### Deploy to Cloud Run Source: https://github.com/google-github-actions/deploy-cloudrun/blob/main/README.md Example usage of the deploy-cloudrun action to deploy a container image to a Cloud Run service. It requires checkout and authentication steps prior to deployment. The output URL can be used in subsequent steps. ```yaml jobs: job_id: # ... permissions: contents: 'read' id-token: 'write' steps: - uses: 'actions/checkout@v4' - uses: 'google-github-actions/auth@v2' with: workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' service_account: 'my-service-account@my-project.iam.gserviceaccount.com' - id: 'deploy' uses: 'google-github-actions/deploy-cloudrun@v2' with: service: 'hello-cloud-run' image: 'gcr.io/cloudrun/hello' - name: 'Use output' run: 'curl "${{ steps.deploy.outputs.url }}"' ``` -------------------------------- ### Deploying with google-github-actions/auth Source: https://github.com/google-github-actions/deploy-cloudrun/blob/main/README.md Example of using the google-github-actions/auth action to authenticate with Google Cloud before deploying to Cloud Run. Supports Workload Identity Federation or Service Account Key JSON. ```yaml jobs: job_id: permissions: contents: 'read' id-token: 'write' steps: # ... - uses: 'google-github-actions/auth@v2' with: workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' service_account: 'my-service-account@my-project.iam.gserviceaccount.com' - uses: 'google-github-actions/deploy-cloudrun@v2' with: image: 'gcr.io/cloudrun/hello' service: 'hello-cloud-run' ``` -------------------------------- ### Cloud Run Deployment Action Inputs and Outputs Source: https://github.com/google-github-actions/deploy-cloudrun/blob/main/README.md Lists the available inputs for configuring the Cloud Run deployment and the output provided by the action. ```APIDOC Inputs: project_id: _(Optional)_ ID of the Google Cloud project in which to deploy the service. region: _(Optional, default: `us-central1`)_ Region in which the Cloud Run services are deployed. gcloud_version: _(Optional)_ Version of the Cloud SDK to install. Example: "290.0.1". gcloud_component: _(Optional)_ Version of the Cloud SDK components to install and use. metadata: _(Optional)_ The path to a Cloud Run service or job metadata file. flags: _(Optional)_ Additional flags to pass to the gcloud command. Outputs: url: The URL of the Cloud Run service. ``` -------------------------------- ### Cloud Run Deployment Inputs Source: https://github.com/google-github-actions/deploy-cloudrun/blob/main/README.md This section details the available inputs for configuring a Cloud Run deployment via the google-github-actions/deploy-cloudrun action. It covers parameters for service configuration, traffic management, and advanced deployment options. ```APIDOC secrets_update_strategy: _(Required, default: `merge`)_ Controls how the secrets are set on the Cloud Run service. If set to `merge`, then the secrets are merged with any upstream values. If set to `overwrite`, then all secrets on the Cloud Run service will be replaced with exactly the values given by the GitHub Action (making it authoritative). labels: _(Optional)_ List of labels that should be set on the function. These are comma-separated or newline-separated `KEY=VALUE`. Keys or values that contain separators must be escaped with a backslash (e.g. `\,` or `\\n`) unless quoted. Any leading or trailing whitespace is trimmed unless values are quoted. Example: labels: |- labela=my-label labelb=my-other-label Note: This value will only be set if the input is a non-empty value. If a non-empty value is given, the field values will be overwritten (not merged). To remove all values, set the value to the literal string `{}`. Google Cloud restricts the allowed values and length for labels. Please see the Google Cloud documentation for labels for more information. skip_default_labels: _(Optional, default: `false`)_ Skip applying the special annotation labels that indicate the deployment came from GitHub Actions. The GitHub Action will automatically apply the following labels which Cloud Run uses to enhance the user experience: managed-by: github-actions commit-sha: Setting this to `true` will skip adding these special labels. tag: _(Optional)_ Traffic tag to assign to the newly-created revision. This option only applies to services. timeout: _(Optional)_ Maximum request execution time, specified as a duration like "10m5s" for ten minutes and 5 seconds. flags: _(Optional)_ Space separate list of additional Cloud Run flags to pass to the deploy command. This can be used to apply advanced features that are not exposed via this GitHub Action. For Cloud Run services, this command will be `gcloud run deploy`. For Cloud Run jobs, this command will be `gcloud jobs deploy`. Example: with: flags: '--add-cloudsql-instances=...' Flags that include other flags must quote the _entire_ outer flag value. For example, to pass `--args=-X=123`: with: flags: '--add-cloudsql-instances=... "--args=-X=123"' See the [complete list of flags](https://cloud.google.com/sdk/gcloud/reference/run/deploy#FLAGS) for more information. Note: This GitHub Action does not parse or validate the flags. You are responsible for making sure the flags are available on the gcloud version and subcommand. no_traffic: _(Optional, default: `false`)_ If true, the newly deployed revision will not receive traffic. This option only applies to services. revision_traffic: _(Optional)_ Comma-separated list of revision traffic assignments. Example: with: revision_traffic: 'my-revision=10' # percentage To update traffic to the latest revision, use the special tag "LATEST": with: revision_traffic: 'LATEST=100' This is mutually-exclusive with `tag_traffic`. This option only applies to services. tag_traffic: _(Optional)_ Comma-separated list of tag traffic assignments. Example: with: tag_traffic: 'my-tag=10' # percentage This is mutually-exclusive with `revision_traffic`. This option only applies to services. update_traffic_flags: _(Optional)_ Space separate list of additional Cloud Run flags to pass to the `gcloud run services update-traffic` command. This can be used to apply advanced features that are not exposed via this GitHub Action. This flag only applies when `revision_traffic` or `tag_traffic` is set. Example: with: traffic_flags: '--set-tags=...' Flags that include other flags must quote the _entire_ outer flag value. For example, to pass `--args=-X=123`: with: ``` -------------------------------- ### Cloud Run Deployment Configuration Source: https://github.com/google-github-actions/deploy-cloudrun/blob/main/README.md Defines the parameters for deploying a Cloud Run service. Includes optional project ID, region, gcloud version, and components. Flags are passed directly to gcloud. ```yaml project_id: "_(Optional)_ ID of the Google Cloud project in which to deploy the service." region: "_(Optional, default: `us-central1`)_ Region in which the Cloud Run services are deployed." gcloud_version: "_(Optional)_ Version of the Cloud SDK to install. If unspecified or set to "latest", the latest available gcloud SDK version for the target platform will be installed. Example: "290.0.1"." gcloud_component: "_(Optional)_ Version of the Cloud SDK components to install and use." ``` -------------------------------- ### Cloud Run Deployment Inputs Source: https://github.com/google-github-actions/deploy-cloudrun/blob/main/README.md Defines the available inputs for the deploy-cloudrun GitHub Action. These inputs control the deployment of services or jobs to Google Cloud Run, including specifying the target service or job, container image or source code, environment variables, and secrets. ```APIDOC service: description: ID of the service or fully-qualified identifier of the service. Required unless providing metadata or job. type: string optional: true job: description: ID of the job or fully-qualified identifier of the job. Required unless providing metadata or service. type: string optional: true metadata: description: YAML service description for the Cloud Run service. Required unless providing service or job. type: string optional: true image: description: Fully-qualified name of the container image to deploy. Required unless providing metadata or source. Example: gcr.io/cloudrun/hello:latest or us-docker.pkg.dev/my-project/my-container/image:1.2.3 type: string optional: true source: description: Path to source to deploy. Required unless providing metadata, image, or job. Deploys from source code at the given directory. type: string optional: true suffix: description: String suffix to append to the revision name. Applies only to services. Example: 'v1' for 'helloworld' service results in 'helloworld-v1'. type: string optional: true env_vars: description: List of environment variables to set. Comma-separated or newline-separated KEY=VALUE pairs. Keys/values with separators must be escaped with a backslash. Whitespace trimmed unless quoted. Overwrites existing values. Use '{}' to remove all. If env_vars and env_vars_file are specified, env_vars take precedence. type: string optional: true example: |- FRUIT=apple SENTENCE=" this will retain leading and trailing spaces " env_vars_file: description: Path to a file (newline-separated KEY=VALUE, JSON, or YAML) defining environment variables. Deprecated. type: string optional: true example: | NAME=person EMAILS=foo@bar.com\,zip@zap.com env_vars_update_strategy: description: Controls how environment variables are set. 'merge' merges with upstream values, 'overwrite' replaces all with provided values. Default is 'merge'. type: string required: true default: merge secrets: description: List of KEY=VALUE pairs for secrets. Can be environment variables or volume mounts. Keys starting with '/' are mount paths. Example: KEY1=secret-key-1:latest or /secrets/api/key=secret-key-2:latest type: string optional: true example: | # As an environment variable: KEY1=secret-key-1:latest # As a volume mount: /secrets/api/key=secret-key-2:latest ``` -------------------------------- ### Custom Metadata YAML for Cloud Run Source: https://github.com/google-github-actions/deploy-cloudrun/blob/main/README.md Allows advanced configuration of Cloud Run services or jobs using a YAML file. This overrides all other input parameters. Supports customization of memory limits, CPU allocation, max instances, and more. ```yaml apiVersion: serving.knative.dev/v1 kind: Service metadata: name: SERVICE spec: template: spec: containers: - image: IMAGE ``` -------------------------------- ### Downloading and Modifying Service YAML Source: https://github.com/google-github-actions/deploy-cloudrun/blob/main/README.md Shell command to download the current Cloud Run service configuration to a YAML file for modification and redeployment. ```shell gcloud run services describe SERVICE --format yaml > service.yaml ``` -------------------------------- ### Cloud Run Service Authorization and Authentication Source: https://github.com/google-github-actions/deploy-cloudrun/blob/main/README.md Details the required IAM roles for authenticating the action (Cloud Run Admin, Service Account User) and methods for authentication, including Workload Identity Federation and Service Account Key JSON via google-github-actions/auth. ```APIDOC Authorization: Requires service account with: - Cloud Run Admin (`roles/run.admin`): Can create, update, delete services, and manage IAM policies. - Service Account User role on the Compute Engine default service account. Authentication Methods: - Via google-github-actions/auth: - Workload Identity Federation: `projects/{PROJECT_NUMBER}/locations/global/workloadIdentityPools/{POOL_ID}/providers/{PROVIDER_ID}` - Service Account Key JSON ``` -------------------------------- ### Deploy to Cloud Run using Application Default Credentials Source: https://github.com/google-github-actions/deploy-cloudrun/blob/main/README.md This snippet demonstrates how to configure the google-github-actions/deploy-cloudrun action to deploy a container image to Cloud Run. It utilizes Application Default Credentials (ADC), which is suitable for self-hosted GitHub Actions runners on Google Cloud instances authenticated via their attached service account. This method automatically authenticates requests without explicit credential configuration. ```yaml jobs: job_id: steps: # ... - uses: 'google-github-actions/deploy-cloudrun@v2' with: image: 'gcr.io/cloudrun/hello' service: 'hello-cloud-run' ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.