Skip to main content
← Back to workflows

How to Configure Google Cloud SDK in GitHub Action?

google-github-actions-setup-gcloud -
GitHub Action
v2.1.0
1,676
Contributors
Contributor - sethvargoContributor - craigdbarber
Categories
CICUBE ANALYTICS INSIGHTS
Engineering Velocity: 25% Team Time Lost to CI Issues
View Platform →
3.5h
Time Saved/Dev/Week
40%
Faster Releases
Click for next insight
Usage
name: 'Usage of Google Cloud SDK in GitHub Action'
on:
push:
branches:
- main
jobs:
deploy:
permissions:
contents: 'read'
id-token: 'write'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: 'projects/123/locations/global/workloadIdentityPools/pool/providers'
service_account: '[email protected]'

- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
with:
version: '>= 363.0.0'

- name: 'Use gcloud CLI'
run: 'gcloud info'

setup-gcloud logo

Setup GCloud

A GitHub Action for installing and configuring the gcloud CLI.


What is setup-gcloud?

How we can integrate Google Cloud SDK into our GitHub Actions workflow using setup-gcloud, a GitHub Action. This includes setting up the gcloud and gsutil binaries.

Apart from the base set-up, we can also collaborate with other Google Cloud GitHub Actions for:

Note that this project is not an officially supported Google product, so it is not covered by any Google Cloud support contracts. Please reach out to Google Cloud support directly with questions or feature requests related to Google Cloud products.

Implementation of that in our workflow could go a long way in easing our deployments and interaction with Google Cloud services, hence increasing the general development efficiency.

Usage of setup-gcloud GitHub Action

Key paramaters for setup-gcloud

  • skip_install: Optionally, we can skip the gcloud installation to use the system-installed gcloud, which can speed up our workflows. However, it's important to note that this might use a slightly older version of gcloud. The default value is false. Be cautious, as GitHub plans to remove the system-installed gcloud, which will affect any workflows with skip_install: true.

  • version: We can specify the Cloud SDK version to install. For example, setting it to >= 416.0.0 ensures that we are using a version that supports our needs. If the specified version is not already installed, the action will download the required version.

    - uses: 'google-github-actions/setup-gcloud@v2'
    with:
    version: '>= 363.0.0'

This is crucial if we need support for Workload Identity Federation, which requires version 363.0.0 or newer.

  • project_id: If specified, this configures the gcloud CLI to use a particular Google Cloud project ID for commands, although individual commands can override this with the --project flag.
  • install_components: We can also specify Cloud SDK components to install. For example, to include alpha and cloud-datastore-emulator:
install_components: 'alpha,cloud-datastore-emulator'

Implementing these configurations could significantly enhance our workflow efficiency and ensure that we're always aligned with the latest supported features and security standards.

Authorization

How to Authenticate with Workload Identity Federation Using setup-gcloud

Key Points:

  • Preferred method: Workload Identity Federation
  • Ensure you are using Cloud SDK version 390.0.0 or later for specific tools like bq and gsutil.

Example configuration:

jobs:
job_id:
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: 'projects/123/locations/global/workloadIdentityPools/pool/providers'
service_account: '[email protected]'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud info'

How to Authenticate Using Service Account Key JSON with setup-gcloud?

This method involves using a JSON key file for the service account.

jobs:
job_id:
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud info'

How to Use setup-gcloud with Self-hosted Runners on Google Cloud Platform?

Self-hosted runners on GCP automatically obtain credentials from the attached service account.

jobs:
job_id:
steps:
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud info'

How to Manage Multiple Service Accounts with setup-gcloud?

Self-hosted runners on GCP automatically obtain credentials from the attached service account.

jobs:
job_id:
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth service account 1'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: 'projects/123/locations/global/workloadIdentityPools/pool/providers'
service_account: '[email protected]'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud auth list --filter=status:ACTIVE --format="value(account)"'
- id: 'auth service account 2'
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud auth list --filter=status:ACTIVE --format="value(account)"'

Implementing these configurations will enhance our security and efficiency in managing cloud resources.