Update google-github-actions/auth action to v2 #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will build a docker container, publish it to Google Container Registry, and deploy it to GKE when there is a push to the "main" branch. | ||
# | ||
# To configure this workflow: | ||
# | ||
# 1. Ensure that your repository contains the necessary configuration for your Google Kubernetes Engine cluster, including deployment.yml, kustomization.yml, service.yml, etc. | ||
# | ||
# 2. Create and configure a Workload Identity Provider for GitHub (https://github.com/google-github-actions/auth#setting-up-workload-identity-federation) | ||
# | ||
# 3. Change the values for the GAR_LOCATION, GKE_ZONE, GKE_CLUSTER, IMAGE, REPOSITORY and DEPLOYMENT_NAME environment variables (below). | ||
# | ||
# For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke-kustomize | ||
name: Build and Deploy to GKE | ||
on: | ||
push: | ||
branches: [ "main" ] | ||
env: | ||
PROJECT_ID: ${{ secrets.GKE_PROJECT }} | ||
GAR_LOCATION: us-central1 # TODO: update region of the Artifact Registry | ||
GKE_CLUSTER: cluster-1 # TODO: update to cluster name | ||
GKE_ZONE: us-central1-c # TODO: update to cluster zone | ||
DEPLOYMENT_NAME: gke-test # TODO: update to deployment name | ||
REPOSITORY: samples # TODO: update to Artifact Registry docker repository | ||
IMAGE: static-site | ||
jobs: | ||
setup-build-publish-deploy: | ||
name: Setup, Build, Publish, and Deploy | ||
runs-on: ubuntu-latest | ||
environment: production | ||
permissions: | ||
contents: 'read' | ||
id-token: 'write' | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
# Configure Workload Identity Federation and generate an access token. | ||
- id: 'auth' | ||
name: 'Authenticate to Google Cloud' | ||
uses: 'google-github-actions/auth@v2' | ||
with: | ||
token_format: 'access_token' | ||
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' | ||
service_account: 'my-service-account@my-project.iam.gserviceaccount.com' | ||
# Alternative option - authentication via credentials json | ||
# - id: 'auth' | ||
# uses: 'google-github-actions/auth@v0' | ||
# with: | ||
# credentials_json: '${{ secrets.GCP_CREDENTIALS }}' | ||
- name: Docker configuration | ||
run: |- | ||
echo ${{steps.auth.outputs.access_token}} | docker login -u oauth2accesstoken --password-stdin https://$GAR_LOCATION-docker.pkg.dev | ||
# Get the GKE credentials so we can deploy to the cluster | ||
- name: Set up GKE credentials | ||
uses: google-github-actions/get-gke-credentials@v0 | ||
with: | ||
cluster_name: ${{ env.GKE_CLUSTER }} | ||
location: ${{ env.GKE_ZONE }} | ||
# Build the Docker image | ||
- name: Build | ||
run: |- | ||
docker build \ | ||
--tag "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA" \ | ||
--build-arg GITHUB_SHA="$GITHUB_SHA" \ | ||
--build-arg GITHUB_REF="$GITHUB_REF" \ | ||
. | ||
# Push the Docker image to Google Artifact Registry | ||
- name: Publish | ||
run: |- | ||
docker push "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA" | ||
# Set up kustomize | ||
- name: Set up Kustomize | ||
run: |- | ||
curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64 | ||
chmod u+x ./kustomize | ||
# Deploy the Docker image to the GKE cluster | ||
- name: Deploy | ||
run: |- | ||
# replacing the image name in the k8s template | ||
./kustomize edit set image LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY/IMAGE:TAG=$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA | ||
./kustomize build . | kubectl apply -f - | ||
kubectl rollout status deployment/$DEPLOYMENT_NAME | ||
kubectl get services -o wide | ||
- name: Close Stale Issues | ||
uses: actions/stale@v9.0.0 | ||
with: | ||
# Token for the repository. Can be passed in using `{{ secrets.GITHUB_TOKEN }}`. | ||
repo-token: # optional, default is ${{ github.token }} | ||
# The message to post on the issue when tagging it. If none provided, will not mark issues stale. | ||
stale-issue-message: # optional | ||
# The message to post on the pull request when tagging it. If none provided, will not mark pull requests stale. | ||
stale-pr-message: # optional | ||
# The message to post on the issue when closing it. If none provided, will not comment when closing an issue. | ||
close-issue-message: # optional | ||
# The message to post on the pull request when closing it. If none provided, will not comment when closing a pull requests. | ||
close-pr-message: # optional | ||
# The number of days old an issue or a pull request can be before marking it stale. Set to -1 to never mark issues or pull requests as stale automatically. | ||
days-before-stale: # optional, default is 60 | ||
# The number of days old an issue can be before marking it stale. Set to -1 to never mark issues as stale automatically. Override "days-before-stale" option regarding only the issues. | ||
days-before-issue-stale: # optional | ||
# The number of days old a pull request can be before marking it stale. Set to -1 to never mark pull requests as stale automatically. Override "days-before-stale" option regarding only the pull requests. | ||
days-before-pr-stale: # optional | ||
# The number of days to wait to close an issue or a pull request after it being marked stale. Set to -1 to never close stale issues or pull requests. | ||
days-before-close: # optional, default is 7 | ||
# The number of days to wait to close an issue after it being marked stale. Set to -1 to never close stale issues. Override "days-before-close" option regarding only the issues. | ||
days-before-issue-close: # optional | ||
# The number of days to wait to close a pull request after it being marked stale. Set to -1 to never close stale pull requests. Override "days-before-close" option regarding only the pull requests. | ||
days-before-pr-close: # optional | ||
# The label to apply when an issue is stale. | ||
stale-issue-label: # optional, default is Stale | ||
# The label to apply when an issue is closed. | ||
close-issue-label: # optional | ||
# The labels that mean an issue is exempt from being marked stale. Separate multiple labels with commas (eg. "label1,label2"). | ||
exempt-issue-labels: # optional, default is | ||
# The reason to use when closing an issue. | ||
close-issue-reason: # optional, default is not_planned | ||
# The label to apply when a pull request is stale. | ||
stale-pr-label: # optional, default is Stale | ||
# The label to apply when a pull request is closed. | ||
close-pr-label: # optional | ||
# The labels that mean a pull request is exempt from being marked as stale. Separate multiple labels with commas (eg. "label1,label2"). | ||
exempt-pr-labels: # optional, default is | ||
# The milestones that mean an issue or a pull request is exempt from being marked as stale. Separate multiple milestones with commas (eg. "milestone1,milestone2"). | ||
exempt-milestones: # optional, default is | ||
# The milestones that mean an issue is exempt from being marked as stale. Separate multiple milestones with commas (eg. "milestone1,milestone2"). Override "exempt-milestones" option regarding only the issues. | ||
exempt-issue-milestones: # optional, default is | ||
# The milestones that mean a pull request is exempt from being marked as stale. Separate multiple milestones with commas (eg. "milestone1,milestone2"). Override "exempt-milestones" option regarding only the pull requests. | ||
exempt-pr-milestones: # optional, default is | ||
# Exempt all issues and pull requests with milestones from being marked as stale. Default to false. | ||
exempt-all-milestones: # optional, default is false | ||
# Exempt all issues with milestones from being marked as stale. Override "exempt-all-milestones" option regarding only the issues. | ||
exempt-all-issue-milestones: # optional, default is | ||
# Exempt all pull requests with milestones from being marked as stale. Override "exempt-all-milestones" option regarding only the pull requests. | ||
exempt-all-pr-milestones: # optional, default is | ||
# Only issues or pull requests with all of these labels are checked if stale. Defaults to `` (disabled) and can be a comma-separated list of labels. | ||
only-labels: # optional, default is | ||
# Only issues or pull requests with at least one of these labels are checked if stale. Defaults to `` (disabled) and can be a comma-separated list of labels. | ||
any-of-labels: # optional, default is | ||
# Only issues with at least one of these labels are checked if stale. Defaults to `` (disabled) and can be a comma-separated list of labels. Override "any-of-labels" option regarding only the issues. | ||
any-of-issue-labels: # optional, default is | ||
# Only pull requests with at least one of these labels are checked if stale. Defaults to `` (disabled) and can be a comma-separated list of labels. Override "any-of-labels" option regarding only the pull requests. | ||
any-of-pr-labels: # optional, default is | ||
# Only issues with all of these labels are checked if stale. Defaults to `[]` (disabled) and can be a comma-separated list of labels. Override "only-labels" option regarding only the issues. | ||
only-issue-labels: # optional, default is | ||
# Only pull requests with all of these labels are checked if stale. Defaults to `[]` (disabled) and can be a comma-separated list of labels. Override "only-labels" option regarding only the pull requests. | ||
only-pr-labels: # optional, default is | ||
# The maximum number of operations per run, used to control rate limiting (GitHub API CRUD related). | ||
operations-per-run: # optional, default is 30 | ||
# Remove stale labels from issues and pull requests when they are updated or commented on. | ||
remove-stale-when-updated: # optional, default is true | ||
# Remove stale labels from issues when they are updated or commented on. Override "remove-stale-when-updated" option regarding only the issues. | ||
remove-issue-stale-when-updated: # optional, default is | ||
# Remove stale labels from pull requests when they are updated or commented on. Override "remove-stale-when-updated" option regarding only the pull requests. | ||
remove-pr-stale-when-updated: # optional, default is | ||
# Run the processor in debug mode without actually performing any operations on live issues. | ||
debug-only: # optional, default is false | ||
# The order to get issues or pull requests. Defaults to false, which is descending. | ||
ascending: # optional, default is false | ||
# Delete the git branch after closing a stale pull request. | ||
delete-branch: # optional, default is false | ||
# The date used to skip the stale action on issue/pull request created before it (ISO 8601 or RFC 2822). | ||
start-date: # optional, default is | ||
# The assignees which exempt an issue or a pull request from being marked as stale. Separate multiple assignees with commas (eg. "user1,user2"). | ||
exempt-assignees: # optional, default is | ||
# The assignees which exempt an issue from being marked as stale. Separate multiple assignees with commas (eg. "user1,user2"). Override "exempt-assignees" option regarding only the issues. | ||
exempt-issue-assignees: # optional, default is | ||
# The assignees which exempt a pull request from being marked as stale. Separate multiple assignees with commas (eg. "user1,user2"). Override "exempt-assignees" option regarding only the pull requests. | ||
exempt-pr-assignees: # optional, default is | ||
# Exempt all issues and pull requests with assignees from being marked as stale. Default to false. | ||
exempt-all-assignees: # optional, default is false | ||
# Exempt all issues with assignees from being marked as stale. Override "exempt-all-assignees" option regarding only the issues. | ||
exempt-all-issue-assignees: # optional, default is | ||
# Exempt all pull requests with assignees from being marked as stale. Override "exempt-all-assignees" option regarding only the pull requests. | ||
exempt-all-pr-assignees: # optional, default is | ||
# Exempt draft pull requests from being marked as stale. Default to false. | ||
exempt-draft-pr: # optional, default is false | ||
# Display some statistics at the end regarding the stale workflow (only when the logs are enabled). | ||
enable-statistics: # optional, default is true | ||
# A comma delimited list of labels to add when an issue or pull request becomes unstale. | ||
labels-to-add-when-unstale: # optional, default is | ||
# A comma delimited list of labels to remove when an issue or pull request becomes stale. | ||
labels-to-remove-when-stale: # optional, default is | ||
# A comma delimited list of labels to remove when an issue or pull request becomes unstale. | ||
labels-to-remove-when-unstale: # optional, default is | ||
# Any update (update/comment) can reset the stale idle time on the issues and pull requests. | ||
ignore-updates: # optional, default is false | ||
# Any update (update/comment) can reset the stale idle time on the issues. Override "ignore-updates" option regarding only the issues. | ||
ignore-issue-updates: # optional, default is | ||
# Any update (update/comment) can reset the stale idle time on the pull requests. Override "ignore-updates" option regarding only the pull requests. | ||
ignore-pr-updates: # optional, default is | ||
# Only the issues or the pull requests with an assignee will be marked as stale automatically. | ||
include-only-assigned: # optional, default is false | ||