Merge remote-tracking branch 'origin/master' #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will deploy source code on Cloud Run when a commit is pushed to | |
| # the $default-branch branch. | |
| # | |
| # To configure this workflow: | |
| # | |
| # 1. Enable the following Google Cloud APIs: | |
| # | |
| # - Artifact Registry (artifactregistry.googleapis.com) | |
| # - Cloud Build (cloudbuild.googleapis.com) | |
| # - Cloud Run (run.googleapis.com) | |
| # - IAM Credentials API (iamcredentials.googleapis.com) | |
| # | |
| # You can learn more about enabling APIs at | |
| # https://support.google.com/googleapi/answer/6158841. | |
| # | |
| # 2. Create and configure a Workload Identity Provider for GitHub: | |
| # https://github.com/google-github-actions/auth#preferred-direct-workload-identity-federation. | |
| # | |
| # Depending on how you authenticate, you will need to grant an IAM principal | |
| # permissions on Google Cloud: | |
| # | |
| # - Artifact Registry Administrator (roles/artifactregistry.admin) | |
| # - Cloud Run Source Developer (roles/run.sourceDeveloper) | |
| # | |
| # You can learn more about setting IAM permissions at | |
| # https://cloud.google.com/iam/docs/manage-access-other-resources. | |
| # | |
| # 3. Change the values in the "env" block to match your values. | |
| name: 'Deploy to Cloud Run from Source' | |
| on: | |
| push: | |
| branches: | |
| - 'master' | |
| env: | |
| PROJECT_ID: ${{ vars.PROJECT_ID }} | |
| REGION: 'us-east1' # TODO: update to your region | |
| jobs: | |
| deploy: | |
| runs-on: 'ubuntu-latest' | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - name: 'Checkout' | |
| uses: 'actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332' # actions/checkout@v4 | |
| # Configure Workload Identity Federation and generate an access token. | |
| # | |
| # See https://github.com/google-github-actions/auth for more options, | |
| # including authenticating via a JSON credentials file. | |
| - id: 'auth' | |
| name: 'Authenticate to Google Cloud' | |
| uses: 'google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2' # google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' # TODO: replace with your workload identity provider | |
| - name: 'Deploy to Cloud Run' | |
| run: | | |
| IMAGE_NAME=gcr.io/$PROJECT_ID/my-cloud-run-job | |
| gcloud run jobs update my-cloud-run-job \ | |
| --image $IMAGE_NAME \ | |
| --region $REGION | |
| --project $PROJECT_ID | |
| # If required, use the Cloud Run URL output in later steps | |
| - name: 'Show output' | |
| run: |- | |
| echo ${{ steps.deploy.outputs.url }} |