This action deploys your source code to App Engine and makes the URL available to later build steps via outputs. This allows you to parameterize your App Engine deployments.
Note: This action will install gcloud in the
background if not using in with the setup-gcloud
action.
This action requires Google Cloud credentials that are authorized to deploy an App Engine Application. See the Authorization section below for more information.
steps:
- id: deploy
uses: google-github-actions/deploy-appengine@main
with:
credentials: ${{ secrets.gcp_credentials }}
# Example of using the output
- id: test
run: curl "${{ steps.deploy.outputs.url }}"
-
project_id
: (Optional) ID of the Google Cloud project. If provided, this will override the project configured by gcloud. -
deliverables
: (Optional) The yaml files for the services or configurations you want to deploy. If not given, defaults to app.yaml in the current directory. If that is not found, attempts to automatically generate necessary configuration files (such as app.yaml) in the current directory (example,app.yaml cron.yaml
). -
image_url
: (Optional) Deploy with a specific container image. The image url must be from one of the valid GCR hostnames (example,gcr.io/
). -
version
: (Optional) The version of the app that will be created or replaced by this deployment. If you do not specify a version, one will be generated for you. -
promote
: (Optional) Promote the deployed version to receive all traffic. Possible values: ''|'true'|true|'false'|false, if not specified behavior defaults to promote.
Other application configurations can be customized through the app.yaml, ie the service name. See app.yaml Configuration File for more information.
url
: The URL of your App Engine Application.
There are a few ways to authenticate this action. The caller must have permissions to access the secrets being requested.
- App Engine Admin (
roles/appengine.appAdmin
): can manage all App Engine resources - Service Account User (
roles/iam.serviceAccountUser
): to deploy as the service account - Storage Admin (
roles/compute.storageAdmin
): to upload files - Cloud Build Editor (
cloudbuild.builds.editor
): to build the application
Note: An owner will be needed to create the App Engine application
You can provide credentials using the setup-gcloud action,
however you must provide your Project ID to the deploy-appengine
action:
- uses: google-github-actions/setup-gcloud@master
with:
version: '290.0.1'
service_account_key: ${{ secrets.GCP_SA_KEY }}
export_default_credentials: true
- id: Deploy
uses: google-github-actions/deploy-appengine@main
with:
project_id: ${{ secrets.project_id }}
You can provide Google Cloud Service Account JSON directly to the action
by specifying the credentials
input. First, create a GitHub
Secret that contains the JSON content, then import it into the
action:
- id: Deploy
uses: google-github-actions/deploy-appengine@main
with:
credentials: ${{ secrets.GCP_SA_KEY }}
If you are hosting your own runners, and those runners are on Google Cloud, you can leverage the Application Default Credentials of the instance. This will authenticate requests as the service account attached to the instance. This only works using a custom runner hosted on GCP.
- id: Deploy
uses: google-github-actions/deploy-appengine@main
The action will automatically detect and use the Application Default Credentials.
-
Clone this repo.
-
Create a new Google Cloud Project (or select an existing project).
-
Create a Google Cloud service account or select an existing one.
-
Add the the following [Cloud IAM roles][roles] to your service account:
-
App Engine Admin
- allows for the creation of new App Engine apps -
Service Account User
- required to deploy to App Engine as service account -
Storage Admin
- allows upload of source code -
Cloud Build Editor
- allows building of source code
-
-
[Download a JSON service account key][create-key] for the service account.
-
Add the following secrets to your repository's secrets:
-
GCP_PROJECT
: Google Cloud project ID -
GCP_SA_KEY
: the downloaded service account key
-
To run this workflow, push to the branch named example
:
git push YOUR-FORK main:example
Example using setup-gcloud
:
- name: Setup Cloud SDK
uses: google-github-actions/[email protected]
with:
project_id: ${{ env.PROJECT_ID }}
service_account_key: ${{ secrets.GCP_SA_KEY }}
- name: Deploy to App Engine
run: gcloud app deploy app.yaml --quiet --no-promote --version v1
Migrated to deploy-appengine
:
- name: Deploy to App Engine
uses: google-github-actions/[email protected]
with:
deliverables: app.yaml
project_id: ${{ secrets.GCP_PROJECT }}
credentials: ${{ secrets.GCP_SA_KEY }}
promote: false
version: v1