Skip to content

Latest commit

 

History

History
235 lines (171 loc) · 7.98 KB

README.md

File metadata and controls

235 lines (171 loc) · 7.98 KB

setup-gcloud GitHub Action

Configures the Google Cloud SDK in the GitHub Actions environment. The Google Cloud SDK includes both the gcloud and gsutil binaries.

Or integrate natively with other Google Cloud GitHub Actions:

Prerequisites

  • This action requires Google Cloud credentials to execute gcloud commands. See Authorization for more details.

  • This action runs using Node 16. If you are using self-hosted GitHub Actions runners, you must use runner version 2.285.0 or newer.

Usage

jobs:
  job_id:
    # Add "id-token" with the intended permissions.
    permissions:
      contents: 'read'
      id-token: 'write'

    steps:
    - id: 'auth'
      uses: 'google-github-actions/auth@v1'
      with:
        workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
        service_account: '[email protected]'

    - name: 'Set up Cloud SDK'
      uses: 'google-github-actions/setup-gcloud@v1'

    - name: 'Use gcloud CLI'
      run: 'gcloud info'

Inputs

Cloud SDK inputs

  • version: (Optional) A string representing the version of the Cloud SDK (gcloud) to install (e.g. "290.0.1"). The default value is "latest", which will install the latest available Cloud SDK version.

    Warning! Workload Identity Federation requires version 363.0.0 or newer.

  • project_id: (Optional) Project ID (not project number) of the Google Cloud project. If provided, this will configure the gcloud CLI to use that project ID for commands. Individual commands can still override the project with the --project flag. If unspecified, the action attempts to find the "best" project ID by looking at other inputs and environment variables.

  • install_components: (Optional) List of Cloud SDK components to install specified as a comma-separated list of strings:

    install_components: 'alpha,cloud-datastore-emulator'

Example workflows

Authorization

This action installs the Cloud SDK (gcloud). To configure its authentication to Google Cloud, use the google-github-actions/auth action. You can authenticate via:

Workload Identity Federation (preferred)

⚠️ You must use the Cloud SDK version 390.0.0 or later to authenticate the bq and gsutil tools.

jobs:
  job_id:
    # Add "id-token" with the intended permissions.
    permissions:
      contents: 'read'
      id-token: 'write'

    steps:
    - id: 'auth'
      uses: 'google-github-actions/auth@v1'
      with:
        workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
        service_account: '[email protected]'

    - name: 'Set up Cloud SDK'
      uses: 'google-github-actions/setup-gcloud@v1'

    - name: 'Use gcloud CLI'
      run: 'gcloud info'

Service Account Key JSON

job:
  job_id:
    steps:
    - id: 'auth'
      uses: 'google-github-actions/auth@v1'
      with:
        credentials_json: '${{ secrets.GCP_CREDENTIALS }}'

    - name: 'Set up Cloud SDK'
      uses: 'google-github-actions/setup-gcloud@v1'

    - name: 'Use gcloud CLI'
      run: 'gcloud info'

Application Default Credentials

If and only if you are using self-hosted runners that are hosted on Google Cloud Platform, the Cloud SDK will automatically authenticate using the machine credentials:

job:
  job_id:
    steps:
    - name: 'Set up Cloud SDK'
      uses: 'google-github-actions/setup-gcloud@v1'

    - name: 'Use gcloud CLI'
      run: 'gcloud info'

Multiple Service Accounts

To use multiple service accounts, a second auth step is required to update the credentials before using setup-gcloud:

jobs:
  job_id:
    # Add "id-token" with the intended permissions.
    permissions:
      contents: 'read'
      id-token: 'write'

    steps:
      - id: 'auth service account 1'
        uses: 'google-github-actions/auth@v1'
        with:
          workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
          service_account: '[email protected]'

      - name: 'Set up Cloud SDK'
        uses: 'google-github-actions/setup-gcloud@v1'

      - name: 'Use gcloud CLI'
        run: 'gcloud auth list --filter=status:ACTIVE --format="value(account)"'
        # [email protected]

      - id: 'auth service account 2'
        uses: 'google-github-actions/auth@v1'
        with:
          credentials_json: '${{ secrets.GCP_CREDENTIALS }}'

      - name: 'Set up Cloud SDK'
        uses: 'google-github-actions/setup-gcloud@v1'

      - name: 'Use gcloud CLI'
        run: 'gcloud auth list --filter=status:ACTIVE --format="value(account)"'
        # [email protected]

Versioning

We recommend pinning to the latest available major version:

- uses: 'google-github-actions/setup-gcloud@v1'

While this action attempts to follow semantic versioning, but we're ultimately human and sometimes make mistakes. To prevent accidental breaking changes, you can also pin to a specific version:

- uses: 'google-github-actions/[email protected]'

However, you will not get automatic security updates or new features without explicitly updating your version number. Note that we only publish MAJOR and MAJOR.MINOR.PATCH versions. There is not a floating alias for MAJOR.MINOR.

Contributing

See CONTRIBUTING.

License

See LICENSE.