Deploys delivery pipeline(s) and target(s) to Cloud Deploy and makes the URL available to later build steps via outputs.
Note that this product Cloud Deploy is still in Preview stage
This action requires:
-
Google Cloud credentials that are authorized to deploy a Cloud Deploy. See the Credentials below for more information.
- name: Deploy to Cloud Deploy
uses: gcp-cloud-deploy-ecosystem/deploy-clouddeploy@main| Name | Requirement | Default | Description |
|---|---|---|---|
region |
optional | us-central1 |
Region in which the resource can be found. |
credentials |
Required if not using a the setup-gcloud action with exported credentials. |
Service account key to use for authentication. This should be the JSON formatted private key which can be exported from the Cloud Console. The value can be raw or base64-encoded. | |
project_id |
optional | ID of the Google Cloud project. If provided, this will override the project configured by setup-gcloud. |
|
file |
optional | clouddeploy.yaml |
Path to the Cloud Deploy configuration file. |
flags |
optional | Space separated list of other Cloud Deploy flags. | |
gcloud_version |
optional | latest |
Pin the version of Cloud SDK gcloud CLI. |
- None
There are a few ways to authenticate this action. A service account will be needed with the following roles:
- Cloud Deploy Admin (
roles/cloudeploy.admin):- Can create, update, and delete pipelines.
- Approves pipeline executions
- Can get and set IAM policies.
This service account needs to a member of the Compute Engine default service account,
(PROJECT_NUMBER-compute@developer.gserviceaccount.com), with role
Service Account User. To grant a user permissions for a service account, use
one of the methods found in Configuring Ownership and access to a service account.
You can provide credentials using the setup-gcloud action:
- uses: google-github-actions/setup-gcloud@master
with:
service_account_key: ${{ secrets.GCP_SA_KEY }}
export_default_credentials: true
- name: Deploy to Cloud Deploy
uses: gcp-cloud-deploy-ecosystem/deploy-clouddeploy@mainYou can provide Google Cloud Service Account JSON directly to the action
by specifying the credentials input. First, create a GitHub
Secret that contains the JSON content, then import it into the
action:
- name: Deploy to Cloud Deploy
uses: gcp-cloud-deploy-ecosystem/deploy-clouddeploy@mainIf you are hosting your runner, and those runners are on Google Cloud, you can leverage the Application Default Credentials of the instance. This will authenticate requests as the service account attached to the instance. This only works using a custom runner hosted on GCP.
- name: Deploy to Cloud Deploy
uses: gcp-cloud-deploy-ecosystem/deploy-clouddeploy@main-
Create a new Google Cloud Project (or select an existing project).
-
Create a Google Cloud service account or select an existing one.
-
Add the the following [Cloud IAM roles][roles] to your service account:
Cloud Deploy Developer- allows for the creation of new Cloud Deploy Developer
-
Download a JSON service account key for the service account.
-
Add the following secrets to your repository's secrets:
-
GCP_PROJECT: Google Cloud project ID -
GCP_SA_KEY: the downloaded service account key
-
Example using setup-gcloud:
- name: Setup Cloud SDK
uses: google-github-actions/setup-gcloud@v0.2.0
with:
project_id: ${{ env.PROJECT_ID }}
service_account_key: ${{ secrets.GCP_SA_KEY }}
- name: Deploy to Cloud Deploy
run: |-
gcloud beta deploy apply \
--region $REGION \
--file clouddeploy.yamlMigrated to deploy-clouddeploy:
- name: Deploy to Cloud Deploy
uses: gcp-cloud-deploy-ecosystem/deploy-clouddeploy@v0.2.0
with:See CONTRIBUTING.
This action was initialally forked gcp-cloud-deploy-ecosystem/deploy-clouddeploy.
See LICENSE.