This action deploys your source code to App Engine and makes the URL available to later build steps via outputs. This allows you to parameterize your App Engine deployments.
-
This action requires Google Cloud credentials that are authorized to deploy an App Engine Application. See the Authorization section below for more information.
-
This action runs using Node 16. If you are using self-hosted GitHub Actions runners, you must use runner version 2.285.0 or newer.
jobs:
job_id:
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v1'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: 'my-service-account@my-project.iam.gserviceaccount.com'
- id: 'deploy'
uses: 'google-github-actions/deploy-appengine@v1'
# Example of using the output
- id: 'test'
run: 'curl "${{ steps.deploy.outputs.url }}"'
-
project_id
: (Optional) ID of the Google Cloud project. If not provided, this is inherited from the environment. -
working_directory
: (Optional) The working directory to use. Actions do not honor default working-directory settings. Thedeliverables
input is a relative path based on this setting. -
deliverables
: (Optional) The yaml files for the services or configurations you want to deploy. If not given, defaults to app.yaml in the current directory. If that is not found, attempts to automatically generate necessary configuration files (such as app.yaml) in the current directory (example,app.yaml cron.yaml
). Note: the additional deliverables may require additional roles for your service account user. -
image_url
: (Optional) Deploy with a specific container image. The image url must be from one of the valid GCR hostnames (example,gcr.io/
). -
version
: (Optional) The version of the app that will be created or replaced by this deployment. If you do not specify a version, one will be generated for you. -
promote
: (Optional) Promote the deployed version to receive all traffic. The default istrue
. -
flags
: (Optional) Space-separated list of other Cloud Run flags. This can be used to access features that are not exposed via this GitHub Action.with: flags: '--add-cloudsql-instances=...'
See the complete list of flags for more information.
Other application configurations can be customized through the app.yaml, ie the service name. See app.yaml Configuration File for more information.
url
: The URL of your App Engine Application.
There are a few ways to authenticate this action. The caller must have the following Google Cloud IAM Roles:
- App Engine Admin (
roles/appengine.appAdmin
): can manage all App Engine resources - Service Account User (
roles/iam.serviceAccountUser
): to deploy as the service account - Storage Admin (
roles/compute.storageAdmin
): to upload files - Cloud Build Editor (
roles/cloudbuild.builds.editor
): to build the application - (optional) Cloud Scheduler Admin (
roles/cloudscheduler.admin
): to schedule tasks
Note: An owner will be needed to create the App Engine application.
Use google-github-actions/auth to authenticate the action. This Action supports both the recommended Workload Identity Federation based authentication and the traditional Service Account Key JSON based auth.
jobs:
job_id:
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v1'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: 'my-service-account@my-project.iam.gserviceaccount.com'
- id: 'deploy'
uses: 'google-github-actions/deploy-appengine@v1'
If you are hosting your own runners, and those runners are on Google Cloud, you can leverage the Application Default Credentials of the instance. This will authenticate requests as the service account attached to the instance. This only works using a custom runner hosted on GCP.
jobs:
job_id:
steps:
- id: 'deploy'
uses: 'google-github-actions/deploy-appengine@v1'
-
Clone this repo.
-
Create a new Google Cloud Project (or select an existing project).
-
Enable the App Engine Admin API on your project.
-
Create a Google Cloud service account or select an existing one.
-
Add required roles to your service account.
-
Download a JSON service account key for the service account.
-
Add the following secrets to your repository's secrets:
-
GCP_PROJECT
: Google Cloud project ID -
GCP_SA_KEY
: the downloaded service account key
-
To run this workflow, push to the branch named example
:
git push YOUR-FORK main:example