This action deploys your source code to App Engine and makes the URL available to later build steps via outputs. This allows you to parameterize your App Engine deployments.
Note: This action will install gcloud in the
background if not using in with the setup-gcloud
action.
-
This action requires Google Cloud credentials that are authorized to deploy an App Engine Application. See the Authorization section below for more information.
-
This action runs using Node 16. If you are using self-hosted GitHub Actions runners, you must use runner version 2.285.0 or newer.
jobs:
job_id:
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v0'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: '[email protected]'
- id: 'deploy'
uses: 'google-github-actions/deploy-appengine@v0'
# Example of using the output
- id: 'test'
run: 'curl "${{ steps.deploy.outputs.url }}"'
-
project_id
: (Optional) ID of the Google Cloud project. If provided, this will override the project configured by gcloud. -
working_directory
: (Optional) The working directory to use. Actions do not honor default working-directory settings. Thedeliverables
input is a relative path based on this setting. -
deliverables
: (Optional) The yaml files for the services or configurations you want to deploy. If not given, defaults to app.yaml in the current directory. If that is not found, attempts to automatically generate necessary configuration files (such as app.yaml) in the current directory (example,app.yaml cron.yaml
). Note: the additional deliverables may require additional roles for your service account user. -
image_url
: (Optional) Deploy with a specific container image. The image url must be from one of the valid GCR hostnames (example,gcr.io/
). -
version
: (Optional) The version of the app that will be created or replaced by this deployment. If you do not specify a version, one will be generated for you. -
promote
: (Optional) Promote the deployed version to receive all traffic. Possible values:''|'true'|true|'false'|false
, if not specified behavior defaults to promote. -
credentials
: (Deprecated) This input is deprecated. See auth section for more details. Service account key to use for authentication. This should be the JSON formatted private key which can be exported from the Cloud Console. The value can be raw or base64-encoded.
Other application configurations can be customized through the app.yaml, ie the service name. See app.yaml Configuration File for more information.
url
: The URL of your App Engine Application.
Use google-github-actions/auth to authenticate the action. This Action supports both the recommended Workload Identity Federation based authentication and the traditional Service Account Key JSON based auth.
See usage or setting up Workload Identity Federation for more details.
- App Engine Admin (
roles/appengine.appAdmin
): can manage all App Engine resources - Service Account User (
roles/iam.serviceAccountUser
): to deploy as the service account - Storage Admin (
roles/compute.storageAdmin
): to upload files - Cloud Build Editor (
roles/cloudbuild.builds.editor
): to build the application - (optional) Cloud Scheduler Admin (
roles/cloudscheduler.admin
): to schedule tasks
Note: An owner will be needed to create the App Engine application
jobs:
job_id:
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v0'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: '[email protected]'
- id: 'deploy'
uses: 'google-github-actions/deploy-appengine@v0'
jobs:
job_id:
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v0'
with:
credentials_json: '${{ secrets.GCP_SA_KEY }}'
- id: 'deploy'
uses: 'google-github-actions/deploy-appengine@v0'
If you are hosting your own runners, and those runners are on Google Cloud, you can leverage the Application Default Credentials of the instance. This will authenticate requests as the service account attached to the instance. This only works using a custom runner hosted on GCP.
jobs:
job_id:
steps:
- id: 'deploy'
uses: 'google-github-actions/deploy-appengine@v0'
-
Clone this repo.
-
Create a new Google Cloud Project (or select an existing project).
-
Enable the App Engine Admin API on your project.
-
Create a Google Cloud service account or select an existing one.
-
Add required roles to your service account.
-
Download a JSON service account key for the service account.
-
Add the following secrets to your repository's secrets:
-
GCP_PROJECT
: Google Cloud project ID -
GCP_SA_KEY
: the downloaded service account key
-
To run this workflow, push to the branch named example
:
git push YOUR-FORK main:example
Example using setup-gcloud
:
- name: 'Setup Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v0'
with:
project_id: '${{ env.PROJECT_ID }}'
service_account_key: '${{ secrets.GCP_SA_KEY }}'
- name: 'Deploy to App Engine'
run: 'gcloud app deploy app.yaml --quiet --no-promote --version v1'
Migrated to deploy-appengine
:
- id: 'auth'
uses: 'google-github-actions/auth@v0'
with:
credentials_json: '${{ secrets.GCP_SA_KEY }}'
- name: 'Deploy to App Engine'
uses: 'google-github-actions/deploy-appengine@v0'
with:
deliverables: 'app.yaml'
promote: false
version: 'v1'