deployment-manager GitHub Action
Manage resources in Google Cloud Platform using Deployment Manager.
Table of Contents
Prerequisites
Required to run this action are:
-
Google Cloud credentials authorized to create/modify deployments and provision the desired resources. See Credentials below for more.
-
Enable the Deployment Manager API:
gcloud services enable deploymentmanager.googleapis.comUsage
- name: Provision Resources
id: deployment
uses: ghost-road-studio/deployment-manager@v0
with:
deployment: org-structure
template: org_structure.jinja
credentials: ${{ secrets.GCP_SA_KEY }}
labels: environment=dev
properties: org_id:${{ secrets.GCP_ORGANIZATIONID }}Inputs
| Name | Required | Default | Description |
|---|---|---|---|
deployment |
Required. | Name of deployment to create or update. | |
template |
Required if not using configuration. | Path to template. | |
config |
Required if not using template. | Path to config. | |
credentials |
Required if not using setup-gcloud with exported credentials. |
Service account key for authentication. JSON formatted private key can be raw or base64-encoded. | |
project_id |
optional | ID of the Google Cloud project. Overrides project configured by setup-gcloud. |
|
labels |
optional | Labels to apply to the deployment. | |
properties |
optional | Properties to provide to template. Cannot use properties with configurations. | |
gcloud_version |
optional | latest |
Pin the version of Cloud SDK gcloud CLI. |
Credentials
A service account with the following roles:
- Deployment Manager Editor (
roles/deploymentmanager.editor):- Read and write access to all Deployment Manager resources.
Note: This service account must have iam permissions to create/manage the specified resources. Use gcloud iam roles list to determine appropriate roles to grant.
With google-github-actions/auth
Credentials from the auth action can be used:
- uses: google-github-actions/auth@v0
with:
create_credentials_file: true
credentials_json: ${{ secrets.GCP_SA_KEY }}
- uses: google-github-actions/setup-gcloud@v0
- name: Deploy to Google Cloud
uses: ghost-road-studio/deployment-manager@v0
with:
deployment: project-structure
template: project_structure.jinja
properties: name:test-projectUsing Credentials
Google Cloud Service Account credentials can be passed directly to the action by specifying credentials input. To begin, create a secret containing the raw or base64-encoded JSON key to be imported into the action.
- name: Deploy to Google Cloud
uses: ghost-road-studio/deployment-manager@v0
with:
credentials: ${{ secrets.GCP_SA_KEY_B64 }}
template: test.jinjaVia app default credentials
If you host your own runners on Google Cloud, the app default credentials of the instance may be used. The service account attached to the instance will be used. This is only for custom runners hosted in GCP.
- name: Deploy to Google Cloud
uses: ghost-road-studio/deployment-manager@v0
with:
template: test.jinjaExample Workflows
name: example deployment
on:
push:
branches: [ main ]
env:
DEPLOYMENTS_PATH: deployments
jobs:
template-deployment:
name: deployment with labels and properties
runs-on: ubuntu-latest
steps:
- uses: google-github-actions/auth@v0
with:
create_credentials_file: true
credentials_json: ${{secrets.DEPLOYMENTS_SA_KEY}}
- uses: google-github-actions/setup-gcloud@v0
- name: deployment with labels and properties
id: deployment
uses: ghost-road-studio/deployment-manager@v0
with:
deployment: ${{ steps.deployment.outputs.deployment }}
template: ${{ env.DEPLOYMENTS_PATH }}/bucket.jinja
properties: name:${{ steps.deployment.outputs.deployment }}
labels: env=test,team=devsContributing
See CONTRIBUTING.
License
See LICENSE.