Awesome
gcloud
GitHub Action which allows interacting with Google Cloud Platform.
Usage
To use gcloud in your workflow use:
- uses: actions-hub/gcloud@master
env:
PROJECT_ID: test
APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
with:
args: info
You can also use gsutil
from Google Cloud SDK package.
- uses: actions-hub/gcloud@master
env:
PROJECT_ID: test
APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
with:
args: cp your-file.txt gs://your-bucket/
cli: gsutil
You can also use kubectl
from Google Cloud SDK package.
- uses: actions-hub/gcloud@master
env:
PROJECT_ID: test
APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
with:
args: create deployment hello-server --image=gcr.io/google-samples/hello-app:1.0
cli: kubectl
Secrets
APPLICATION_CREDENTIALS
- To authorize in GCP you need to have a service account key.
The recommended way to store the credentials in the secrets it previously encode file with base64. To encode a JSON file use: base64 ~/<account_id>.json
. Or you can put a JSON structure to the secret.
PROJECT_ID
- must be provided to activate a specific project.
Using access tokens
Alternatively, you can set the environment variable CLOUDSDK_AUTH_ACCESS_TOKEN
to a valid OAUTH token; this allows the step to be used with Workload Identity Federation.
- id: google_cloud_auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v1
with:
workload_identity_provider: 'projects/${{ secrets.gcp_project_number }}/locations/global/workloadIdentityPools/${{ secrets.workload_identity_pool }/providers/${{ secrets.workload_identity_provider }}'
service_account: '${{ secrets.workload_identity_service_account }}@${{ secrets.gcp_project_name }}.iam.gserviceaccount.com'
token_format: 'access_token'
- uses: actions-hub/gcloud@master
env:
PROJECT_ID: ${{ secrets.gcp_project_name }}
CLOUDSDK_AUTH_ACCESS_TOKEN: '${{ steps.google_cloud_auth.outputs.access_token }}'
with:
args: info
Two important notes:
- If
CLOUDSDK_AUTH_ACCESS_TOKEN
is set, it will override any other auth configuration - The
gsutil
command does not support theCLOUDSDK_AUTH_ACCESS_TOKEN
variable; use gcloud storage to interact with GCS.
Inputs
args
- command to run.
cli
- (optional) command line tool you want to use. Defaults to gcloud
, allowed values: gcloud
, gsutil
.
Version
For each new release of gcloud master branch is updated to the latest version. Also, the tag is creating with the same number as the gcloud version. If you want to always have the latest version of gcloud, use @master
branch.
But if you need some specific version of gcloud just use a specific tag. For example @271.0.0
.
Example
Latest version
name: gcloud
on: [push]
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-hub/gcloud@master
env:
PROJECT_ID: ${{secrets.GCLOUD_PROJECT_ID}}
APPLICATION_CREDENTIALS: ${{secrets.GOOGLE_APPLICATION_CREDENTIALS}}
with:
args: app deploy app.yaml
Multistep
name: gcloud
on: [push]
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: "deploy to project A"
uses: actions-hub/gcloud@master
env:
PROJECT_ID: ${{secrets.GCLOUD_PROJECT_ID_A}}
APPLICATION_CREDENTIALS: ${{secrets.GOOGLE_APPLICATION_CREDENTIALS}}
with:
args: app deploy app.yaml
- name: "deploy to project B"
uses: actions-hub/gcloud@master
env:
PROJECT_ID: ${{secrets.GCLOUD_PROJECT_ID_B}}
with:
args: app deploy app.yaml
Specific version
name: gcloud
on: [push]
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-hub/gcloud@271.0.0
env:
PROJECT_ID: ${{secrets.GCLOUD_PROJECT_ID}}
APPLICATION_CREDENTIALS: ${{secrets.GOOGLE_APPLICATION_CREDENTIALS}}
with:
args: app deploy app.yaml