google-github-actions/deploy-appengine google-github-actions/deploy-appengine

  • Stars
    star
    209
  • Rank 188,325 (Top 4 %)
  • Language
    TypeScript
  • Created about 4 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
google-github-actions/deploy-appengine
github

google-github-actions

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A GitHub Action that deploys source code to Google App Engine.

deploy-appengine

This action deploys your source code to App Engine and makes the URL available to later build steps via outputs. This allows you to parameterize your App Engine deployments.

This is not an officially supported Google product, and it is not covered by a Google Cloud support contract. To report bugs or request features in a Google Cloud product, please contact Google Cloud support.

Prerequisites

  • This action requires Google Cloud credentials that are authorized to deploy an App Engine Application. See the Authorization section below for more information.

  • This action runs using Node 16. If you are using self-hosted GitHub Actions runners, you must use runner version 2.285.0 or newer.

Usage

jobs:
  job_id:
    permissions:
      contents: 'read'
      id-token: 'write'

    steps:
    - id: 'auth'
      uses: 'google-github-actions/auth@v1'
      with:
        workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
        service_account: '[email protected]'

    - id: 'deploy'
      uses: 'google-github-actions/deploy-appengine@v1'

    # Example of using the output
    - id: 'test'
      run: 'curl "${{ steps.deploy.outputs.url }}"'

Inputs

  • project_id: (Optional) ID of the Google Cloud project. If not provided, this is inherited from the environment.

  • working_directory: (Optional) The working directory to use. Actions do not honor default working-directory settings. The deliverables input is a relative path based on this setting.

  • deliverables: (Optional) The yaml files for the services or configurations you want to deploy. If not given, defaults to app.yaml in the current directory. If that is not found, attempts to automatically generate necessary configuration files (such as app.yaml) in the current directory (example, app.yaml cron.yaml). Note: the additional deliverables may require additional roles for your service account user.

  • build_env_vars: (Optional) List of key=value pairs to set as environment variables during tbe build process. This will overwrite any duplicate key environment variables defined in the app.yaml.

    with:
  build_env_vars: |-
    FOO=bar
    ZIP=zap

    Note: To include environment variables defined in another file, use the includes directive in your app.yaml.

  • env_vars: (Optional) List of key=value pairs to set as environment variables. This will overwrite any duplicate key environment variables defined in the app.yaml.

    with:
  env_vars: |-
    FOO=bar
    ZIP=zap

    Note: To include environment variables defined in another file, use the includes directive in your app.yaml.

  • image_url: (Optional) Deploy with a specific container image. The image url must be from one of the valid GCR hostnames (example, gcr.io/).

  • version: (Optional) The version of the app that will be created or replaced by this deployment. If you do not specify a version, one will be generated for you.

  • promote: (Optional) Promote the deployed version to receive all traffic. The default is true.

  • flags: (Optional) Space-separated list of other App Engine flags. This can be used to access features that are not exposed via this GitHub Action.

    with:
  flags: '--ignore-file=...'

    See the complete list of flags for more information.

  • gcloud_version: (Optional) Version of the gcloud CLI to use. The default value is latest.

  • gcloud_component: (Optional) Component of the gcloud CLI to use. Valid values are alpha and beta. The default value is to use the stable track.

app.yaml customizations

Other application configurations can be customized through the app.yaml, ie the service name. See app.yaml Configuration File for more information.

Outputs

  • name: The fully-qualified resource name of the deployment. This will be of the format "apps//services//versions/".

  • runtime: The computed deployment runtime.

  • service_account_email: The email address of the runtime service account.

  • serving_status: The current serving status. The value is usually "SERVING", unless the deployment failed to start.

  • version_id: Unique identifier for the version, or the specified version if one was given.

  • version_url: URL of the version of the AppEngine service that was deployed.

Authorization

There are a few ways to authenticate this action. The caller must have the following Google Cloud IAM Roles:

  • App Engine Admin (roles/appengine.appAdmin) to manage all App Engine resources and create new services and versions.

  • Storage Admin (roles/storage.admin) to upload files to Cloud Storage to store source artifacts.

  • Cloud Build Editor (roles/cloudbuild.builds.editor) to build the service.

  • Service Account User (roles/iam.serviceAccountUser) permissions on the runtime service account to deploy the service. The default runtime service account is [email protected], but you can also customize the service account in your app.yaml file.

  • (optional) Cloud Scheduler Admin (roles/cloudscheduler.admin) to schedule tasks

Note: An owner will be needed to create the App Engine application.

Via google-github-actions/auth

Use google-github-actions/auth to authenticate the action. This Action supports both the recommended Workload Identity Federation based authentication and the traditional Service Account Key JSON based auth.

jobs:
  job_id:
    permissions:
      contents: 'read'
      id-token: 'write'

    steps:
    - id: 'auth'
      uses: 'google-github-actions/auth@v1'
      with:
        workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
        service_account: '[email protected]'

    - id: 'deploy'
      uses: 'google-github-actions/deploy-appengine@v1'

Via Application Default Credentials

If you are hosting your own runners, and those runners are on Google Cloud, you can leverage the Application Default Credentials of the instance. This will authenticate requests as the service account attached to the instance. This only works using a custom runner hosted on GCP.

jobs:
  job_id:
    steps:
    - id: 'deploy'
      uses: 'google-github-actions/deploy-appengine@v1'

Advanced Configuration

Custom Build Timeouts

The default Google Cloud Build timeout to compile the application may be too short for some services. To extend the build timeout, set the CLOUDSDK_APP_CLOUD_BUILD_TIMEOUT environment variable to an integer representing the number of seconds for the timeout. Do not customize this value unless you are getting errors about build timeouts. This will consume more build minutes.

jobs:
  job_id:
    steps:
    - uses: 'google-github-actions/deploy-appengine@v1'
      env:
        CLOUDSDK_APP_CLOUD_BUILD_TIMEOUT: 1800 # 30 minutes

More Repositories

1

setup-gcloud

A GitHub Action for installing and configuring the gcloud CLI.
TypeScript
1,658
star
2

release-please-action

automated releases based on conventional commits
TypeScript
1,413
star
3

auth

A GitHub Action for authenticating to Google Cloud.
TypeScript
807
star
4

deploy-cloudrun

A GitHub Action for deploying services to Google Cloud Run.
TypeScript
352
star
5

deploy-cloud-functions

A GitHub Action that deploys source code to Google Cloud Functions.
TypeScript
261
star
6

upload-cloud-storage

A GitHub Action for uploading files to a Google Cloud Storage (GCS) bucket.
TypeScript
176
star
7

get-secretmanager-secrets

A GitHub Action for accessing secrets from Google Secret Manager and making them available as outputs.
TypeScript
111
star
8

get-gke-credentials

A GitHub Action that configure authentication to a GKE cluster.
TypeScript
82
star
9

ssh-compute

A GitHub Action to SSH into a Google Compute Engine instance.
TypeScript
40
star
10

example-workflows

Repository to demonstrate example workflows.
Go
29
star
11

run-vertexai-notebook

A GitHub Action for running a Google Cloud Vertex AI notebook.
17
star
12

create-cloud-deploy-release

A GitHub Action for creating releases via Cloud Deploy.
TypeScript
15
star
13

github-workflow-job-to-pubsub

Fulfills a GitHub workflow_job webhooks into a Pub/Sub queue.
Go
10
star
14

github-runner-token-proxy

Generate registration tokens for GitHub self-hosted runners without disclosing a privileged credential to the caller.
Go
7
star
15

setup-cloud-sdk

An NPM package for installing and configuring the Google Cloud SDK in GitHub Actions.
TypeScript
7
star
16

actions-utils

An NPM package for Google GitHub Actions utils.
TypeScript
6
star
17

test-infra

Test infrastructure for Google Github Actions.
HCL
5
star
18

.github

Default files for google-github-actions
JavaScript
4
star
19

send-google-chat-webhook

Go
3
star
20

analyze-code-security-scc

TypeScript
1
star
21

deploy-workflow

A GitHub Action for deploying Google Cloud Deploy workflows.
1
star