https://github.com/yc-actions/yc-sls-function

GitHub Action to deploy Serverless Function to Yandex Cloud.
https://github.com/yc-actions/yc-sls-function

functions github-actions serverless yandex-cloud

Last synced: 6 months ago
JSON representation

GitHub Action to deploy Serverless Function to Yandex Cloud.

• Host: GitHub
• URL: https://github.com/yc-actions/yc-sls-function
• Owner: yc-actions
• License: mit
• Created: 2021-11-07T13:33:53.000Z (almost 4 years ago)
• Default Branch: main
• Last Pushed: 2025-04-07T17:05:09.000Z (6 months ago)
• Last Synced: 2025-04-07T17:27:47.307Z (6 months ago)
• Topics: functions, github-actions, serverless, yandex-cloud
• Language: TypeScript
• Homepage:
• Size: 39.1 MB
• Stars: 45
• Watchers: 2
• Forks: 9
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
## GitHub Action to deploy Serverless Function to Yandex Cloud

The action finds or creates Serverless Function in the given folder in Yandex Cloud and deploys new version.

**Table of Contents**

- [Usage](#usage)

- [Permissions](#permissions)

- [License Summary](#license-summary)

## Usage

```yaml

    - name: Deploy Function

      id: sls-func

      uses: yc-actions/yc-sls-function@v2

      with:

        yc-sa-json-credentials: ${{ secrets.YC_SA_JSON_CREDENTIALS }}

        bucket: ${{ secrets.BUCKET }}

        folder-id: 'b1g*********'

        function-name: 'test-function'

        runtime: 'nodejs16'

        memory: '256Mb'

        entrypoint: 'src/main.handler'

        environment: |

          DEBUG=True

          COUNT=1

        include: |

          ./src

          package.json

        exclude: |

          **/*.ts

        tags: |

          ${{ GITHUB_SHA::6 }}

          foo

```

`yc-sa-json-credentials` should contain JSON with authorized key for Service Account. More info

in [Yandex Cloud IAM documentation](https://yandex.cloud/en/docs/iam/operations/iam-token/create-for-sa).

See [action.yml](action.yml) for the full documentation for this action's inputs and outputs.

## Permissions

### Deploy time permissions

To perform this action, the service account on behalf of which we are acting must have

the `functions.editor` role or higher.

Additionally, you may need to grant the following optional roles depending on your specific needs:

| Optional Role              | Required For                                                                           |

|----------------------------|----------------------------------------------------------------------------------------|

| `iam.serviceAccounts.user` | Providing the service account ID in parameters, ensuring access to the service account |

| `vpc.user`                 | Deploying the function in a VPC with a specified network ID                            |

| `functions.admin`          | Making the function public                                                             |

### Runtime permissions

The service account provided to function via `service-account` parameter must have the following roles:

| Required Role                 | Required For                                                        |

|-------------------------------|---------------------------------------------------------------------|

| `lockbox.payloadViewer`       | To access the Lockbox secrets.                                      |

| `kms.keys.encrypterDecrypter` | To decrypt the Lockbox secrets, if they are encrypted with KMS key. |

## License Summary

This code is made available under the MIT license.