upload-cloud-storage
This action uploads files/folders to a Google Cloud Storage (GCS) bucket. This is useful when you want upload build artifacts from your workflow.
Paths to files that are successfully uploaded are set as output variables and can be used in subsequent steps.
Prerequisites
- This action requires Google Cloud credentials that are authorized to upload blobs to the specified bucket. See the Authorization section below for more information.
Usage
For uploading a file
jobs:
job_id:
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v0'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: 'my-service-account@my-project.iam.gserviceaccount.com'
- id: 'upload-file'
uses: 'google-github-actions/upload-cloud-storage@v0'
with:
path: '/path/to/file'
destination: 'bucket-name/file'
# Example of using the output
- id: 'uploaded-files'
uses: 'foo/bar@main'
env:
file: '${{ steps.upload-file.outputs.uploaded }}'The file will be uploaded to gs://bucket-name/file
For uploading a folder
jobs:
job_id:
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v0'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: 'my-service-account@my-project.iam.gserviceaccount.com'
- id: 'upload-folder'
uses: 'google-github-actions/upload-cloud-storage@v0'
with:
path: '/path/to/folder'
destination: 'bucket-name'
# Example of using the output
- id: 'uploaded-files'
uses: 'foo/bar@main'
env:
files: '${{ steps.upload-folder.outputs.uploaded }}'Destination Filenames
If the folder has the following structure:
.
└── myfolder
├── file1
└── folder2
└── file2.txt
Default Configuration
With default configuration
- id: 'upload-files'
uses: 'google-github-actions/upload-cloud-storage@v0'
with:
path: 'myfolder'
destination: 'bucket-name'The files will be uploaded to gs://bucket-name/myfolder/file1,gs://bucket-name/myfolder/folder2/file2.txt
Optionally, you can also specify a prefix in destination.
- id: 'upload-files'
uses: 'google-github-actions/upload-cloud-storage@v0'
with:
path: 'myfolder'
destination: 'bucket-name/myprefix'The files will be uploaded to gs://bucket-name/myprefix/myfolder/file1,gs://bucket-name/myprefix/myfolder/folder2/file2.txt
Upload to bucket root
To upload myfolder to the root of the bucket, you can set parent to false.
Setting parent to false will omit path when uploading to bucket.
- id: 'upload-files'
uses: 'google-github-actions/upload-cloud-storage@v0'
with:
path: 'myfolder'
destination: 'bucket-name'
parent: falseThe files will be uploaded to gs://bucket-name/file1,gs://bucket-name/folder2/file2.txt
If path was set to myfolder/folder2, the file will be uploaded to gs://bucket-name/file2.txt
Optionally, you can also specify a prefix in destination.
- id: 'upload-files'
uses: 'google-github-actions/upload-cloud-storage@v0'
with:
path: 'myfolder'
destination: 'bucket-name/myprefix'
parent: falseThe files will be uploaded to gs://bucket-name/myprefix/file1,gs://bucket-name/myprefix/folder2/file2.txt
Glob Pattern
You can specify a glob pattern like
- id: 'upload-files'
uses: 'google-github-actions/upload-cloud-storage@v0'
with:
path: 'myfolder'
destination: 'bucket-name'
glob: '**/*.txt'This will particular pattern will match all text files within myfolder.
In this case, myfolder/folder2/file2.txt is the only matched file and will be uploaded to gs://bucket-name/myfolder/folder2/file2.txt.
If parent is set to false, it wil be uploaded to gs://bucket-name/folder2/file2.txt.
Inputs
-
path- (Required) The path to a file or folder inside the action's filesystem that should be uploaded to the bucket.You can specify either the absolute path or the relative path from the action:
path: /path/to/file
path: ../path/to/file
-
destination- (Required) The destination for the file/folder in the form bucket-name or with an optional prefix in the form bucket-name/prefixdestination: bucket-name
In the above example, the file will be uploaded to gs://bucket-name/file
destination: bucket-name/prefix
In the above example, the file will be uploaded to gs://bucket-name/prefix/file
-
gzip- (Optional) Upload file(s) with gzip content encoding, defaults to true.gzip: false
-
resumable- (Optional) Enable resumable uploads, defaults to true.resumable: false
In the above example, the file(s) will be uploaded without
gzipcontent-encoding -
predefinedAcl- (Optional) Apply a predefined set of access controls to the file(s).predefinedAcl: projectPrivate
In the above example, project team members get access to the uploaded file(s) according to their roles.
Acceptable values are:
authenticatedRead,bucketOwnerFullControl,bucketOwnerRead,private,projectPrivate,publicRead. See the document for details. -
headers- (Optional) Set object metadata.headers: |- content-type: application/json x-goog-meta-custom-field: custom-value
In the above example, file
Content-Typewill be set toapplication/jsonand custom metadata with keycustom-fieldand valuecustom-valuewill be added to it.Settable fields are:
Cache-Control,Content-Disposition,Content-Encoding,Content-Language,Content-Type,Custom-Time. See the document for details.All custom metadata fields must be prefixed with
x-goog-meta-. -
parent- (Optional) Whether parent dir should be included in GCS destination, defaults to true.parent: false
-
glob- (Optional) Glob pattern.glob: '*.txt'
-
concurrency- (Optional) Number of files to simultaneously upload, defaults to 100.concurrency: 10
-
credentials: (Deprecated) This input is deprecated. See auth section for more details. Google Service Account JSON credentials as JSON or base64 encoded string, typically sourced from a GitHub Secret. If unspecified, other authentication methods are attempted. See Authorization below.
Outputs
List of successfully uploaded file(s).
For example:
- id: 'upload-file'
uses: 'google-github-actions/upload-cloud-storage@v0'
with:
path: '/path/to/file'
destination: 'bucket-name/file'will be available in future steps as the output "uploaded":
- id: 'publish'
uses: 'foo/bar@main'
env:
file: '${{ steps.upload-file.outputs.uploaded }}'Authorization
There are a few ways to authenticate this action. The caller must have permissions to access the secrets being requested.
Via google-github-actions/auth
Use google-github-actions/auth to authenticate the action. You can use Workload Identity Federation or traditional Service Account Key JSON authentication.
by specifying the credentials input. This Action supports both the recommended Workload Identity Federation based authentication and the traditional Service Account Key JSON based auth.
See usage for more details.
Authenticating via Workload Identity Federation
jobs:
job_id:
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v0'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: 'my-service-account@my-project.iam.gserviceaccount.com'
- uses: 'google-github-actions/upload-cloud-storage@v0'Authenticating via Service Account Key JSON
jobs:
job_id:
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v0'
with:
credentials_json: '${{ secrets.gcp_credentials }}'
- uses: 'google-github-actions/upload-cloud-storage@v0'Via Application Default Credentials
If you are hosting your own runners, and those runners are on Google Cloud, you can leverage the Application Default Credentials of the instance. This will authenticate requests as the service account attached to the instance. This only works using a custom runner hosted on GCP.
jobs:
job_id:
steps:
- id: 'upload-file'
uses: 'google-github-actions/upload-cloud-storage@v0'The action will automatically detect and use the Application Default Credentials.