Configures the Google Cloud SDK in the GitHub Actions environment. The Google Cloud SDK includes both the gcloud and gsutil binaries.
Or integrate natively with other Google Cloud GitHub Actions:
- Authenticate to Google Cloud
- Deploy a Cloud Run service
- Deploy an App Engine app
- Deploy a Cloud Function
- Access Secret Manager secrets
- Upload to Cloud Storage
- Configure GKE credentials
-
This action requires Google Cloud credentials to execute gcloud commands. See Authorization for more details.
-
This action runs using Node 16. If you are using self-hosted GitHub Actions runners, you must use runner version 2.285.0 or newer.
jobs:
job_id:
# Add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v0'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: '[email protected]'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v0'
- name: 'Use gcloud CLI'
run: 'gcloud info'
-
version
: (Optional) A string representing the version of the Cloud SDK (gcloud
) to install (e.g."290.0.1"
). The default value is "latest", which will install the latest available Cloud SDK version.Warning! Workload Identity Federation requires version 363.0.0 or newer.
-
project_id
: (Optional) Project ID (not project number) of the Google Cloud project. If provided, this will configure thegcloud
CLI to use that project ID for commands. Individual commands can still override the project with the--project
flag. If unspecified, the action attempts to find the "best" project ID by looking at other inputs and environment variables. -
install_components
: (Optional) List of Cloud SDK components to install specified as a comma-separated list of strings:install_components: 'alpha,cloud-datastore-emulator'
-
service_account_key
: (Deprecated, optional) The Google Cloud service account key JSON. This key should be created and stored as a GitHub secret. It can be the raw JSON contents or a base64-encoded string of the raw JSON contents. There is no default value. -
service_account_email
: (Deprecated, optional) Email address of the service account to use for authentication. This is only required for p12 service account keys, which are no longer recommended. This input is not required if using a JSON service account key. There is no default value. -
export_default_credentials
: (Deprecated, optional) If true, the action will write credentials to the filesystem and export theGOOGLE_APPLICATION_CREDENTIALS
environment variable for future steps to consume Application Default Credentials. The default value is false. -
credentials_file_path
: (Deprecated, optional) The path at which the exported credentials should be written on disk. In order for the credentials to be available for future steps, it must be in$GITHUB_WORKSPACE
or$RUNNER_TEMP
. This is only valid whenexport_default_credentials
is true. The default value is a temporary file inside$GITHUB_WORKSPACE
. -
cleanup_credentials
: (Deprecated, optional) If true, the action will remove any generated credentials from the filesystem after all steps have completed. This only applies ifexport_default_credentials
is true. The default value is true.
-
Google Kubernetes Engine: An example workflow that uses GitHub Actions to deploy a static website to an existing Google Kubernetes Engine cluster.
-
Cloud Run: An example workflow that uses GitHub Actions to build and deploy a container to Cloud Run.
-
Google Compute Engine: An example workflow that uses GitHub Actions to deploy a container to an existing Google Compute Engine (GCE) instance.
-
App Engine: An example workflow that uses GitHub Actions to deploy source code to App Engine, a fully managed serverless platform.
-
Cloud Build: An example workflow that uses GitHub Actions to build a container image with Cloud Build.
This action installs the Cloud SDK (gcloud
). To configure its authentication
to Google Cloud, use the google-github-actions/auth action. You can
authenticate via:
bq
and gsutil
tools do not currently support Workload Identity
Federation! You will need to use traditional service account key
authentication for now.
jobs:
job_id:
# Add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v0'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: '[email protected]'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v0'
- name: 'Use gcloud CLI'
run: 'gcloud info'
job:
job_id:
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v0'
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v0'
- name: 'Use gcloud CLI'
run: 'gcloud info'
If and only if you are using self-hosted runners that are hosted on Google Cloud Platform, the Cloud SDK will automatically authenticate using the machine credentials:
job:
job_id:
steps:
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v0'
- name: 'Use gcloud CLI'
run: 'gcloud info'
We recommend pinning to the latest available major version:
- uses: 'google-github-actions/setup-gcloud@v0'
While this action attempts to follow semantic versioning, but we're ultimately human and sometimes make mistakes. To prevent accidental breaking changes, you can also pin to a specific version:
- uses: 'google-github-actions/[email protected]'
However, you will not get automatic security updates or new features without
explicitly updating your version number. Note that we only publish MAJOR
and
MAJOR.MINOR.PATCH
versions. There is not a floating alias for
MAJOR.MINOR
.
See CONTRIBUTING.
See LICENSE.