deploy-clouddeploy GitHub Action

Creates a release to Cloud Deploy and makes the operation ID and release name available for later steps.

Note that this product Cloud Deploy is still in Preview stage

Prerequisites

This action requires:

• Google Cloud credentials that are authorized to deploy a Cloud Deploy. See the Credentials below for more information.

• Enable the Cloud Deploy API

• Enable the Cloud Resource Manager API

Usage

- name: Create release to Cloud Deploy
  uses: gcp-clouddeploy-ecosystem/release-clouddeploy@main

Inputs

Name	Requirement	Default	Description
release	required		Name of the release, it needs to be unique in the pipeline.
delivery-pipeline	required		Name of the DeliveryPipeline resource.
region	optional	us-central1	Region in which the resource can be found.
annotations	optional		Comma separated annotations to add to the release.
beta	optional	false	Use gcloud beta command.
labels	optional		Comma separated labels to add to the release.
description	optional		Description to add to the release
gcs-source-staging-dir	optional		Location of the Cloud Storage bucket to copy the source used for staging the build. If not set, the default bucket gs://[PROJECT_ID]_clouddeploy/source will be used.
ignore-file	optional		File(s) to ignore on source upload.
to-target	optional		Rollout target.
build_artifacts	optional		Reference to a Skaffold build artifacts output file.
source	optional	.	Location to the source that contains skaffold.yaml.
images	optional		Reference to a collection of individual image name to image full path replacements.
credentials	Required if not using a the setup-gcloud action with exported credentials.		Service account key to use for authentication. This should be the JSON formatted private key which can be exported from the Cloud Console. The value can be raw or base64-encoded.
project-id	optional		ID of the Google Cloud project. If provided, this will override the project configured by setup-gcloud.
file	optional	clouddeploy.yaml	Path to the Cloud Deploy configuration file.
flags	optional		Space separated list of other Cloud Deploy flags.
gcloud-version	optional	latest	Pin the version of Cloud SDK gcloud CLI.

Outputs

• operation-id: ID of the operation.
• release: Name of the release.

Credentials

There are a few ways to authenticate this action. A service account will be needed with the following roles:

• Cloud Deploy Admin (roles/cloudeploy.admin):
  • Can create, update, and delete releases.
  • Approves pipeline executions

This service account needs to a member of the Compute Engine default service account, (PROJECT_NUMBER-compute@developer.gserviceaccount.com), with role Service Account User. To grant a user permissions for a service account, use one of the methods found in Configuring Ownership and access to a service account.

Used with setup-gcloud

You can provide credentials using the setup-gcloud action:

- uses: google-github-actions/setup-gcloud@master
  with:
    service_account_key: ${{ secrets.GCP_SA_KEY }}
    export_default_credentials: true

- name: Create release to Cloud Deploy
  uses: gcp-clouddeploy-ecosystem/release-clouddeploy@main
  with:
    release: release-01
    delivery-pipeline: my-pipeline

Via Credentials

You can provide Google Cloud Service Account JSON directly to the action by specifying the credentials input. First, create a GitHub Secret that contains the JSON content, then import it into the action:

- name: Create release to Cloud Deploy
  uses: gcp-clouddeploy-ecosystem/release-clouddeploy@main
  with:
    release: release-01
    delivery-pipeline: my-pipeline

Via Application Default Credentials

If you are hosting your runner, and those runners are on Google Cloud, you can leverage the Application Default Credentials of the instance. This will authenticate requests as the service account attached to the instance. This only works using a custom runner hosted on GCP.

- name: Create release to Cloud Deploy
  uses: gcp-clouddeploy-ecosystem/release-clouddeploy@main
  with:
    release: release-01
    delivery-pipeline: my-pipeline

Setup

1. Create a new Google Cloud Project (or select an existing project).

2. Enable the Cloud Deploy API.

3. Enable the Cloud Resource Manager API.

4. Create a Google Cloud service account or select an existing one.

5. Add the the following [Cloud IAM roles][roles] to your service account:

   • Cloud Deploy Developer - allows for the creation of new Cloud Deploy Developer

6. Download a JSON service account key for the service account.

7. Add the following secrets to your repository's secrets:

   • GCP_PROJECT: Google Cloud project ID

   • GCP_SA_KEY: the downloaded service account key

Migrating from setup-gcloud

Example using setup-gcloud:

- name: Setup Cloud SDK
  uses: google-github-actions/setup-gcloud@main
  with:
    project_id: ${{ env.PROJECT_ID }}
    service_account_key: ${{ secrets.GCP_SA_KEY }}

- name: Create release to Cloud Deploy
  run: |-
    gcloud beta deploy releases create release-01 \
      --region $REGION \
      --delivery-pipeline my-pipeline

Migrated to deploy-clouddeploy:

- name: Create release to Cloud Deploy
  uses: gcp-clouddeploy-ecosystem/release-clouddeploy@v0.2.0
  with:
    release: release-01
    delivery-pipeline: my-pipeline

Contributing

See CONTRIBUTING.

Acknowledgment

This action was initially forked gcp-clouddeploy-ecosystem/deploy-clouddeploy.

License

See LICENSE.