{"id":14985920,"url":"https://github.com/google-github-actions/deploy-cloud-functions","last_synced_at":"2025-05-15T11:00:17.096Z","repository":{"id":37465911,"uuid":"308778075","full_name":"google-github-actions/deploy-cloud-functions","owner":"google-github-actions","description":"A GitHub Action that deploys source code to Google Cloud Functions.","archived":false,"fork":false,"pushed_at":"2025-02-18T23:24:33.000Z","size":5627,"stargazers_count":329,"open_issues_count":5,"forks_count":67,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-05-06T18:07:28.785Z","etag":null,"topics":["actions","cloud-functions","gcf","gcp","github-actions","google-cloud","google-cloud-functions","google-cloud-platform"],"latest_commit_sha":null,"homepage":"https://cloud.google.com/functions","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/google-github-actions.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-10-31T01:09:42.000Z","updated_at":"2025-04-18T02:03:51.000Z","dependencies_parsed_at":"2023-10-11T18:49:43.586Z","dependency_job_id":"701323b1-3bed-423f-9f45-7b1483bb12b4","html_url":"https://github.com/google-github-actions/deploy-cloud-functions","commit_stats":{"total_commits":232,"total_committers":18,"mean_commits":12.88888888888889,"dds":0.7068965517241379,"last_synced_commit":"61d32c52d24fb9690d48162aef425d62bdc1c40b"},"previous_names":[],"tags_count":36,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google-github-actions%2Fdeploy-cloud-functions","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google-github-actions%2Fdeploy-cloud-functions/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google-github-actions%2Fdeploy-cloud-functions/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google-github-actions%2Fdeploy-cloud-functions/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/google-github-actions","download_url":"https://codeload.github.com/google-github-actions/deploy-cloud-functions/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254328384,"owners_count":22052632,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","cloud-functions","gcf","gcp","github-actions","google-cloud","google-cloud-functions","google-cloud-platform"],"created_at":"2024-09-24T14:11:57.195Z","updated_at":"2025-05-15T11:00:17.019Z","avatar_url":"https://github.com/google-github-actions.png","language":"TypeScript","readme":"# deploy-cloud-functions\n\nThis action deploys your function source code to [Cloud Functions][cloud-functions] and makes the URL\navailable to later build steps via outputs.\n\n\u003e [!CAUTION]\n\u003e\n\u003e **This README corresponds to the \"v3\" GitHub Action**, which is currently in\n\u003e beta. If you are using \"v2\", see the [documentation for\n\u003e google-github-actions/deploy-cloud-functions@v2](https://github.com/google-github-actions/deploy-cloud-functions/tree/release/v2).\n\n**This is not an officially supported Google product, and it is not covered by a\nGoogle Cloud support contract. To report bugs or request features in a Google\nCloud product, please contact [Google Cloud\nsupport](https://cloud.google.com/support).**\n\n\n## Prerequisites\n\n-   This action requires Google Cloud credentials that are authorized to access\n    the secrets being requested. See [Authorization](#authorization) for more\n    information.\n\n-   This action runs using Node 20. If you are using self-hosted GitHub Actions\n    runners, you must use a version of the GitHub Actions runner that supports\n    Node 20 or higher.\n\n\n## Usage\n\n```yaml\njobs:\n  job_id:\n    runs-on: 'ubuntu-latest'\n    permissions:\n      contents: 'read'\n      id-token: 'write'\n\n    steps:\n    - uses: 'actions/checkout@v4'\n\n    - id: 'auth'\n      uses: 'google-github-actions/auth@v2'\n      with:\n        project_id: 'my-project'\n        workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'\n\n    - id: 'deploy'\n      uses: 'google-github-actions/deploy-cloud-functions@v3'\n      timeout-minutes: 10\n      with:\n        name: 'my-function'\n        runtime: 'nodejs22'\n\n    # Example of using the output\n    - id: 'test'\n      run: 'curl \"${{ steps.deploy.outputs.url }}\"'\n```\n\n## Inputs\n\n\u003e [!IMPORTANT]\n\u003e\n\u003e In addition to these inputs, we **highly recommend** setting [job and\n\u003e step-level\n\u003e timeouts](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes),\n\u003e which can be used to control total deployment time.\n\n\u003c!-- BEGIN_AUTOGEN_INPUTS --\u003e\n\n-   \u003ca name=\"project_id\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-project_id\"\u003e\u003ccode\u003eproject_id\u003c/code\u003e\u003c/a\u003e: _(Optional)_ ID of the Google Cloud project in which to deploy the service. The default\n    value is computed from the environment.\n\n-   \u003ca name=\"region\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-region\"\u003e\u003ccode\u003eregion\u003c/code\u003e\u003c/a\u003e: _(Optional, default: `us-central1`)_ Region in which the function should be deployed.\n\n-   \u003ca name=\"universe\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-universe\"\u003e\u003ccode\u003euniverse\u003c/code\u003e\u003c/a\u003e: _(Optional, default: `googleapis.com`)_ The Google Cloud universe to use for constructing API endpoints. Trusted\n    Partner Cloud and Google Distributed Hosted Cloud should set this to their\n    universe address.\n\n    You can also override individual API endpoints by setting the environment\n    variable `GHA_ENDPOINT_OVERRIDE_\u003cendpoint\u003e` where `\u003cendpoint\u003e` is the API\n    endpoint to override. For example:\n\n    ```yaml\n    env:\n      GHA_ENDPOINT_OVERRIDE_oauth2: 'https://oauth2.myapi.endpoint/v1'\n    ```\n\n    For more information about universes, see the Google Cloud documentation.\n\n-   \u003ca name=\"name\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-name\"\u003e\u003ccode\u003ename\u003c/code\u003e\u003c/a\u003e: _(Required)_ Name of the Cloud Function.\n\n-   \u003ca name=\"description\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-description\"\u003e\u003ccode\u003edescription\u003c/code\u003e\u003c/a\u003e: _(Optional)_ Human-friendly description of the Cloud Function.\n\n-   \u003ca name=\"environment\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-environment\"\u003e\u003ccode\u003eenvironment\u003c/code\u003e\u003c/a\u003e: _(Optional, default: `GEN_2`)_ Runtime environment for the Cloud Function. Allowed values are \"GEN_1\" and\n    \"GEN_2\", but this GitHub Action only provides support for \"GEN_2\".\n\n-   \u003ca name=\"kms_key_name\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-kms_key_name\"\u003e\u003ccode\u003ekms_key_name\u003c/code\u003e\u003c/a\u003e: _(Optional)_ Resource name of a Google Cloud KMS crypto key used to encrypt/decrypt\n    function resources. If specified, you must also provide an artifact\n    registry repository using the 'docker_repository' field that was created\n    with the same key.\n\n-   \u003ca name=\"labels\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-labels\"\u003e\u003ccode\u003elabels\u003c/code\u003e\u003c/a\u003e: _(Optional)_ List of labels that should be set on the function. These are\n    comma-separated or newline-separated `KEY=VALUE`. Keys or values that\n    contain separators must be escaped with a backslash (e.g. `\\,` or `\\\\n`)\n    unless quoted. Any leading or trailing whitespace is trimmed unless values\n    are quoted.\n\n    ```yaml\n    labels: |-\n      labela=my-label\n      labelb=my-other-label\n    ```\n\n    This value will only be set if the input is a non-empty value. If a\n    non-empty value is given, the field values will be overwritten (not\n    merged). To remove all values, set the value to the literal string `{}`.\n\n    Google Cloud restricts the allowed values and length for labels. Please\n    see the Google Cloud documentation for labels for more information.\n\n-   \u003ca name=\"source_dir\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-source_dir\"\u003e\u003ccode\u003esource_dir\u003c/code\u003e\u003c/a\u003e: _(Optional, default: `./`)_ Path on disk to the root of the the function's source code. Defaults to\n    current directory. This does NOT follow symlinks to directories or files\n    when generating the upload artifact.\n\n    **NOTE:** The function source code must exist on the GitHub Actions\n    filesystem. This means you must have `use: actions/checkout@v4` before the\n    deployment step!.\n\n-   \u003ca name=\"runtime\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-runtime\"\u003e\u003ccode\u003eruntime\u003c/code\u003e\u003c/a\u003e: _(Required)_ Runtime for the function, such as \"nodejs20\". For a list of all available\n    runtimes, run:\n\n        $ gcloud functions runtimes list\n\n    The available runtimes change over time.\n\n-   \u003ca name=\"build_environment_variables\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-build_environment_variables\"\u003e\u003ccode\u003ebuild_environment_variables\u003c/code\u003e\u003c/a\u003e: _(Optional)_ List of environment variables that should be set in the build environment.\n    These are comma-separated or newline-separated `KEY=VALUE`. Keys or values\n    that contain separators must be escaped with a backslash (e.g. `\\,` or\n    `\\\\n`) unless quoted. Any leading or trailing whitespace is trimmed unless\n    values are quoted.\n\n    ```yaml\n    build_environment_variables: |-\n      FRUIT=apple\n      SENTENCE=\" this will retain leading and trailing spaces \"\n    ```\n\n    This value will only be set if the input is a non-empty value. If a\n    non-empty value is given, the field values will be overwritten (not\n    merged). To remove all values, set the value to the literal string `{}`.\n\n    Previous versions of this GitHub Action also included a separate input for\n    sourcing values from a value, but this is no longer supported. Use a\n    community action or script to read the file in a separate step and import\n    the contents as an output.\n\n-   \u003ca name=\"build_service_account\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-build_service_account\"\u003e\u003ccode\u003ebuild_service_account\u003c/code\u003e\u003c/a\u003e: _(Optional)_ Service account to be used for building the container.\n\n-   \u003ca name=\"build_worker_pool\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-build_worker_pool\"\u003e\u003ccode\u003ebuild_worker_pool\u003c/code\u003e\u003c/a\u003e: _(Optional)_ Name of the Cloud Build Custom Worker Pool that should be used to build\n    the function. The format of this field is:\n\n        projects/\u003cproject\u003e/locations/\u003cregion\u003e/workerPools/\u003cworkerPool\u003e\n\n    where `\u003cproject\u003e` and `\u003cregion\u003e` are the project id and region\n    respectively where the worker pool is defined and `\u003cworkerPool\u003e` is the\n    short name of the worker pool.\n\n    If the project ID is not the same as the function, then the Cloud\n    Functions Service Agent must be granted the role Cloud Build Custom\n    Workers Builder in the project.\n\n-   \u003ca name=\"docker_repository\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-docker_repository\"\u003e\u003ccode\u003edocker_repository\u003c/code\u003e\u003c/a\u003e: _(Optional)_ Repository in Artifact Registry to which the function docker image will be\n    pushed after it is built by Cloud Build. If unspecified, Cloud Functions\n    will create and use a repository named 'gcf-artifacts' for every deployed\n    region.\n\n    The value must match the pattern:\n\n        projects/\u003cproject\u003e/locations/\u003clocation\u003e/repositories/\u003crepository\u003e.\n\n    Cross-project repositories are not supported. Cross-location repositories\n    are not supported. Repository format must be 'DOCKER'.\n\n-   \u003ca name=\"entry_point\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-entry_point\"\u003e\u003ccode\u003eentry_point\u003c/code\u003e\u003c/a\u003e: _(Optional)_ Name of a Google Cloud Function (as defined in source code) that will be\n    executed. Defaults to the resource name suffix (ID of the function), if\n    not specified.\n\n-   \u003ca name=\"all_traffic_on_latest_revision\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-all_traffic_on_latest_revision\"\u003e\u003ccode\u003eall_traffic_on_latest_revision\u003c/code\u003e\u003c/a\u003e: _(Optional, default: `true`)_ If true, the latest function revision will be served all traffic.\n\n-   \u003ca name=\"cpu\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-cpu\"\u003e\u003ccode\u003ecpu\u003c/code\u003e\u003c/a\u003e: _(Optional)_ The number of available CPUs to set (e.g. 0.5, 2, 2000m). By default, a\n    new function's available CPUs is determined based on its memory value.\n\n-   \u003ca name=\"memory\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-memory\"\u003e\u003ccode\u003ememory\u003c/code\u003e\u003c/a\u003e: _(Optional)_ The amount of memory available for the function to use. Allowed values are\n    of the format: \u003cnumber\u003e\u003cunit\u003e with allowed units of \"k\", \"M\", \"G\", \"Ki\",\n    \"Mi\", \"Gi\" (e.g 128M, 10Mb, 1024Gib).\n\n    For all generations, the default value is 256MB of memory.\n\n-   \u003ca name=\"environment_variables\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-environment_variables\"\u003e\u003ccode\u003eenvironment_variables\u003c/code\u003e\u003c/a\u003e: _(Optional)_ List of environment variables that should be set in the runtime\n    environment. These are comma-separated or newline-separated `KEY=VALUE`.\n    Keys or values that contain separators must be escaped with a backslash\n    (e.g. `\\,` or `\\\\n`) unless quoted. Any leading or trailing whitespace is\n    trimmed unless values are quoted.\n\n    ```yaml\n    environment_variables: |-\n      FRUIT=apple\n      SENTENCE=\" this will retain leading and trailing spaces \"\n    ```\n\n    This value will only be set if the input is a non-empty value. If a\n    non-empty value is given, the field values will be overwritten (not\n    merged). To remove all values, set the value to the literal string `{}`.\n\n    Previous versions of this GitHub Action also included a separate input for\n    sourcing values from a value, but this is no longer supported. Use a\n    community action or script to read the file in a separate step and import\n    the contents as an output.\n\n-   \u003ca name=\"ingress_settings\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-ingress_settings\"\u003e\u003ccode\u003eingress_settings\u003c/code\u003e\u003c/a\u003e: _(Optional, default: `ALLOW_ALL`)_ Ingress settings controls what traffic can reach the function. Valid\n    values are \"ALLOW_ALL\", \"ALLOW_INTERNAL_ONLY\", and\n    \"ALLOW_INTERNAL_AND_GCLB\".\n\n-   \u003ca name=\"max_instance_count\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-max_instance_count\"\u003e\u003ccode\u003emax_instance_count\u003c/code\u003e\u003c/a\u003e: _(Optional)_ Sets the maximum number of instances for the function. A function\n    execution that would exceed max-instances times out.\n\n-   \u003ca name=\"max_instance_request_concurrency\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-max_instance_request_concurrency\"\u003e\u003ccode\u003emax_instance_request_concurrency\u003c/code\u003e\u003c/a\u003e: _(Optional)_ Sets the maximum number of concurrent requests allowed per container\n    instance.\n\n-   \u003ca name=\"min_instance_count\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-min_instance_count\"\u003e\u003ccode\u003emin_instance_count\u003c/code\u003e\u003c/a\u003e: _(Optional)_ Sets the minimum number of instances for the function. This is helpful for\n    reducing cold start times.\n\n-   \u003ca name=\"secrets\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-secrets\"\u003e\u003ccode\u003esecrets\u003c/code\u003e\u003c/a\u003e: _(Optional)_ List of KEY=VALUE pairs to use as secrets. These are comma-separated or\n    newline-separated `KEY=VALUE`. Keys or values that contain separators must\n    be escaped with a backslash (e.g. `\\,` or `\\\\n`) unless quoted. Any\n    leading or trailing whitespace is trimmed unless values are quoted.\n\n    These can either be injected as environment variables or mounted as\n    volumes. Keys starting with a forward slash '/' are mount paths. All other\n    keys correspond to environment variables:\n\n\n    ```yaml\n    with:\n      secrets: |-\n        # As an environment variable:\n        KEY1=secret-key-1:latest\n\n        # As a volume mount:\n        /secrets/api/key=secret-key-2:latest\n    ```\n\n    This value will only be set if the input is a non-empty value. If a\n    non-empty value is given, the field values will be overwritten (not\n    merged). To remove all values, set the value to the literal string `{}`.\n\n-   \u003ca name=\"service_account\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-service_account\"\u003e\u003ccode\u003eservice_account\u003c/code\u003e\u003c/a\u003e: _(Optional)_ The email address of the IAM service account associated with the Cloud Run\n    service for the function. The service account represents the identity of\n    the running function, and determines what permissions the function has. If\n    not provided, the function will use the project's default service account\n    for Compute Engine.\n\n    Note this differs from the service account used to deploy the Cloud\n    Function, which is the currently-authenticated principal. However, the\n    deploying service account must have permission to impersonate the runtime\n    service account, which can be achieved by granting the deployment service\n    account \"roles/iam.serviceAccountUser\" permission on the runtime service\n    account.\n\n-   \u003ca name=\"service_timeout\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-service_timeout\"\u003e\u003ccode\u003eservice_timeout\u003c/code\u003e\u003c/a\u003e: _(Optional, default: `60s`)_ The function execution timeout, specified as a time duration (e.g. \"30s\"\n    for 30 seconds).\n\n-   \u003ca name=\"vpc_connector\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-vpc_connector\"\u003e\u003ccode\u003evpc_connector\u003c/code\u003e\u003c/a\u003e: _(Optional)_ ID of the connector or fully qualified identifier for the connector.\n\n-   \u003ca name=\"vpc_connector_egress_settings\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-vpc_connector_egress_settings\"\u003e\u003ccode\u003evpc_connector_egress_settings\u003c/code\u003e\u003c/a\u003e: _(Optional, default: `PRIVATE_RANGES_ONLY`)_ Egress settings controls what traffic is diverted through the VPC Access\n    Connector resource. Allowed values are \"PRIVATE_RANGES_ONLY\" and\n    \"ALL_TRAFFIC\".\n\n-   \u003ca name=\"event_trigger_location\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-event_trigger_location\"\u003e\u003ccode\u003eevent_trigger_location\u003c/code\u003e\u003c/a\u003e: _(Optional)_ The location of the trigger, which must be a region or multi-region where\n    the relevant events originate.\n\n-   \u003ca name=\"event_trigger_type\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-event_trigger_type\"\u003e\u003ccode\u003eevent_trigger_type\u003c/code\u003e\u003c/a\u003e: _(Optional)_ Specifies which action should trigger the function. For a list of\n    acceptable values, run:\n\n        $ gcloud functions event-types list\n\n    This usually requires the eventarc API to be enabled:\n\n        $ gcloud services enable eventarc.googleapis.com\n\n    The available trigger types may change over time.\n\n-   \u003ca name=\"event_trigger_filters\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-event_trigger_filters\"\u003e\u003ccode\u003eevent_trigger_filters\u003c/code\u003e\u003c/a\u003e: _(Optional)_ List of event filters that the trigger should monitor. An event that\n    matches all the filteres will trigger calls to the function. These are\n    comma-separated or newline-separated `ATTRIBUTE=VALUE`. Attributes or\n    values that contain separators must be escaped with a backslash (e.g. `\\,`\n    or `\\\\n`) unless quoted. To treat a value as a path pattern, prefix the\n    value with the literal string `PATTERN:`. Any leading or trailing\n    whitespace is trimmed unless values are quoted.\n\n    ```yaml\n    event_trigger_type: 'google.cloud.audit.log.v1.written'\n    event_trigger_filters: |-\n      serviceName=compute.googleapis.com\n      methodName=PATTERN:compute.instances.*\n    ```\n\n    This value will only be set if the input is a non-empty value. If a\n    non-empty value is given, the field values will be overwritten (not\n    merged). To remove all values, set the value to the literal string `{}`.\n\n    For more information, see [Eventarc\n    Triggers](https://cloud.google.com/functions/docs/calling/eventarc) and\n    [Eventarc Path\n    Patterns](https://cloud.google.com/eventarc/docs/path-patterns).\n\n-   \u003ca name=\"event_trigger_pubsub_topic\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-event_trigger_pubsub_topic\"\u003e\u003ccode\u003eevent_trigger_pubsub_topic\u003c/code\u003e\u003c/a\u003e: _(Optional)_ Name of Google Cloud Pub/Sub topic. Every message published in this topic\n    will trigger function execution with message contents passed as input\n    data of the format:\n\n        projects/\u003cproject_id\u003e/topics/\u003ctopic_id\u003e\n\n    The service account must have permissions on this topic.\n\n-   \u003ca name=\"event_trigger_service_account\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-event_trigger_service_account\"\u003e\u003ccode\u003eevent_trigger_service_account\u003c/code\u003e\u003c/a\u003e: _(Optional)_ The email address of the IAM service account associated with the Eventarc\n    trigger for the function. This is used for authenticated invocation.\n\n-   \u003ca name=\"event_trigger_retry\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-event_trigger_retry\"\u003e\u003ccode\u003eevent_trigger_retry\u003c/code\u003e\u003c/a\u003e: _(Optional, default: `true`)_ Describes whether event triggers should retry in case of function's\n    execution failure.\n\n-   \u003ca name=\"event_trigger_channel\"\u003e\u003c/a\u003e\u003ca href=\"#user-content-event_trigger_channel\"\u003e\u003ccode\u003eevent_trigger_channel\u003c/code\u003e\u003c/a\u003e: _(Optional)_ The name of the channel associated with the trigger in the format:\n\n        projects/\u003cproject\u003e/locations/\u003clocation\u003e/channels/\u003cchannel\u003e\n\n    You must provide a channel to receive events from Eventarc SaaS partners.\n\n\n\u003c!-- END_AUTOGEN_INPUTS --\u003e\n\n\n### Allowing unauthenticated requests\n\nThe Cloud Functions product recommendation is that CI/CD systems not set or\nchange settings for allowing unauthenticated invocations. New deployments are\nautomatically private services, while deploying a revision of a public\n(unauthenticated) service will preserve the IAM setting of public\n(unauthenticated). For more information, see [Controlling access on an\nindividual\nservice](https://cloud.google.com/functions/docs/securing/managing-access-iam).\n\n## Outputs\n\n\u003c!-- BEGIN_AUTOGEN_OUTPUTS --\u003e\n\n-   `name`: Full resource name of the Cloud Function, of the format:\n\n        projects/\u003cproject\u003e/locations/\u003clocation\u003e/functions/\u003cfunction\u003e\n\n-   `url`: The URL of your Cloud Function.\n\n\n\u003c!-- END_AUTOGEN_OUTPUTS --\u003e\n\n\n## Authorization\n\nThe _deployment_ service account must have the following IAM permissions:\n\n-   Cloud Functions Developer (`roles/cloudfunctions.developer`)\n\nAdditionally, the _deployment_ service account must have permissions to act as\n(impersonate) the _runtime_ service account, which can be achieved by granting\nthe deployment _service_ account \"roles/iam.serviceAccountUser\" permissions on\nthe _runtime_ service account. See the Google Cloud documentation to [learn more\nabout custom runtime service\naccounts](https://cloud.google.com/functions/docs/securing/function-identity#individual)\nand [additional configuration for\ndeployment](https://cloud.google.com/functions/docs/reference/iam/roles#additional-configuration)\n\n### Via google-github-actions/auth\n\nUse [google-github-actions/auth](https://github.com/google-github-actions/auth)\nto authenticate the action. You can use [Workload Identity Federation][wif] or\ntraditional [Service Account Key JSON][sa] authentication.\n\n#### Authenticating via Workload Identity Federation\n\n```yaml\njobs:\n  job_id:\n    permissions:\n      contents: 'read'\n      id-token: 'write'\n\n    steps:\n    - uses: 'actions/checkout@v4'\n\n    - id: 'auth'\n      uses: 'google-github-actions/auth@v2'\n      with:\n        project_id: 'my-project'\n        workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'\n\n    - id: 'deploy'\n      uses: 'google-github-actions/deploy-cloud-functions@v3'\n      timeout-minutes: 10\n      with:\n        name: 'my-function'\n        runtime: 'nodejs22'\n```\n\n### Via Application Default Credentials\n\nIf you are hosting your own runners, **and** those runners are on Google Cloud,\nyou can leverage the Application Default Credentials of the instance. This will\nauthenticate requests as the service account attached to the instance. **This\nonly works using a custom runner hosted on GCP.**\n\n```yaml\njobs:\n  job_id:\n    steps:\n    - uses: 'actions/checkout@v4'\n\n    - id: 'deploy'\n      uses: 'google-github-actions/deploy-cloud-functions@v3'\n      timeout-minutes: 10\n      with:\n        name: 'my-function'\n        runtime: 'nodejs22'\n```\n\nThe action will automatically detect and use the Application Default\nCredentials.\n\n[cloud-functions]: https://cloud.google.com/functions\n[memory]: https://cloud.google.com/sdk/gcloud/reference/functions/deploy#--memory\n[sm]: https://cloud.google.com/secret-manager\n[wif]: https://cloud.google.com/iam/docs/workload-identity-federation\n[sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts\n[gh-runners]: https://help.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners\n[gh-secret]: https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle-github-actions%2Fdeploy-cloud-functions","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogle-github-actions%2Fdeploy-cloud-functions","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle-github-actions%2Fdeploy-cloud-functions/lists"}