GitHub Action which allows interacting with Google Cloud Platform.
To use gcloud in your workflow use:
- uses: actions-hub/gcloud@master env: PROJECT_ID: test APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} with: args: infoYou can also use gsutil from Google Cloud SDK package.
- uses: actions-hub/gcloud@master env: PROJECT_ID: test APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} with: args: cp your-file.txt gs://your-bucket/ cli: gsutilYou can also use kubectl from Google Cloud SDK package.
- uses: actions-hub/gcloud@master env: PROJECT_ID: test APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} with: args: create deployment hello-server --image=gcr.io/google-samples/hello-app:1.0 cli: kubectlAPPLICATION_CREDENTIALS - To authorize in GCP you need to have a service account key. The recommended way to store the credentials in the secrets it previously encode file with base64. To encode a JSON file use: base64 ~/<account_id>.json. Or you can put a JSON structure to the secret.
PROJECT_ID - must be provided to activate a specific project.
Alternatively, you can set the environment variable CLOUDSDK_AUTH_ACCESS_TOKEN to a valid OAUTH token; this allows the step to be used with Workload Identity Federation.
- id: google_cloud_auth name: Authenticate to Google Cloud uses: google-github-actions/auth@v1 with: workload_identity_provider: 'projects/${{ secrets.gcp_project_number }}/locations/global/workloadIdentityPools/${{ secrets.workload_identity_pool }/providers/${{ secrets.workload_identity_provider }}' service_account: '${{ secrets.workload_identity_service_account }}@${{ secrets.gcp_project_name }}.iam.gserviceaccount.com' token_format: 'access_token' - uses: actions-hub/gcloud@master env: PROJECT_ID: ${{ secrets.gcp_project_name }} CLOUDSDK_AUTH_ACCESS_TOKEN: '${{ steps.google_cloud_auth.outputs.access_token }}' with: args: infoTwo important notes:
- If
CLOUDSDK_AUTH_ACCESS_TOKENis set, it will override any other auth configuration - The
gsutilcommand does not support theCLOUDSDK_AUTH_ACCESS_TOKENvariable; use gcloud storage to interact with GCS.
args - command to run.
cli - (optional) command line tool you want to use. Defaults to gcloud, allowed values: gcloud, gsutil.
For each new release of gcloud master branch is updated to the latest version. Also, the tag is creating with the same number as the gcloud version. If you want to always have the latest version of gcloud, use @master branch. But if you need some specific version of gcloud just use a specific tag. For example @271.0.0.
name: gcloud on: [push] jobs: deploy: name: Deploy runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - uses: actions-hub/gcloud@master env: PROJECT_ID: ${{secrets.GCLOUD_PROJECT_ID}} APPLICATION_CREDENTIALS: ${{secrets.GOOGLE_APPLICATION_CREDENTIALS}} with: args: app deploy app.yamlname: gcloud on: [push] jobs: deploy: name: Deploy runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - name: "deploy to project A" uses: actions-hub/gcloud@master env: PROJECT_ID: ${{secrets.GCLOUD_PROJECT_ID_A}} APPLICATION_CREDENTIALS: ${{secrets.GOOGLE_APPLICATION_CREDENTIALS}} with: args: app deploy app.yaml - name: "deploy to project B" uses: actions-hub/gcloud@master env: PROJECT_ID: ${{secrets.GCLOUD_PROJECT_ID_B}} with: args: app deploy app.yamlname: gcloud on: [push] jobs: deploy: name: Deploy runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - uses: actions-hub/gcloud@271.0.0 env: PROJECT_ID: ${{secrets.GCLOUD_PROJECT_ID}} APPLICATION_CREDENTIALS: ${{secrets.GOOGLE_APPLICATION_CREDENTIALS}} with: args: app deploy app.yaml
