Skip to content

toyinswift/deploy-appengine

 
 

Repository files navigation

deploy-appengine

This action deploys your source code to App Engine and makes the URL available to later build steps via outputs. This allows you to parameterize your App Engine deployments.

Note: This action will install gcloud in the background if not using in with the setup-gcloud action.

Prerequisites

This action requires Google Cloud credentials that are authorized to deploy an App Engine Application. See the Authorization section below for more information.

Usage

steps:
- id: deploy
  uses: google-github-actions/deploy-appengine@main
  with:
    credentials: ${{ secrets.gcp_credentials }}

# Example of using the output
- id: test
  run: curl "${{ steps.deploy.outputs.url }}"

Inputs

  • project_id: (Optional) ID of the Google Cloud project. If provided, this will override the project configured by gcloud.

  • deliverables: (Optional) The yaml files for the services or configurations you want to deploy. If not given, defaults to app.yaml in the current directory. If that is not found, attempts to automatically generate necessary configuration files (such as app.yaml) in the current directory (example, app.yaml cron.yaml).

  • image_url: (Optional) Deploy with a specific container image. The image url must be from one of the valid GCR hostnames (example, gcr.io/).

  • version: (Optional) The version of the app that will be created or replaced by this deployment. If you do not specify a version, one will be generated for you.

  • promote: (Optional) Promote the deployed version to receive all traffic. Possible values: ''|'true'|true|'false'|false, if not specified behavior defaults to promote.

app.yaml customizations

Other application configurations can be customized through the app.yaml, ie the service name. See app.yaml Configuration File for more information.

Outputs

  • url: The URL of your App Engine Application.

Authorization

There are a few ways to authenticate this action. The caller must have permissions to access the secrets being requested.

Roles needed:

  • App Engine Admin (roles/appengine.appAdmin): can manage all App Engine resources
  • Service Account User (roles/iam.serviceAccountUser): to deploy as the service account
  • Storage Admin (roles/compute.storageAdmin): to upload files
  • Cloud Build Editor (cloudbuild.builds.editor): to build the application

Note: An owner will be needed to create the App Engine application

Used with setup-gcloud

You can provide credentials using the setup-gcloud action, however you must provide your Project ID to the deploy-appengine action:

- uses: google-github-actions/setup-gcloud@master
  with:
    version: '290.0.1'
    service_account_key: ${{ secrets.GCP_SA_KEY }}
    export_default_credentials: true
- id: Deploy
  uses: google-github-actions/deploy-appengine@main
  with:
    project_id: ${{ secrets.project_id }}

Via Credentials

You can provide Google Cloud Service Account JSON directly to the action by specifying the credentials input. First, create a GitHub Secret that contains the JSON content, then import it into the action:

- id: Deploy
  uses: google-github-actions/deploy-appengine@main
  with:
    credentials: ${{ secrets.GCP_SA_KEY }}

Via Application Default Credentials

If you are hosting your own runners, and those runners are on Google Cloud, you can leverage the Application Default Credentials of the instance. This will authenticate requests as the service account attached to the instance. This only works using a custom runner hosted on GCP.

- id: Deploy
  uses: google-github-actions/deploy-appengine@main

The action will automatically detect and use the Application Default Credentials.

Example Workflows

Setup

  1. Clone this repo.

  2. Create a new Google Cloud Project (or select an existing project).

  3. Initialize your App Engine app with your project.

  4. Create a Google Cloud service account or select an existing one.

  5. Add the the following [Cloud IAM roles][roles] to your service account:

    • App Engine Admin - allows for the creation of new App Engine apps

    • Service Account User - required to deploy to App Engine as service account

    • Storage Admin - allows upload of source code

    • Cloud Build Editor - allows building of source code

  6. [Download a JSON service account key][create-key] for the service account.

  7. Add the following secrets to your repository's secrets:

    • GCP_PROJECT: Google Cloud project ID

    • GCP_SA_KEY: the downloaded service account key

Deploy from source

To run this workflow, push to the branch named example:

git push YOUR-FORK main:example

Migrating from setup-gcloud

Example using setup-gcloud:

- name: Setup Cloud SDK
  uses: google-github-actions/[email protected]
  with:
    project_id: ${{ env.PROJECT_ID }}
    service_account_key: ${{ secrets.GCP_SA_KEY }}

- name: Deploy to App Engine
  run: gcloud app deploy app.yaml --quiet --no-promote --version v1

Migrated to deploy-appengine:

- name: Deploy to App Engine
  uses: google-github-actions/[email protected]
  with:
    deliverables: app.yaml
    project_id: ${{ secrets.GCP_PROJECT }}
    credentials: ${{ secrets.GCP_SA_KEY }}
    promote: false
    version: v1

About

This action deploys your source code to App Engine.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • TypeScript 90.2%
  • JavaScript 9.8%