
PROJECT_ID: ${{secrets.GCLOUD_PROJECT_ID}}
APPLICATION_CREDENTIALS: ${{secrets.GOOGLE_APPLICATION_CREDENTIALS}}
with:
args: app deploy app.yamlname: gcloud
on: [push]
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: "deploy to project A"
uses: actions-hub/gcloud@master
env:
PROJECT_ID: ${{secrets.GCLOUD_PROJECT_ID_A}}
APPLICATION_CREDENTIALS: ${{secrets.GOOGLE_APPLICATION_CREDENTIALS}}
with:
args: app deploy app.yaml
- name: "deploy to project B"
uses: actions-hub/gcloud@master
env:
PROJECT_ID: ${{secrets.GCLOUD_PROJECT_ID_B}}
with:
args: app deploy app.yamlname: gcloud
on: [push]
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-hub/[email protected]
env:
PROJECT_ID: ${{secrets.GCLOUD_PROJECT_ID}}
APPLICATION_CREDENTIALS: ${{secrets.GOOGLE_APPLICATION_CREDENTIALS}}
with:
args: app deploy app.yaml