{"id":19581169,"url":"https://github.com/google-github-actions/create-cloud-deploy-release","last_synced_at":"2025-08-01T09:37:00.159Z","repository":{"id":76636944,"uuid":"573075546","full_name":"google-github-actions/create-cloud-deploy-release","owner":"google-github-actions","description":"A GitHub Action for creating releases via Cloud Deploy.","archived":false,"fork":false,"pushed_at":"2024-10-30T14:23:33.000Z","size":1678,"stargazers_count":17,"open_issues_count":0,"forks_count":10,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-10-30T15:29:01.053Z","etag":null,"topics":["actions","ci-cd","cloud-deploy","gcp","github-actions","google-cloud","google-cloud-deploy","google-cloud-platform"],"latest_commit_sha":null,"homepage":"https://cloud.google.com/deploy","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/google-github-actions.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-01T16:38:17.000Z","updated_at":"2024-10-30T14:23:25.000Z","dependencies_parsed_at":"2023-06-09T01:00:31.270Z","dependency_job_id":"e09f3a9c-02fe-43e1-8a22-2567ea01891f","html_url":"https://github.com/google-github-actions/create-cloud-deploy-release","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google-github-actions%2Fcreate-cloud-deploy-release","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google-github-actions%2Fcreate-cloud-deploy-release/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google-github-actions%2Fcreate-cloud-deploy-release/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google-github-actions%2Fcreate-cloud-deploy-release/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/google-github-actions","download_url":"https://codeload.github.com/google-github-actions/create-cloud-deploy-release/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224067250,"owners_count":17250140,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","ci-cd","cloud-deploy","gcp","github-actions","google-cloud","google-cloud-deploy","google-cloud-platform"],"created_at":"2024-11-11T07:33:18.996Z","updated_at":"2024-11-11T07:33:20.546Z","avatar_url":"https://github.com/google-github-actions.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# create-cloud-deploy-release\n\nThe `create-cloud-deploy-release` GitHub Action creates a [Cloud Deploy][cd]\n[release][cd-release] to manage the deployment of an application to one or more\n[Google Kubernetes Engine (GKE)][gke], [Anthos][anthos], or [Cloud Run][cloud-run]\n[targets][cd-target].\n\n**This is not an officially supported Google product, and it is not covered by a\nGoogle Cloud support contract. To report bugs or request features in a Google\nCloud product, please contact [Google Cloud\nsupport](https://cloud.google.com/support).**\n\n\n## Prerequisites\n\n-   This action requires Google Cloud credentials that are authorized to access\n    the secrets being requested. See [Authorization](#authorization) for more\n    information.\n\n-   This action runs using Node 20. If you are using self-hosted GitHub Actions\n    runners, you must use runner version\n    [2.285.0](https://github.com/actions/virtual-environments) or newer.\n\n-   This action depends on the existence of a [Cloud Deploy][cd]\n    [delivery pipeline][cd-pipeline] that is configured for the targets to which\n    the application will be deployed.\n\n## Usage\n\n```yaml\njobs:\n  job_id:\n    # ...\n\n    permissions:\n      contents: 'read'\n      id-token: 'write'\n\n    steps:\n    - uses: 'actions/checkout@v4'\n\n    - uses: 'google-github-actions/auth@v2'\n      with:\n        workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'\n        service_account: 'my-service-account@my-project.iam.gserviceaccount.com'\n\n   - id: create-release\n     uses: 'google-github-actions/create-cloud-deploy-release@v1'\n      with:\n        name: 'demo-app-v1-2-3'\n        description: 'Add new functionality to demo-app'\n        delivery_pipeline: 'demo-app-pipeline'\n        region: 'us-central1'\n        images: 'demo-app=us-central1-docker.pkg.dev/demo-app-project/demo-app-repo/demo-app:v1.2.3'\n        source: 'demo-app'\n```\n\n## Inputs\n\n-   `name`: (Required) The name for the release.\n\n-   `delivery_pipeline` (Required): The [delivery pipeline][cd-pipeline] to use\n    for the release.\n\n-   `source`: (Required) The location of the files to be included in the\n    release; typically application configuration manifests.\n\n-   `build_artifacts`: (Required, unless providing `images`) Path to a\n    [Skaffold output file][skaffold-output] containing the details of the\n    application image(s) to be released.\n\n-   `images`: (Required, unless providing `build_artifacts`) The details of the\n    application image(s) to be released, in the format\n    `image1=path/to/image1:v1@sha256:45db24`, for example:\n\n    ```yaml\n    with:\n      images: |-\n        image1=image.repo/path/to/image1:v1@sha256:45db24\n        image2=image.repo/path/to/image2:v1@sha256:f32780\n    ```\n\n-   `region`: (Optional) Region of the delivery pipeline. If not supplied, a\n    previously configured `gcloud` setting using `deploy/region` is required,\n    for example `gcloud config set deploy/region [REGION]`.\n\n-   `disable_initial_rollout`: (Optional) Prevent the release being deployed to\n    the first target in the delivery pipeline.\n\n-   `gcs_source_staging_dir`: (Optional) A directory in Google Cloud Storage to\n    copy the source used for staging the build.\n\n-   `skaffold_file`: (Optional) Path of the skaffold file absolute or relative\n    to the source directory.\n\n-   `annotations`: (Optional) Add additional annotations to the release.\n\n    ```yaml\n    with:\n      annotations: |-\n        annotation1=value1\n        annotation2=value2\n    ```\n\n    The GitHub Action will automatically apply the following annotations to the\n    release to enhance the user experience:\n\n    ```text\n    git-sha: ecdeca633a230bfade4cc8195ae23af030922319\n    commit: \u003ccommit\u003e\n    ```\n\n-   `labels`: (Optional) Add additional labels to the release.\n\n    ```yaml\n    with:\n      labels: |-\n        label1=value1\n        label2=value2\n    ```\n\n    The GitHub Action will automatically apply the following label to the\n    release to enhance the user experience:\n\n    ```text\n    managed-by: github-actions\n    ```\n\n    Labels have strict naming and casing requirements. See [Requirements for\n    labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements)\n    for more information.\n\n-   `description`: (Optional) Include a description of the release.\n\n-   `deploy_parameters`: (Optional) Additional parameters to supply at release creation time.\n\n    ```yaml\n    with:\n      deploy_parameters: |-\n        parameter1=value1\n        parameter2=value2\n    ```\n\n    See the [Deploy Parameters](https://cloud.google.com/deploy/docs/parameters)\n    section in the Cloud Deploy documentation for details of how to use the corresponding\n    placeholders in your manifest(s).\n\n-   `flags`: (Optional) Space separated list of other Cloud Deploy flags,\n    examples can be found [here][cd-flags]. This can be used to access features\n    that are not exposed via this GitHub Action.\n\n    ```yaml\n    with:\n      flags: '--from-k8s-manifest=...'\n    ```\n\n-   `gcloud_version`: (Optional) Version of the Cloud SDK to install. If\n    unspecified or set to \"latest\", the latest available gcloud SDK version for\n    the target platform will be installed. Example: \"290.0.1\".\n\n-   `gcloud_component`: (Optional) Version of the Cloud SDK components to\n    install and use. If unspecified, the latest or released version will be\n    used. This is the equivalent of running 'gcloud alpha run' or 'gcloud beta\n    run'. Valid values are `alpha` or `beta`.\n\n-   `project_id`: (Optional) ID of the Google Cloud project in which to deploy the service. The default value is computed from the environment.\n\n## Outputs\n\n-   `name`: The full name of the release in Cloud Deploy, including project and\n    pipeline names, as well as the chosen name of the release itself.\n\n-   `link`: A link to the Cloud Deploy release in the Google Cloud Web Console.\n\n## Authorization\n\nThere are a few ways to authenticate this action. The caller must have\npermissions to access the secrets being requested.\n\n### Via google-github-actions/auth\n\nUse [google-github-actions/auth](https://github.com/google-github-actions/auth)\nto authenticate the action. You can use [Workload Identity Federation][wif] or\ntraditional [Service Account Key JSON][sa] authentication.\n\n```yaml\njobs:\n  job_id:\n    permissions:\n      contents: 'read'\n      id-token: 'write'\n\n    steps:\n\n    # ...\n\n    - uses: 'google-github-actions/auth@v2'\n      with:\n        workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'\n        service_account: 'my-service-account@my-project.iam.gserviceaccount.com'\n\n    - uses: 'google-github-actions/create-cloud-deploy-release@v1'\n      with:\n        name: 'example-app'\n        ...\n```\n\n### Via Application Default Credentials\n\nIf you are hosting your own runners, **and** those runners are on Google Cloud,\nyou can leverage the Application Default Credentials of the instance. This will\nauthenticate requests as the service account attached to the instance. **This\nonly works using a custom runner hosted on GCP.**\n\n```yaml\njobs:\n  job_id:\n    steps:\n    # ...\n\n    - uses: 'google-github-actions/create-cloud-deploy-release@v1'\n      with:\n        name: 'example-app'\n        ...\n```\n\nThe action will automatically detect and use the Application Default\nCredentials.\n\n### Cloud Deploy Release Creation\n\nTo use the default Cloud Deploy configuration you will need to authenticate to\nGoogle Cloud as a service account with the following roles:\n\n-   Cloud Deploy Releaser (`roles/clouddeploy.releaser`)\n    -   To create and retrieve releases and rollouts\n-   Cloud Storage Admin (`roles/storage.admin`)\n    -   To write release packages\n\nThis is in addition to any other roles that may be needed earlier in the\npipeline, for example `roles/artifactregistry.writer` to allow images to be\npushed to Artifact Registry.\n\nBy default, Cloud Deploy itself will use the `Compute Engine default service\naccount`, `PROJECT_NUMBER-compute@developer.gserviceaccount.com` as described\nin the documentation for [IAM within Cloud Deploy][cd-iam], though for\nproduction use-cases it's recommended that you create one or more dedicated service\naccounts [as detailed in the Cloud Deploy documentation][cd-custom-sa]. A custom\nservice account can be granted the `roles/clouddeploy.jobRunner` role in the Cloud\nDeploy project to enable required permissions.\n\nYou may find that Organizational Policy rules prevent certain permissions being\nassigned to default service accounts. In this case please consult with your\norganization administrators.\n\nBy default the service account used by Cloud Deploy requires the following roles:\n\n-   Cloud Logging Writer (`roles/logging.logWriter`)\n    -   To write logs\n-   Cloud Storage Viewer (`storage/object.viewer`)\n    -   To read Cloud Deploy artifacts\n-   Cloud Storage Creator (`storage/object.creator`)\n    -   To write Cloud Deploy artifacts\n\nDepending on your Cloud Deploy configuration you may choose to create more\ngranular roles for custom resources, rather than relying on the default.\n\nThe service account used by Cloud Deploy additionally needs permisisons that\nallow deployment of a service to your target runtime, [GKE][gke] or\n[Cloud Run][cloud-run], as described in the following sections. This could be:\n\n-   The default compute service account\n-   The same custom service account you created for release creation, or\n-   A separate custom service account dedicated to deployment.\n\n### Cloud Run Authorization\n\nTo deploy to Cloud Run, the service account used by Cloud Deploy needs the\nfollowing permissions:\n\n-   Cloud Run Developer (`roles/run.developer`)\n    -   Read and write access to all Cloud Run resources.\n\nThe service account additionally needs to be a member of the service account\nused by Cloud Run, with role `Service Account User`. This may be the `Compute\nEngine default service account, (PROJECT_NUMBER-compute@developer.gserviceaccount.com)`\nor a custom service account, depending on your configuration. To grant\n`iam.serviceAccounts.actAs` permissions for a service account, use one of the methods\nfound in [the IAM documentation][sa-ownership-and-access].\n\n### GKE Authorization\n\nTo deploy to GKE, the service account used by Cloud Deploy needs the following permissions:\n\n-   Kubernetes Engine Developer (`roles/container.developer`)\n    -   Provides access to Kubernetes API objects inside clusters.\n\nIn all cases, you should follow the principle of least privilege when assigning\nIAM roles. When possible, grant roles at the resource level as opposed to the\nproject level.\n\n## Example Workflows\n\n-   [Example workflows][examples] for `create-cloud-deploy-release`\n\n\n[anthos]: https://cloud.google.com/anthos\n[cd]: https://cloud.google.com/deploy\n[cd-custom-sa]: https://cloud.google.com/deploy/docs/cloud-deploy-service-account#what_service_accounts_to_create\n[cd-iam]: https://cloud.google.com/deploy/docs/cloud-deploy-service-account#execution_service_account\n[cd-flags]: https://cloud.google.com/sdk/gcloud/reference/deploy/releases/create#FLAGS\n[cd-pipeline]: https://cloud.google.com/deploy/docs/terminology#delivery_pipeline\n[cd-release]: https://cloud.google.com/deploy/docs/terminology#release\n[cd-target]: https://cloud.google.com/deploy/docs/terminology#target\n[cloud-run]: https://cloud.google.com/run\n[examples]: https://github.com/google-github-actions/example-workflows/tree/main/workflows/create-cloud-deploy-release\n[gke]: https://cloud.google.com/kubernetes-engine\n[sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts\n[sa-ownership-and-access]: https://cloud.google.com/iam/docs/manage-access-service-accounts#grant-single-role\n[skaffold-output]: https://skaffold.dev/docs/workflows/ci-cd/#traditional-continuous-delivery\n[wif]: https://cloud.google.com/iam/docs/workload-identity-federation\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle-github-actions%2Fcreate-cloud-deploy-release","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogle-github-actions%2Fcreate-cloud-deploy-release","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle-github-actions%2Fcreate-cloud-deploy-release/lists"}