setup-gcloud GitHub Action
Configures the Google Cloud SDK in the GitHub Actions environment. The Google Cloud SDK includes both the gcloud and gsutil binaries.
Or integrate natively with other Google Cloud GitHub Actions:
- Authenticate to Google Cloud
- Deploy a Cloud Run service
- Deploy an App Engine app
- Deploy a Cloud Function
- Access Secret Manager secrets
- Upload to Cloud Storage
- Configure GKE credentials
Prerequisites
-
This action requires Google Cloud credentials to execute gcloud commands. See Authorization for more details.
-
This action runs using Node 16. If you are using self-hosted GitHub Actions runners, you must use runner version 2.285.0 or newer.
Usage
jobs:
job_id:
# Add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v1'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: 'my-service-account@my-project.iam.gserviceaccount.com'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v1'
- name: 'Use gcloud CLI'
run: 'gcloud info'Inputs
Cloud SDK inputs
-
version: (Optional) A string representing the version of the Cloud SDK (gcloud) to install (e.g."290.0.1"). The default value is "latest", which will install the latest available Cloud SDK version.Warning! Workload Identity Federation requires version 363.0.0 or newer.
-
project_id: (Optional) Project ID (not project number) of the Google Cloud project. If provided, this will configure thegcloudCLI to use that project ID for commands. Individual commands can still override the project with the--projectflag. If unspecified, the action attempts to find the "best" project ID by looking at other inputs and environment variables. -
install_components: (Optional) List of Cloud SDK components to install specified as a comma-separated list of strings:install_components: 'alpha,cloud-datastore-emulator'
Example workflows
-
Google Kubernetes Engine: An example workflow that uses GitHub Actions to deploy a static website to an existing Google Kubernetes Engine cluster.
-
Cloud Run: An example workflow that uses GitHub Actions to build and deploy a container to Cloud Run.
-
Google Compute Engine: An example workflow that uses GitHub Actions to deploy a container to an existing Google Compute Engine (GCE) instance.
-
App Engine: An example workflow that uses GitHub Actions to deploy source code to App Engine, a fully managed serverless platform.
-
Cloud Build: An example workflow that uses GitHub Actions to build a container image with Cloud Build.
Authorization
This action installs the Cloud SDK (gcloud). To configure its authentication
to Google Cloud, use the google-github-actions/auth action. You can
authenticate via:
Workload Identity Federation (preferred)
bq and gsutil tools.
jobs:
job_id:
# Add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v1'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: 'my-service-account@my-project.iam.gserviceaccount.com'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v1'
- name: 'Use gcloud CLI'
run: 'gcloud info'Service Account Key JSON
job:
job_id:
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v1'
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v1'
- name: 'Use gcloud CLI'
run: 'gcloud info'Application Default Credentials
If and only if you are using self-hosted runners that are hosted on Google Cloud Platform, the Cloud SDK will automatically authenticate using the machine credentials:
job:
job_id:
steps:
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v1'
- name: 'Use gcloud CLI'
run: 'gcloud info'Multiple Service Accounts
To use multiple service accounts, a second auth step is required to update the credentials before using setup-gcloud:
jobs:
job_id:
# Add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth service account 1'
uses: 'google-github-actions/auth@v1'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: 'service-account-1@my-project.iam.gserviceaccount.com'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v1'
- name: 'Use gcloud CLI'
run: 'gcloud auth list --filter=status:ACTIVE --format="value(account)"'
# service-account-1@my-project.iam.gserviceaccount.com
- id: 'auth service account 2'
uses: 'google-github-actions/auth@v1'
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v1'
- name: 'Use gcloud CLI'
run: 'gcloud auth list --filter=status:ACTIVE --format="value(account)"'
# service-account-2@my-project.iam.gserviceaccount.comVersioning
We recommend pinning to the latest available major version:
- uses: 'google-github-actions/setup-gcloud@v1'While this action attempts to follow semantic versioning, but we're ultimately human and sometimes make mistakes. To prevent accidental breaking changes, you can also pin to a specific version:
- uses: 'google-github-actions/setup-gcloud@v1.0.0'However, you will not get automatic security updates or new features without
explicitly updating your version number. Note that we only publish MAJOR and
MAJOR.MINOR.PATCH versions. There is not a floating alias for
MAJOR.MINOR.
Contributing
See CONTRIBUTING.
License
See LICENSE.
![@dependabot[bot]](https://web.archive.org/web/20221209092153im_/https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
