deployment-manager
GitHub Action
Manage resources in Google Cloud Platform using Deployment Manager.
Table of Contents
Prerequisites
Required to run this action are:
-
Google Cloud credentials authorized to create/modify deployments and provision the desired resources. See Credentials below for more.
-
Enable the Deployment Manager API:
gcloud services enable deploymentmanager.googleapis.com
Usage
- name: Provision Resources
id: deployment
uses: ghost-road-studio/deployment-manager@v0
with:
deployment: org-structure
template: org_structure.jinja
credentials: ${{ secrets.GCP_SA_KEY }}
labels: environment=dev
properties: org_id:${{ secrets.GCP_ORGANIZATIONID }}
Inputs
Name | Required | Default | Description |
---|---|---|---|
deployment |
Required. | Name of deployment to create or update. | |
template |
Required if not using configuration. | Path to template. | |
config |
Required if not using template. | Path to config. | |
credentials |
Required if not using setup-gcloud with exported credentials. |
Service account key for authentication. JSON formatted private key can be raw or base64-encoded. | |
project_id |
optional | ID of the Google Cloud project. Overrides project configured by setup-gcloud . |
|
labels |
optional | Labels to apply to the deployment. | |
properties |
optional | Properties to provide to template. Cannot use properties with configurations. | |
gcloud_version |
optional | latest |
Pin the version of Cloud SDK gcloud CLI. |
Credentials
A service account with the following roles:
- Deployment Manager Editor (
roles/deploymentmanager.editor
):- Read and write access to all Deployment Manager resources.
Note: This service account must have iam permissions to create/manage the specified resources. Use gcloud iam roles list
to determine appropriate roles to grant.
google-github-actions/auth
With Credentials from the auth action can be used:
- uses: google-github-actions/auth@v0
with:
create_credentials_file: true
credentials_json: ${{ secrets.GCP_SA_KEY }}
- uses: google-github-actions/setup-gcloud@v0
- name: Deploy to Google Cloud
uses: ghost-road-studio/deployment-manager@v0
with:
deployment: project-structure
template: project_structure.jinja
properties: name:test-project
Using Credentials
Google Cloud Service Account credentials can be passed directly to the action by specifying credentials
input. To begin, create a secret containing the raw or base64-encoded JSON key to be imported into the action.
- name: Deploy to Google Cloud
uses: ghost-road-studio/deployment-manager@v0
with:
credentials: ${{ secrets.GCP_SA_KEY_B64 }}
template: test.jinja
Via app default credentials
If you host your own runners on Google Cloud, the app default credentials of the instance may be used. The service account attached to the instance will be used. This is only for custom runners hosted in GCP.
- name: Deploy to Google Cloud
uses: ghost-road-studio/deployment-manager@v0
with:
template: test.jinja
Example Workflows
name: example deployment
on:
push:
branches: [ main ]
env:
DEPLOYMENTS_PATH: deployments
jobs:
template-deployment:
name: deployment with labels and properties
runs-on: ubuntu-latest
steps:
- uses: google-github-actions/auth@v0
with:
create_credentials_file: true
credentials_json: ${{secrets.DEPLOYMENTS_SA_KEY}}
- uses: google-github-actions/setup-gcloud@v0
- name: deployment with labels and properties
id: deployment
uses: ghost-road-studio/deployment-manager@v0
with:
deployment: ${{ steps.deployment.outputs.deployment }}
template: ${{ env.DEPLOYMENTS_PATH }}/bucket.jinja
properties: name:${{ steps.deployment.outputs.deployment }}
labels: env=test,team=devs
Contributing
See CONTRIBUTING.
License
See LICENSE.