Giters

jacoz / deploy-appengine

This action deploys your source code to App Engine.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

deploy-appengine

This action deploys your source code to App Engine and makes the URL available to later build steps via outputs. This allows you to parameterize your App Engine deployments.

Note: This action will install gcloud in the background if not using in with the setup-gcloud action.

Prerequisites

This action requires Google Cloud credentials that are authorized to deploy an App Engine Application. See the Authorization section below for more information.

Usage

steps:
- id: 'auth'
  uses: 'google-github-actions/auth@v0.4.0'
  with:
    workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
    service_account: 'my-service-account@my-project.iam.gserviceaccount.com'

- id: deploy
  uses: google-github-actions/deploy-appengine@v0.4.0

# Example of using the output
- id: test
  run: curl "${{ steps.deploy.outputs.url }}"

Inputs

  • project_id: (Optional) ID of the Google Cloud project. If provided, this will override the project configured by gcloud.

  • working_directory: (Optional) The working directory to use. Actions do not honor default working-directory settings. The deliverables input is a relative path based on this setting.

  • deliverables: (Optional) The yaml files for the services or configurations you want to deploy. If not given, defaults to app.yaml in the current directory. If that is not found, attempts to automatically generate necessary configuration files (such as app.yaml) in the current directory (example, app.yaml cron.yaml). Note: the additional deliverables may require additional roles for your service account user.

  • image_url: (Optional) Deploy with a specific container image. The image url must be from one of the valid GCR hostnames (example, gcr.io/).

  • version: (Optional) The version of the app that will be created or replaced by this deployment. If you do not specify a version, one will be generated for you.

  • promote: (Optional) Promote the deployed version to receive all traffic. Possible values: ''|'true'|true|'false'|false, if not specified behavior defaults to promote.

  • credentials: (Deprecated) This input is deprecated. See auth section for more details. Service account key to use for authentication. This should be the JSON formatted private key which can be exported from the Cloud Console. The value can be raw or base64-encoded.

app.yaml customizations

Other application configurations can be customized through the app.yaml, ie the service name. See app.yaml Configuration File for more information.

Outputs

  • url: The URL of your App Engine Application.

Authorization

Via google-github-actions/auth

Use google-github-actions/auth to authenticate the action. This Action supports both the recommended Workload Identity Federation based authentication and the traditional Service Account Key JSON based auth.

See usage for more details.

Roles needed:

  • App Engine Admin (roles/appengine.appAdmin): can manage all App Engine resources
  • Service Account User (roles/iam.serviceAccountUser): to deploy as the service account
  • Storage Admin (roles/compute.storageAdmin): to upload files
  • Cloud Build Editor (roles/cloudbuild.builds.editor): to build the application
  • (optional) Cloud Scheduler Admin (roles/cloudscheduler.admin): to schedule tasks

Note: An owner will be needed to create the App Engine application

Authenticating via Workload Identity Federation

- id: 'auth'
  uses: 'google-github-actions/auth@v0.4.0'
  with:
    workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
    service_account: 'my-service-account@my-project.iam.gserviceaccount.com'

- id: Deploy
  uses: google-github-actions/deploy-appengine@v0.4.0

Authenticating via Service Account Key JSON

- id: 'auth'
  uses: 'google-github-actions/auth@v0.4.0'
  with:
    credentials_json: '${{ secrets.GCP_SA_KEY }}'

- id: Deploy
  uses: google-github-actions/deploy-appengine@v0.4.0

Via Application Default Credentials

If you are hosting your own runners, and those runners are on Google Cloud, you can leverage the Application Default Credentials of the instance. This will authenticate requests as the service account attached to the instance. This only works using a custom runner hosted on GCP.

- id: Deploy
  uses: google-github-actions/deploy-appengine@v0.4.0

Example Workflows

Setup

  1. Clone this repo.

  2. Create a new Google Cloud Project (or select an existing project).

  3. Initialize your App Engine app with your project.

  4. Enable the App Engine Admin API on your project.

  5. Create a Google Cloud service account or select an existing one.

  6. Add required roles to your service account.

  7. Download a JSON service account key for the service account.

  8. Add the following secrets to your repository's secrets:

    • GCP_PROJECT: Google Cloud project ID

    • GCP_SA_KEY: the downloaded service account key

Deploy from source

To run this workflow, push to the branch named example:

git push YOUR-FORK main:example

Migrating from setup-gcloud

Example using setup-gcloud:

- name: Setup Cloud SDK
  uses: google-github-actions/setup-gcloud@v0.2.0
  with:
    project_id: ${{ env.PROJECT_ID }}
    service_account_key: ${{ secrets.GCP_SA_KEY }}

- name: Deploy to App Engine
  run: gcloud app deploy app.yaml --quiet --no-promote --version v1

Migrated to deploy-appengine:

- id: 'auth'
  uses: 'google-github-actions/auth@v0.4.0'
  with:
    credentials_json: '${{ secrets.GCP_SA_KEY }}'

- name: Deploy to App Engine
  uses: google-github-actions/deploy-appengine@v0.2.0
  with:
    deliverables: app.yaml
    promote: false
    version: v1

About

This action deploys your source code to App Engine.

Languages

Language:TypeScript 85.0%Language:JavaScript 15.0%