Optimize Your CI/CD Pipeline
Get instant insights into your CI/CD performance and costs. Reduce build times by up to 45% and save on infrastructure costs.
name: 'Usage of Google Cloud SDK in GitHub Action'
on:
push:
branches:
- main
jobs:
deploy:
permissions:
contents: 'read'
id-token: 'write'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: 'projects/123/locations/global/workloadIdentityPools/pool/providers'
service_account: '[email protected]'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
with:
version: '>= 363.0.0'
- name: 'Use gcloud CLI'
run: 'gcloud info'
Setup GCloud
A GitHub Action for installing and configuring the gcloud CLI.
What is setup-gcloud?
How we can integrate Google Cloud SDK into our GitHub Actions workflow using setup-gcloud, a GitHub Action. This includes setting up the gcloud and gsutil binaries.
Apart from the base set-up, we can also collaborate with other Google Cloud GitHub Actions for:
- Login to Google Cloud
- Deploy to Cloud Run
- Deploy applications to App Engine
- Deploy functions to Cloud Function
- Access secrets from Secret Manager
- Upload files to cloud storage
- Setting up Google Kubernetes Engine (GKE) credentials
Note that this project is not an officially supported Google product, so it is not covered by any Google Cloud support contracts. Please reach out to Google Cloud support directly with questions or feature requests related to Google Cloud products.
Implementation of that in our workflow could go a long way in easing our deployments and interaction with Google Cloud services, hence increasing the general development efficiency.
Usage of setup-gcloud GitHub Action
Key paramaters for setup-gcloud
-
skip_install: Optionally, we can skip the gcloud installation to use the system-installed gcloud, which can speed up our workflows. However, it's important to note that this might use a slightly older version of gcloud. The default value isfalse. Be cautious, as GitHub plans to remove the system-installed gcloud, which will affect any workflows withskip_install: true. -
version: We can specify the Cloud SDK version to install. For example, setting it to>= 416.0.0ensures that we are using a version that supports our needs. If the specified version is not already installed, the action will download the required version.- uses: 'google-github-actions/setup-gcloud@v2'
with:
version: '>= 363.0.0'
This is crucial if we need support for Workload Identity Federation, which requires version 363.0.0 or newer.
project_id: If specified, this configures the gcloud CLI to use a particular Google Cloud project ID for commands, although individual commands can override this with the --project flag.install_components: We can also specify Cloud SDK components to install. For example, to include alpha and cloud-datastore-emulator:
install_components: 'alpha,cloud-datastore-emulator'
Implementing these configurations could significantly enhance our workflow efficiency and ensure that we're always aligned with the latest supported features and security standards.
Authorization
How to Authenticate with Workload Identity Federation Using setup-gcloud
Key Points:
- Preferred method: Workload Identity Federation
- Ensure you are using Cloud SDK version 390.0.0 or later for specific tools like bq and gsutil.
Example configuration:
jobs:
job_id:
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: 'projects/123/locations/global/workloadIdentityPools/pool/providers'
service_account: '[email protected]'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud info'
How to Authenticate Using Service Account Key JSON with setup-gcloud?
This method involves using a JSON key file for the service account.
jobs:
job_id:
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud info'
How to Use setup-gcloud with Self-hosted Runners on Google Cloud Platform?
Self-hosted runners on GCP automatically obtain credentials from the attached service account.
jobs:
job_id:
steps:
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud info'
How to Manage Multiple Service Accounts with setup-gcloud?
Self-hosted runners on GCP automatically obtain credentials from the attached service account.
jobs:
job_id:
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth service account 1'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: 'projects/123/locations/global/workloadIdentityPools/pool/providers'
service_account: '[email protected]'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud auth list --filter=status:ACTIVE --format="value(account)"'
- id: 'auth service account 2'
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud auth list --filter=status:ACTIVE --format="value(account)"'
Implementing these configurations will enhance our security and efficiency in managing cloud resources.