diff --git a/README.md b/README.md index b93411789..7aaa82812 100644 --- a/README.md +++ b/README.md @@ -103,20 +103,6 @@ jobs: install_components: 'alpha,cloud-datastore-emulator' ``` -## Example workflows - -* [Google Kubernetes Engine](./example-workflows/gke/README.md): An example workflow that uses GitHub Actions to deploy a static website to an existing [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) cluster. - -* [Cloud Run](./example-workflows/cloud-run/README.md): An example workflow that uses GitHub Actions to build and deploy a container to [Cloud Run](https://cloud.google.com/run/). - -* [Google Compute Engine](./example-workflows/gce/README.md): An example workflow that uses GitHub Actions to deploy a container to an existing [Google Compute Engine](https://cloud.google.com/compute-engine/) (GCE) instance. - -* [App Engine](./example-workflows/gae/README.md): An example workflow that uses GitHub Actions to deploy source -code to [App Engine](https://cloud.google.com/appengine), a fully managed serverless platform. - -* [Cloud Build](./example-workflows/cloud-build/README.md): An example workflow that uses GitHub Actions to build a container image with [Cloud Build](https://cloud.google.com/cloud-build). - - ## Authorization This action installs the Cloud SDK (`gcloud`). To configure its authentication diff --git a/example-workflows/README.md b/example-workflows/README.md deleted file mode 100644 index acc781e20..000000000 --- a/example-workflows/README.md +++ /dev/null @@ -1,28 +0,0 @@ -# Example Workflows for Github Actions with Google Cloud Platform - -These example workflows use the [setup-gcloud][action] to build and deploy applications to Google Cloud Platform. - -These examples are intended to be _examples_. You will likely need to change or -update values to match your setup. - -## Workflows - -| Workflow | Description | -| ----------------------------------------- | ------------------------ | -| [Google Kubernetes Engine](gke-kustomize/)| Build image and deploy a static site to an existing GKE cluster | -| [Google Kubernetes Engine](gke/) | Deploy a simple hello app to an existing GKE cluster | -| [Cloud Run](cloud-run/) | Deploy a container to Cloud Run (Fully Managed)| -| [Google Compute Engine](gce/) | Deploy a container to a GCE VM | -| [Cloud Build](cloud-build/) | Build a container image using Cloud Build| -| [App Engine](gae/) | Deploy from source to App Engine | - -## Community Workflows - -* [Deploying a Fullstack React App + Express.js + MySQL to Google Compute Engine](https://github.com/ZBejavu/gcloud-deploy-tutorial) - -## Github Actions resources - -Learn more about [Automating your workflow with Github Actions](https://help.github.com/en/actions/automating-your-workflow-with-github-actions). - - -[action]: https://github.com/google-github-actions/setup-gcloud diff --git a/example-workflows/cloud-build/.dockerignore b/example-workflows/cloud-build/.dockerignore deleted file mode 100644 index 07efc8ee2..000000000 --- a/example-workflows/cloud-build/.dockerignore +++ /dev/null @@ -1,4 +0,0 @@ -Dockerfile -README.md -node_modules -npm-debug.log diff --git a/example-workflows/cloud-build/.github/workflows/cloud-build.yml b/example-workflows/cloud-build/.github/workflows/cloud-build.yml deleted file mode 100644 index e8319a751..000000000 --- a/example-workflows/cloud-build/.github/workflows/cloud-build.yml +++ /dev/null @@ -1,63 +0,0 @@ -# Copyright 2019 Google, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -name: Build using Cloud Build - -on: - push: - branches: - - 'main' - -env: - PROJECT_ID: ${{ vars.RUN_PROJECT }} - SERVICE_NAME: helloworld-nodejs - -jobs: - setup-build-deploy: - name: Setup, Build, and Deploy - runs-on: ubuntu-latest - - # Add "id-token" with the intended permissions. - permissions: - contents: 'read' - id-token: 'write' - - steps: - - name: Checkout - uses: actions/checkout@v3 - - # Configure Workload Identity Federation and generate an access token. - - id: 'auth' - name: 'Authenticate to Google Cloud' - uses: 'google-github-actions/auth@v1' - with: - workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' - service_account: '${{ vars.RUN_SA_EMAIL }}' - - # Alternative option - authentication via credentials json - # - id: 'auth' - # uses: 'google-github-actions/auth@v1' - # with: - # credentials_json: '${{ secrets.RUN_SA_KEY }}' - - # Setup gcloud CLI - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1 - - # Build and push image to Google Container Registry - - name: Build - run: |- - gcloud builds submit \ - --quiet \ - --tag "gcr.io/$PROJECT_ID/$SERVICE_NAME:$GITHUB_SHA" diff --git a/example-workflows/cloud-build/Dockerfile b/example-workflows/cloud-build/Dockerfile deleted file mode 100644 index 4eee05e71..000000000 --- a/example-workflows/cloud-build/Dockerfile +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 2020 Google, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Use the official lightweight Node.js 16 image. -# https://hub.docker.com/_/node -FROM node:16-slim - -# Create and change to the app directory. -WORKDIR /usr/src/app - -# Copy application dependency manifests to the container image. -# A wildcard is used to ensure both package.json AND package-lock.json are copied. -# Copying this separately prevents re-running npm install on every code change. -COPY package*.json ./ - -# Install production dependencies. -RUN npm install --only=production - -# Copy local code to the container image. -COPY . ./ - -# Run the web service on container startup. -CMD [ "npm", "start" ] diff --git a/example-workflows/cloud-build/README.md b/example-workflows/cloud-build/README.md deleted file mode 100644 index 5dad3b85b..000000000 --- a/example-workflows/cloud-build/README.md +++ /dev/null @@ -1,88 +0,0 @@ -# Cloud Build - GitHub Actions - -An example workflow that uses [GitHub Actions][actions] to build a -[Hello World Node.js app](index.js) container image using [Cloud Build][cloud-build]. - -This code is intended to be an _example_. You will likely need to change or -update values to match your setup. - -## Workflow description - -For pushes to the `main` branch, this workflow will: - -1. Download and configure the Google [Cloud SDK][sdk] with the provided - credentials. - -1. Build, tag, and push a container image to Google Container Registry. - - - The image is built using Cloud Build and pushed to Google Container Registry. - - - The image is available through the following tags: `latest` and first 8 of - the commit SHA. - -## Setup - -1. Create a new Google Cloud Project (or select an existing project) and - [enable the Cloud Build and Cloud Build APIs](https://console.cloud.google.com/flows/enableapi?apiid=cloudbuild.googleapis.com,run.googleapis.com). - -1. Create or reuse a GitHub repository for the example workflow: - - 1. [Create a repository](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-new-repository). - - 1. Move into the repository directory: - - ``` - $ cd - ``` - - 1. Copy the example into the repository: - - ``` - $ cp -r /github-actions/example-workflows/cloud-build/ . - ``` - -1. [Create a Google Cloud service account][create-sa] if one does not already - exist. - -1. Add the following [Cloud IAM roles][roles] to your service account: - - - [`Cloud Build Service Account`](https://cloud.google.com/cloud-build/docs/cloud-build-service-account) - allows for execution of builds on your behalf - - - `Viewer` - allows for Cloud Build log storage - -1. [Create a JSON service account key][create-key] for the service account. - -1. Add the following secrets to your repository's secrets: - - - `RUN_PROJECT`: Google Cloud project ID - - - `RUN_SA_EMAIL`: the email of the service account - - - `RUN_SA_KEY`: the content of the service account JSON file - -## Run the workflow - -1. Add and commit your changes: - - ```text - $ git add . - $ git commit -m "Set up GitHub workflow" - ``` - -1. Push to the `main` branch: - - ```text - $ git push -u origin main - ``` - -1. View the GitHub Actions Workflow by selecting the `Actions` tab at the top - of your repository on GitHub. Then click on the `Build using Cloud Build` - element to see the details. - -[actions]: https://help.github.com/en/categories/automating-your-workflow-with-github-actions -[cloud-build]: https://cloud.google.com/cloud-build/ -[create-sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts -[create-key]: https://cloud.google.com/iam/docs/creating-managing-service-account-keys -[sdk]: https://cloud.google.com/sdk -[secrets]: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets -[roles]: https://cloud.google.com/iam/docs/granting-roles-to-service-accounts#granting_access_to_a_service_account_for_a_resource diff --git a/example-workflows/cloud-build/index.js b/example-workflows/cloud-build/index.js deleted file mode 100644 index cdc2031cd..000000000 --- a/example-workflows/cloud-build/index.js +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright 2020 Google, LLC. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -const express = require('express'); -const app = express(); - -app.get('/', (req, res) => { - console.log('Hello world received a request.'); - - const target = process.env.TARGET || 'World'; - res.send(`Hello ${target}!`); -}); - -const port = process.env.PORT || 8080; -app.listen(port, () => { - console.log('Hello world listening on port', port); -}); diff --git a/example-workflows/cloud-build/package-lock.json b/example-workflows/cloud-build/package-lock.json deleted file mode 100644 index a1af12fb6..000000000 --- a/example-workflows/cloud-build/package-lock.json +++ /dev/null @@ -1,432 +0,0 @@ -{ - "name": "helloworld", - "version": "1.0.0", - "lockfileVersion": 1, - "requires": true, - "dependencies": { - "accepts": { - "version": "1.3.8", - "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", - "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", - "requires": { - "mime-types": "~2.1.34", - "negotiator": "0.6.3" - } - }, - "array-flatten": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", - "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==" - }, - "body-parser": { - "version": "1.20.1", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz", - "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==", - "requires": { - "bytes": "3.1.2", - "content-type": "~1.0.4", - "debug": "2.6.9", - "depd": "2.0.0", - "destroy": "1.2.0", - "http-errors": "2.0.0", - "iconv-lite": "0.4.24", - "on-finished": "2.4.1", - "qs": "6.11.0", - "raw-body": "2.5.1", - "type-is": "~1.6.18", - "unpipe": "1.0.0" - } - }, - "bytes": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", - "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==" - }, - "call-bind": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", - "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", - "requires": { - "function-bind": "^1.1.1", - "get-intrinsic": "^1.0.2" - } - }, - "content-disposition": { - "version": "0.5.4", - "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", - "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", - "requires": { - "safe-buffer": "5.2.1" - } - }, - "content-type": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz", - "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==" - }, - "cookie": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz", - "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==" - }, - "cookie-signature": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", - "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==" - }, - "debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "requires": { - "ms": "2.0.0" - } - }, - "depd": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", - "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==" - }, - "destroy": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", - "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==" - }, - "ee-first": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", - "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==" - }, - "encodeurl": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", - "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==" - }, - "escape-html": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", - "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==" - }, - "etag": { - "version": "1.8.1", - "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", - "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==" - }, - "express": { - "version": "4.18.2", - "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz", - "integrity": "sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==", - "requires": { - "accepts": "~1.3.8", - "array-flatten": "1.1.1", - "body-parser": "1.20.1", - "content-disposition": "0.5.4", - "content-type": "~1.0.4", - "cookie": "0.5.0", - "cookie-signature": "1.0.6", - "debug": "2.6.9", - "depd": "2.0.0", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "finalhandler": "1.2.0", - "fresh": "0.5.2", - "http-errors": "2.0.0", - "merge-descriptors": "1.0.1", - "methods": "~1.1.2", - "on-finished": "2.4.1", - "parseurl": "~1.3.3", - "path-to-regexp": "0.1.7", - "proxy-addr": "~2.0.7", - "qs": "6.11.0", - "range-parser": "~1.2.1", - "safe-buffer": "5.2.1", - "send": "0.18.0", - "serve-static": "1.15.0", - "setprototypeof": "1.2.0", - "statuses": "2.0.1", - "type-is": "~1.6.18", - "utils-merge": "1.0.1", - "vary": "~1.1.2" - } - }, - "finalhandler": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", - "integrity": "sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==", - "requires": { - "debug": "2.6.9", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "on-finished": "2.4.1", - "parseurl": "~1.3.3", - "statuses": "2.0.1", - "unpipe": "~1.0.0" - } - }, - "forwarded": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", - "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==" - }, - "fresh": { - "version": "0.5.2", - "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", - "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==" - }, - "function-bind": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", - "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" - }, - "get-intrinsic": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.3.tgz", - "integrity": "sha512-QJVz1Tj7MS099PevUG5jvnt9tSkXN8K14dxQlikJuPt4uD9hHAHjLyLBiLR5zELelBdD9QNRAXZzsJx0WaDL9A==", - "requires": { - "function-bind": "^1.1.1", - "has": "^1.0.3", - "has-symbols": "^1.0.3" - } - }, - "has": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", - "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", - "requires": { - "function-bind": "^1.1.1" - } - }, - "has-symbols": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", - "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==" - }, - "http-errors": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", - "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", - "requires": { - "depd": "2.0.0", - "inherits": "2.0.4", - "setprototypeof": "1.2.0", - "statuses": "2.0.1", - "toidentifier": "1.0.1" - } - }, - "iconv-lite": { - "version": "0.4.24", - "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", - "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", - "requires": { - "safer-buffer": ">= 2.1.2 < 3" - } - }, - "inherits": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" - }, - "ipaddr.js": { - "version": "1.9.1", - "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", - "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==" - }, - "media-typer": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", - "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==" - }, - "merge-descriptors": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", - "integrity": "sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w==" - }, - "methods": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", - "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==" - }, - "mime": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", - "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==" - }, - "mime-db": { - "version": "1.52.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", - "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==" - }, - "mime-types": { - "version": "2.1.35", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", - "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", - "requires": { - "mime-db": "1.52.0" - } - }, - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" - }, - "negotiator": { - "version": "0.6.3", - "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", - "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==" - }, - "object-inspect": { - "version": "1.12.2", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz", - "integrity": "sha512-z+cPxW0QGUp0mcqcsgQyLVRDoXFQbXOwBaqyF7VIgI4TWNQsDHrBpUQslRmIfAoYWdYzs6UlKJtB2XJpTaNSpQ==" - }, - "on-finished": { - "version": "2.4.1", - "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", - "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", - "requires": { - "ee-first": "1.1.1" - } - }, - "parseurl": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", - "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==" - }, - "path-to-regexp": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", - "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==" - }, - "proxy-addr": { - "version": "2.0.7", - "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", - "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", - "requires": { - "forwarded": "0.2.0", - "ipaddr.js": "1.9.1" - } - }, - "qs": { - "version": "6.11.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", - "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==", - "requires": { - "side-channel": "^1.0.4" - } - }, - "range-parser": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", - "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==" - }, - "raw-body": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz", - "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==", - "requires": { - "bytes": "3.1.2", - "http-errors": "2.0.0", - "iconv-lite": "0.4.24", - "unpipe": "1.0.0" - } - }, - "safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==" - }, - "safer-buffer": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", - "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" - }, - "send": { - "version": "0.18.0", - "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", - "integrity": "sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==", - "requires": { - "debug": "2.6.9", - "depd": "2.0.0", - "destroy": "1.2.0", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "fresh": "0.5.2", - "http-errors": "2.0.0", - "mime": "1.6.0", - "ms": "2.1.3", - "on-finished": "2.4.1", - "range-parser": "~1.2.1", - "statuses": "2.0.1" - }, - "dependencies": { - "ms": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", - "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" - } - } - }, - "serve-static": { - "version": "1.15.0", - "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", - "integrity": "sha512-XGuRDNjXUijsUL0vl6nSD7cwURuzEgglbOaFuZM9g3kwDXOWVTck0jLzjPzGD+TazWbboZYu52/9/XPdUgne9g==", - "requires": { - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "parseurl": "~1.3.3", - "send": "0.18.0" - } - }, - "setprototypeof": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", - "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==" - }, - "side-channel": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", - "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==", - "requires": { - "call-bind": "^1.0.0", - "get-intrinsic": "^1.0.2", - "object-inspect": "^1.9.0" - } - }, - "statuses": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", - "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==" - }, - "toidentifier": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", - "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==" - }, - "type-is": { - "version": "1.6.18", - "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", - "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", - "requires": { - "media-typer": "0.3.0", - "mime-types": "~2.1.24" - } - }, - "unpipe": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", - "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==" - }, - "utils-merge": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", - "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==" - }, - "vary": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", - "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==" - } - } -} diff --git a/example-workflows/cloud-build/package.json b/example-workflows/cloud-build/package.json deleted file mode 100644 index 5d8394a1e..000000000 --- a/example-workflows/cloud-build/package.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "name": "helloworld", - "version": "1.0.0", - "description": "Simple hello world sample in Node", - "main": "index.js", - "scripts": { - "start": "node index.js" - }, - "author": "", - "license": "Apache-2.0", - "dependencies": { - "express": "^4.18.2" - } -} diff --git a/example-workflows/cloud-run/README.md b/example-workflows/cloud-run/README.md deleted file mode 100644 index f4ecbf605..000000000 --- a/example-workflows/cloud-run/README.md +++ /dev/null @@ -1,59 +0,0 @@ -# Cloud Run Workflow - -An example workflow that uses the `setup-gcloud` action to deploy to [Cloud Run][cloud-run]. - -_**Checkout the [`deploy-cloudrun` action](https://github.com/google-github-actions/deploy-cloudrun) and [example workflows](https://github.com/google-github-actions/deploy-cloudrun/README.md#example-workflows) -for a specialized implementation.**_ - -This code is intended to be an _example_. You will likely need to change or -update values to match your setup. - -## Workflow description - -For pushes to the `example` branch, this workflow will: - -1. Download and configure the Google [Cloud SDK][sdk] with the provided - credentials. - -1. Authenticates Docker to push to Google Container Registry - -1. Build, tag, and push a container image to Google Container Registry. - - - The image is built using Docker and pushed to Google Container Registry. - - - The image is available through the following tags: `latest` and first 8 of - the commit SHA. - -1. Deploy the image to [Cloud Run][cloud-run]. - -## Setup - -1. Create a new Google Cloud Project (or select an existing project). - -1. [Enable the Cloud Run API](https://console.cloud.google.com/flows/enableapi?apiid=run.googleapis.com). - -1. [Create a Google Cloud service account][create-sa] or select an existing one. - -1. Add the following [Cloud IAM roles][roles] to your service account: - - - `Cloud Run Admin` - allows for the creation of new Cloud Run services - - - `Service Account User` - required to deploy to Cloud Run as service account - - - `Storage Admin` - allow push to Google Container Registry - -1. [Download a JSON service account key][create-key] for the service account. - -1. Add the following [secrets to your repository's secrets][gh-secret]: - - - `GCP_PROJECT`: Google Cloud project ID - - - `GCP_SA_KEY`: the downloaded service account key - -[actions]: https://help.github.com/en/categories/automating-your-workflow-with-github-actions -[cloud-run]: https://cloud.google.com/run/ -[create-sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts -[create-key]: https://cloud.google.com/iam/docs/creating-managing-service-account-keys -[sdk]: https://cloud.google.com/sdk -[secrets]: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets -[roles]: https://cloud.google.com/iam/docs/granting-roles-to-service-accounts#granting_access_to_a_service_account_for_a_resource diff --git a/example-workflows/cloud-run/cloud-run.yml b/example-workflows/cloud-run/cloud-run.yml deleted file mode 100644 index e6bb641a6..000000000 --- a/example-workflows/cloud-run/cloud-run.yml +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 2019 Google, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -on: - push: - branches: - - example - -name: Build and Deploy to Cloud Run -env: - PROJECT_ID: ${{ vars.GCP_PROJECT }} - SERVICE: YOUR_SERVICE_NAME - REGION: YOUR_SERVICE_REGION - -jobs: - deploy: - runs-on: ubuntu-latest - - # Add "id-token" with the intended permissions. - permissions: - contents: 'read' - id-token: 'write' - - steps: - - name: Checkout - uses: actions/checkout@v3 - - # Configure Workload Identity Federation and generate an access token. - - id: 'auth' - name: 'Authenticate to Google Cloud' - uses: 'google-github-actions/auth@v1' - with: - workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' - service_account: 'my-service-account@my-project.iam.gserviceaccount.com' - - # Alternative option - authentication via credentials json - # - id: 'auth' - # uses: 'google-github-actions/auth@v1' - # with: - # credentials_json: '${{ secrets.GCP_CREDENTIALS }}' - - # Setup gcloud CLI - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1 - - - name: Authorize Docker push - run: gcloud auth configure-docker - - - name: Build and Push Container - run: |- - docker build -t gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }} . - docker push gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }} - - - name: Deploy to Cloud Run - run: |- - gcloud run deploy ${{ env.SERVICE }} \ - --region ${{ env.REGION }} \ - --image gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }} \ - --platform "managed" \ - --quiet diff --git a/example-workflows/gae/README.md b/example-workflows/gae/README.md deleted file mode 100644 index 4844c7a49..000000000 --- a/example-workflows/gae/README.md +++ /dev/null @@ -1,48 +0,0 @@ -# App Engine - GitHub Actions - -An example workflow that uses the `setup-gcloud` action to deploy to [App Engine](https://cloud.google.com/appengine). - -_**Checkout the [`deploy-appengine` action](https://github.com/google-github-actions/deploy-appengine) and [example workflows](https://github.com/google-github-actions/deploy-appengine/README.md#example-workflows) -for a specialized implementation.**_ - -This code is intended to be an _example_. You will likely need to change or -update values to match your setup. - -## Workflow - -For pushes to the `example` branch, this workflow will: - -1. Download and configure the Google [Cloud SDK][sdk] with the provided - credentials. - -1. Deploy the app to [App Engine](https://cloud.google.com/appengine). - -## Setup - -1. Create a new Google Cloud Project (or select an existing project). - -1. [Initialize your App Engine app with your project](https://cloud.google.com/appengine/docs/standard/nodejs/console#console). - -1. [Create a Google Cloud service account][create-sa] or select an existing one. - -1. Add the following [Cloud IAM roles][roles] to your service account: - - - `App Engine Admin` - allows for the creation of new App Engine apps - - - `Service Account User` - required to deploy to App Engine as service account - - - `Storage Admin` - allows upload of source code - - - `Cloud Build Editor` - allows building of source code - -1. [Download a JSON service account key][create-key] for the service account. - -1. Add the following [secrets to your repository's secrets][gh-secret]: - - - `GCP_PROJECT`: Google Cloud project ID - - - `GCP_SA_KEY`: the downloaded service account key - -[create-sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts -[secrets]: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets -[roles]: https://cloud.google.com/iam/docs/granting-roles-to-service-accounts#granting_access_to_a_service_account_for_a_resource diff --git a/example-workflows/gae/app-engine.yml b/example-workflows/gae/app-engine.yml deleted file mode 100644 index 99e36934c..000000000 --- a/example-workflows/gae/app-engine.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 2020 Google, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -on: - push: - branches: - - example - -name: Deploy to Google App Engine - -jobs: - deploy: - name: Deploy - runs-on: ubuntu-latest - - # Add "id-token" with the intended permissions. - permissions: - contents: 'read' - id-token: 'write' - - steps: - - name: Checkout - uses: actions/checkout@v3 - - # Configure Workload Identity Federation and generate an access token. - - id: 'auth' - name: 'Authenticate to Google Cloud' - uses: 'google-github-actions/auth@v1' - with: - workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' - service_account: 'my-service-account@my-project.iam.gserviceaccount.com' - - # Alternative option - authentication via credentials json - # - id: 'auth' - # uses: 'google-github-actions/auth@v1' - # with: - # credentials_json: '${{ secrets.GCP_CREDENTIALS }}' - - # Setup gcloud CLI - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1 - - - name: Deploy to App Engine - run: gcloud app deploy --quiet diff --git a/example-workflows/gce/.github/workflows/gce.yaml b/example-workflows/gce/.github/workflows/gce.yaml deleted file mode 100644 index 5cc52d421..000000000 --- a/example-workflows/gce/.github/workflows/gce.yaml +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright 2020 Google, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -name: Build and Deploy to Google Compute Engine - -on: - push: - branches: - - 'main' - -env: - PROJECT_ID: ${{ vars.GCE_PROJECT }} - GCE_INSTANCE: my-githubactions-vm # TODO: update to instance name - GCE_INSTANCE_ZONE: us-central1-a # TODO: update to instance zone - -jobs: - setup-build-publish-deploy: - name: Setup, Build, Publish, and Deploy - runs-on: ubuntu-latest - - # Add "id-token" with the intended permissions. - permissions: - contents: 'read' - id-token: 'write' - - steps: - - name: Checkout - uses: actions/checkout@v3 - - # Configure Workload Identity Federation and generate an access token. - - id: 'auth' - name: 'Authenticate to Google Cloud' - uses: 'google-github-actions/auth@v1' - with: - workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' - service_account: 'my-service-account@my-project.iam.gserviceaccount.com' - - # Alternative option - authentication via credentials json - # - id: 'auth' - # uses: 'google-github-actions/auth@v1' - # with: - # credentials_json: '${{ secrets.GCP_CREDENTIALS }}' - - # Setup gcloud CLI - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1 - - # Configure Docker to use the gcloud command-line tool as a credential - # helper for authentication - - run: |- - gcloud --quiet auth configure-docker - - # Build the Docker image - - name: Build - run: |- - docker build --tag "gcr.io/$PROJECT_ID/$GCE_INSTANCE-image:$GITHUB_SHA" . - - # Push the Docker image to Google Container Registry - - name: Publish - run: |- - docker push "gcr.io/$PROJECT_ID/$GCE_INSTANCE-image:$GITHUB_SHA" - - - name: Deploy - run: |- - gcloud compute instances update-container "$GCE_INSTANCE" \ - --zone "$GCE_INSTANCE_ZONE" \ - --container-image "gcr.io/$PROJECT_ID/$GCE_INSTANCE-image:$GITHUB_SHA" diff --git a/example-workflows/gce/Dockerfile b/example-workflows/gce/Dockerfile deleted file mode 100644 index 7f95a2abd..000000000 --- a/example-workflows/gce/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in -# compliance with the License. You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software distributed under the License -# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. See the License for the specific language governing permissions and limitations under the -# License. - -FROM ubuntu:latest - -RUN echo "Hello world" diff --git a/example-workflows/gce/README.md b/example-workflows/gce/README.md deleted file mode 100644 index d1411a276..000000000 --- a/example-workflows/gce/README.md +++ /dev/null @@ -1,103 +0,0 @@ -# Google Compute Engine - GitHub Actions - -An example workflow that uses [GitHub Actions][actions] to deploy a container to -an existing [Google Compute Engine][gce] (GCE) instance. - -This code is intended to be an _example_. You will likely need to change or -update values to match your setup. - -## Workflow description - -For pushes to the `main` branch, this workflow will: - -1. Download and configure the Google [Cloud SDK][sdk] with the provided - credentials. - -1. Build, tag, and push a container image to Google Container Registry. - -1. Deploy the container image to a Google Compute Engine instance. Note that a - GCE deployment requires an existing [container-optimized VM][create-vm]. - -## Setup - -1. Create a new Google Cloud Project (or select an existing project) and - [enable the Container Registry and Compute APIs](https://console.cloud.google.com/flows/enableapi?apiid=containerregistry.googleapis.com,compute.googleapis.com). - -1. [Create a container-optimized GCE VM][create-vm] or use an existing - container-optimized VM. Note the VM name and zone. - -1. Create or reuse a GitHub repository for the example workflow: - - 1. [Create a repository](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-new-repository). - - 1. Move into the repository directory: - - ``` - $ cd - ``` - - 1. Copy the example into the repository: - - ``` - $ cp -r /github-actions/example-workflows/gce/ . - ``` - -1. [Create a Google Cloud service account][create-sa] if one does not already - exist. - -1. Add the following [Cloud IAM roles][roles] to your service account: - - - `Compute Instance Admin` - allows administering GCE VMs - - - `Storage Admin` - allows pushing to Container Registry - - - `Service Account User` - run operations as the compute storage account - - Note: These permissions are overly broad to favor a quick start. They do not - represent best practices around the Principle of Least Privilege. To - properly restrict access, you should create a custom IAM role with the most - restrictive permissions. - -1. [Create a JSON service account key][create-key] for the service account. - -1. Add the following secrets to your repository's secrets: - - - `GCE_PROJECT`: Google Cloud project ID - - - `GCE_SA_KEY`: the content of the service account JSON file - -1. Update `.github/workflows/gce.yml` to match the values corresponding to your - VM: - - - `GCE_INSTANCE` - the instance name of the VM - - - `GCE_INSTANCE_ZONE` - the zone your VM resides - - -## Run the workflow - -1. Add and commit your changes: - - ```text - $ git add . - $ git commit -m "Set up GitHub workflow" - ``` - -1. Push to the `main` branch: - - ```text - $ git push -u origin main - ``` - -1. View the GitHub Actions Workflow by selecting the `Actions` tab at the top - of your repository on GitHub. Then click on the `Build and Deploy to Google - Compute Engine` element to see the details. - -[actions]: https://help.github.com/en/categories/ -[gce]: https://cloud.google.com/compute -[create-sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts -[create-key]: https://cloud.google.com/iam/docs/creating-managing-service-account-keys -[create-vm]: https://cloud.google.com/container-optimized-os/docs/how-to/create-configure-instance -[sdk]: https://cloud.google.com/sdk -[secrets]: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets -[roles]: https://cloud.google.com/iam/docs/granting-roles-to-service-accounts#granting_access_to_a_service_account_for_a_resource diff --git a/example-workflows/gke-kustomize/.github/workflows/gke-kustomize.yml b/example-workflows/gke-kustomize/.github/workflows/gke-kustomize.yml deleted file mode 100644 index 0cccff340..000000000 --- a/example-workflows/gke-kustomize/.github/workflows/gke-kustomize.yml +++ /dev/null @@ -1,101 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -name: Build and Deploy to GKE - -on: - push: - branches: - - main - -env: - PROJECT_ID: ${{ vars.GKE_PROJECT }} - GAR_LOCATION: us-central1 # # TODO: update region of the Artifact Registry - GKE_CLUSTER: cluster-1 # TODO: update to cluster name - GKE_ZONE: us-central1-c # TODO: update to cluster zone - DEPLOYMENT_NAME: gke-test # TODO: update deployment name if changed in deployment.yaml or service.yml - REPOSITORY: samples # TODO: update to Artifact Registry docker repository - IMAGE: static-site - -jobs: - setup-build-publish-deploy: - name: Setup, Build, Publish, and Deploy - runs-on: ubuntu-latest - - # Add "id-token" with the intended permissions. - permissions: - contents: 'read' - id-token: 'write' - - steps: - - name: Checkout - uses: actions/checkout@v3 - - # Configure Workload Identity Federation and generate an access token. - - id: 'auth' - name: 'Authenticate to Google Cloud' - uses: 'google-github-actions/auth@v1' - with: - workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' - service_account: 'my-service-account@my-project.iam.gserviceaccount.com' - - # Alternative option - authentication via credentials json - # - id: 'auth' - # uses: 'google-github-actions/auth@v1' - # with: - # credentials_json: '${{ secrets.GCP_CREDENTIALS }}' - - # Setup gcloud CLI - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1 - - # Configure Docker to use the gcloud command-line tool as a credential - # helper for authentication (https://cloud.google.com/artifact-registry/docs/docker/authentication) - - name: Docker configuration - run: |- - gcloud --quiet auth configure-docker $GAR_LOCATION-docker.pkg.dev - - # Get the GKE credentials so we can deploy to the cluster - - name: Set up GKE credentials - run: |- - gcloud container clusters get-credentials "$GKE_CLUSTER" --zone "$GKE_ZONE" - - # Build the Docker image - - name: Build - run: |- - docker build \ - --tag "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA" \ - --build-arg GITHUB_SHA="$GITHUB_SHA" \ - --build-arg GITHUB_REF="$GITHUB_REF" \ - . - - # Push the Docker image to Google Artifact Registry - - name: Publish - run: |- - docker push "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA" - - # Set up kustomize - - name: Set up Kustomize - run: |- - curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64 - chmod u+x ./kustomize - - # Deploy the Docker image to the GKE cluster - - name: Deploy - run: |- - # replacing the image name in the k8s template - ./kustomize edit set image LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY/IMAGE:TAG=$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA - ./kustomize build . | kubectl apply -f - - kubectl rollout status deployment/$DEPLOYMENT_NAME - kubectl get services -o wide diff --git a/example-workflows/gke-kustomize/Dockerfile b/example-workflows/gke-kustomize/Dockerfile deleted file mode 100644 index edce332d4..000000000 --- a/example-workflows/gke-kustomize/Dockerfile +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in -# compliance with the License. You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software distributed under the License -# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. See the License for the specific language governing permissions and limitations under the -# License. - -FROM nginx - -COPY nginx.conf /etc/nginx/conf.d/default.conf - -WORKDIR /usr/share/nginx/html -COPY site . - -ARG GITHUB_SHA -ARG GITHUB_REF -ENV SHA=$GITHUB_SHA -ENV REF=$GITHUB_REF - -RUN sed -i 's,SHA,'"$GITHUB_SHA"',' index.html -RUN sed -i 's,REF,'"$GITHUB_REF"',' index.html - -CMD nginx -g 'daemon off;' diff --git a/example-workflows/gke-kustomize/README.md b/example-workflows/gke-kustomize/README.md deleted file mode 100644 index 72fefa595..000000000 --- a/example-workflows/gke-kustomize/README.md +++ /dev/null @@ -1,122 +0,0 @@ -# Google Kubernetes Engine - GitHub Actions - -An example workflow that uses [GitHub Actions][actions] to deploy [a static -website](site/) to an existing [Google Kubernetes Engine][gke] cluster. - -This code is intended to be an _example_. You will likely need to change or -update values to match your setup. - -## Workflow description - -For pushes to the `main` branch, this workflow will: - -1. Download and configure the Google [Cloud SDK][sdk] with the provided - credentials. - -1. Build, tag, and push a container image to Google Artifact Registry. - -1. Use a Kubernetes Deployment to push the image to the cluster. - - - Note that a GKE deployment requires a unique Tag to update the pods. Using - a constant tag `latest` or a branch name `main` may result in successful - workflows that don't update the cluster. - -## Setup - -1. Create a new Google Cloud Project (or select an existing project) and - [enable the Artifact Registry and Kubernetes Engine APIs](https://console.cloud.google.com/flows/enableapi?apiid=artifactregistry.googleapis.com,container.googleapis.com). - -1. [Create a new GKE cluster][cluster] or select an existing GKE cluster. - -1. Create or reuse a GitHub repository for the example workflow: - - 1. [Create a repository](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-new-repository). - - 1. Move into the repository directory: - - ``` - $ cd - ``` - - 1. Copy the example into the repository: - - ``` - $ cp -r /github-actions/example-workflows/gke-kustomize/ . - ``` - -1. [Create a Google Cloud service account][create-sa] if one does not already - exist. - -1. [Create an Artifact Registry docker repository](https://cloud.google.com/artifact-registry/docs/docker/quickstart#gcloud) if one does not already exist - -1. Add the following [Cloud IAM roles][roles] to your service account: - - - `Kubernetes Engine Developer` - allows deploying to GKE - - - `Artifact Registry Writer` - allows publishing to Artifact Registry - - **Note**: *These permissions are overly broad to favor a quick start. They do not - represent best practices around the Principle of Least Privilege. To - properly restrict access, you should create a custom IAM role with the most - restrictive permissions.* - -1. [Create a JSON service account key][create-key] for the service account. - - **Note**: *You won't require this if you are using [self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners)* - -1. Add the following secrets to your repository's secrets: - - - `GKE_PROJECT`: Google Cloud project ID - - - `GKE_SA_KEY`: the content of the service account JSON file - -1. Update `.github/workflows/gke-kustomize.yml` to match the values corresponding to your - VM: - - - `GAR_LOCATION` - the region of your Artifact Registry repository - - - `GKE_CLUSTER` - the instance name of your cluster - - - `GKE_ZONE` - the zone your cluster resides - - - `IMAGE` - your preferred Docker image name - - You can find the names of your clusters using the command: - - ``` - $ gcloud container clusters list --project $PROJECT_ID - ``` - - and the zone using the command: - - ``` - $ gcloud container clusters describe - ``` - -## Run the workflow - -1. Add and commit your changes: - - ```text - $ git add . - $ git commit -m "Set up GitHub workflow" - ``` - -1. Push to the `main` branch: - - ```text - $ git push -u origin main - ``` - -1. View the GitHub Actions Workflow by selecting the `Actions` tab at the top - of your repository on GitHub. Then click on the `Build and Deploy to GKE` - element to see the details. - -[actions]: https://help.github.com/en/categories/automating-your-workflow-with-github-actions -[cluster]: https://cloud.google.com/kubernetes-engine/docs/quickstart#create_cluster -[gke]: https://cloud.google.com/gke -[create-sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts -[create-key]: https://cloud.google.com/iam/docs/creating-managing-service-account-keys -[sdk]: https://cloud.google.com/sdk -[secrets]: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets -[roles]: https://cloud.google.com/iam/docs/granting-roles-to-service-accounts#granting_access_to_a_service_account_for_a_resource diff --git a/example-workflows/gke-kustomize/deployment.yml b/example-workflows/gke-kustomize/deployment.yml deleted file mode 100644 index 294aa9291..000000000 --- a/example-workflows/gke-kustomize/deployment.yml +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gke-test -spec: - replicas: 1 - selector: - matchLabels: - app: gke-test - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - minReadySeconds: 5 - template: - metadata: - labels: - app: gke-test - spec: - containers: - - name: gke-test - image: LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY/IMAGE:TAG - ports: - - containerPort: 5000 - resources: - requests: - cpu: 100m - limits: - cpu: 100m diff --git a/example-workflows/gke-kustomize/kustomization.yml b/example-workflows/gke-kustomize/kustomization.yml deleted file mode 100644 index 30110c860..000000000 --- a/example-workflows/gke-kustomize/kustomization.yml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- deployment.yml -- service.yml diff --git a/example-workflows/gke-kustomize/nginx.conf b/example-workflows/gke-kustomize/nginx.conf deleted file mode 100644 index 33b9d42f6..000000000 --- a/example-workflows/gke-kustomize/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -server { - listen 5000; - server_name localhost; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } -} diff --git a/example-workflows/gke-kustomize/service.yml b/example-workflows/gke-kustomize/service.yml deleted file mode 100644 index d604df6e4..000000000 --- a/example-workflows/gke-kustomize/service.yml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: gke-test-service -spec: - type: LoadBalancer - ports: - - port: 80 - targetPort: 5000 - selector: - app: gke-test diff --git a/example-workflows/gke-kustomize/site/css/main.css b/example-workflows/gke-kustomize/site/css/main.css deleted file mode 100644 index ab3002478..000000000 --- a/example-workflows/gke-kustomize/site/css/main.css +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 2021 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -@import url(//fonts.googleapis.com/css?family=Inconsolata:400,700|Montserrat:700);article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,video{display:inline-block}audio:not([controls]){display:none;height:0}[hidden],template{display:none}html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}a{background:transparent}a:focus{outline:thin dotted}a:active,a:hover{outline:0}h1{font-size:2em;margin:0.67em 0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}mark{background:#ff0;color:#000}code,kbd,pre,samp{font-family:monospace, serif;font-size:1em}pre{white-space:pre-wrap}q{quotes:"\201C" "\201D" "\2018" "\2019"}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:0}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:0.35em 0.625em 0.75em}legend{border:0;padding:0}button,input,select,textarea{font-family:inherit;font-size:100%;margin:0}button,input{line-height:normal}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}input[type="checkbox"],input[type="radio"]{box-sizing:border-box;padding:0}input[type="search"]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}textarea{overflow:auto;vertical-align:top}table{border-collapse:collapse;border-spacing:0}html{font:16px/1.5 Inconsolata, sans-serif}@media (min-width: 30rem){html{font-size:20px}}body{margin:2rem 0 5rem;color:#333}@media (min-width: 30rem){body{margin-top:5rem}}a{color:#0074d9;text-decoration:none}a:hover,a:focus{text-decoration:underline}h1,h2,h3,h4,h5,h6{font-family:Montserrat, sans-serif;margin:0 0 0.5rem -0.1rem;line-height:1;color:#111;text-rendering:optimizeLegibility}h1{font-size:2.5rem;margin-bottom:1rem}@media (min-width: 30rem){h1{font-size:3rem;margin-bottom:3rem}}h1 a{color:inherit}h2{margin-top:2rem;font-size:1.25rem;margin-bottom:0.75rem}@media (min-width: 30rem){h2{margin-top:2.5rem;font-size:1.5rem;margin-bottom:1rem}}h3,h4,h5,h6{margin-top:1.5rem;font-size:1rem;text-transform:uppercase}p,ul,ol,dl,table,pre,blockquote{margin-top:0;margin-bottom:1rem}ul,ol{padding-left:1.5rem}dd{margin-left:1.5rem}blockquote{margin-left:0;margin-right:0;padding:.5rem 1rem;border-left:.25rem solid #ccc;color:#666}blockquote p:last-child{margin-bottom:0}hr{border:none;margin:1.5rem 0;border-bottom:1px solid #ccc;position:relative;top:-1px}.container img,.container iframe{max-width:100%}.container img{margin:0 auto;display:block}table{width:100%;border:1px solid #ccc;border-collapse:collapse}td,th{padding:.25rem .5rem;border:1px solid #ccc}pre,code{font-family:inherit;background-color:#eee}pre{padding:.5rem 1rem;font-size:0.8rem}code{padding:.1rem .25rem}pre>code{padding:0}.container{max-width:30rem;margin:0 auto;padding:0 1rem}.hll{background-color:#ffc}.c{color:#999}.err{color:#AA0000;background-color:#faa}.k{color:#006699}.o{color:#555}.cm{color:#0099FF;font-style:italic}.cp{color:#099}.c1{color:#999}.cs{color:#999}.gd{background-color:#FFCCCC;border:1px solid #c00}.ge{font-style:italic}.gr{color:red}.gh{color:#003300}.gi{background-color:#CCFFCC;border:1px solid #0c0}.go{color:#aaa}.gp{color:#000099}.gu{color:#003300}.gt{color:#9c6}.kc{color:#006699}.kd{color:#006699}.kn{color:#006699}.kp{color:#069}.kr{color:#006699}.kt{color:#007788}.m{color:#f60}.s{color:#d44950}.na{color:#4f9fcf}.nb{color:#366}.nc{color:#00AA88}.no{color:#360}.nd{color:#99f}.ni{color:#999999}.ne{color:#CC0000}.nf{color:#c0f}.nl{color:#99f}.nn{color:#00CCFF}.nt{color:#2f6f9f}.nv{color:#033}.ow{color:#000000}.w{color:#bbb}.mf{color:#f60}.mh{color:#f60}.mi{color:#f60}.mo{color:#f60}.sb{color:#c30}.sc{color:#c30}.sd{color:#CC3300;font-style:italic}.s2{color:#c30}.se{color:#CC3300}.sh{color:#c30}.si{color:#a00}.sx{color:#c30}.sr{color:#3aa}.s1{color:#c30}.ss{color:#fc3}.bp{color:#366}.vc{color:#033}.vg{color:#033}.vi{color:#033}.il{color:#f60}.css .o,.css .o+.nt,.css .nt+.nt{color:#999} diff --git a/example-workflows/gke-kustomize/site/index.html b/example-workflows/gke-kustomize/site/index.html deleted file mode 100644 index b0660daa7..000000000 --- a/example-workflows/gke-kustomize/site/index.html +++ /dev/null @@ -1,101 +0,0 @@ - - - - - - - - - zen - - - - - - 
-        MMM.           .MMM
-        MMMMMMMMMMMMMMMMMMM
-        MMMMMMMMMMMMMMMMMMM      ____________________________
-       MMMMMMMMMMMMMMMMMMMMM    |                            |
-      MMMMMMMMMMMMMMMMMMMMMMM   | Keep it logically awesome. |
-     MMMMMMMMMMMMMMMMMMMMMMMM   |_   ________________________|
-     MMMM::- -:::::::- -::MMMM    |/
-      MM~:~ 00~:::::~ 00~:~MM
- .. MMMMM::.00:::+:::.00::MMMMM ..
-       .MM::::: ._. :::::MM.
-          MMMM;:::::;MMMM
-   -MM        MMMMMMM
-   ^  M+     MMMMMMMMM
-       MMMMMMM MM MM MM
-            MM MM MM MM
-            MM MM MM MM
-         .~~MM~MM~MM~MM~~.
-      ~~~~MM:~MM~~~MM~:MM~~~~
-     ~~~~~~==~==~~~==~==~~~~~~
-      ~~~~~~==~==~==~==~~~~~~
-          :~==~==~==~==~~
-
-
- SHA, REF
- Built with <3 by GitHub Actions and deployed to Google Kubernetes Engine -
- - - - - diff --git a/example-workflows/gke/.github/workflows/gke.yml b/example-workflows/gke/.github/workflows/gke.yml deleted file mode 100644 index 13f09b8fd..000000000 --- a/example-workflows/gke/.github/workflows/gke.yml +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -name: Deploy simple hello app to GKE - -on: - push: - branches: - - main - -env: - PROJECT_ID: ${{ vars.GKE_PROJECT }} - GKE_CLUSTER: cluster-1 # TODO: update to cluster name - GKE_ZONE: europe-central2-a # TODO: update to cluster zone - DEPLOYMENT_NAME: gke-hello-app # TODO: update deployment name if changed in deployment.yaml - -jobs: - setup-and-deploy: - name: Setup and Deploy - runs-on: ubuntu-latest - - # Add "id-token" with the intended permissions. - permissions: - contents: 'read' - id-token: 'write' - - steps: - - name: Checkout - uses: actions/checkout@v3 - - # Configure Workload Identity Federation and generate an access token. - - id: 'auth' - name: 'Authenticate to Google Cloud' - uses: 'google-github-actions/auth@v1' - with: - workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' - service_account: 'my-service-account@my-project.iam.gserviceaccount.com' - - # Alternative option - authentication via credentials json - # - id: 'auth' - # uses: 'google-github-actions/auth@v1' - # with: - # credentials_json: '${{ secrets.GCP_CREDENTIALS }}' - - # Setup gcloud CLI - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v1 - - # Get the GKE credentials so we can deploy to the cluster - - run: |- - gcloud container clusters get-credentials "$GKE_CLUSTER" --zone "$GKE_ZONE" - - # Deploy sample image to the GKE cluster - - name: Deploy - run: |- - kubectl apply -f deployment.yml - kubectl rollout status deployment/$DEPLOYMENT_NAME - kubectl get services -o wide diff --git a/example-workflows/gke/README.md b/example-workflows/gke/README.md deleted file mode 100644 index 5a82c109f..000000000 --- a/example-workflows/gke/README.md +++ /dev/null @@ -1,112 +0,0 @@ -# Google Kubernetes Engine - GitHub Actions - -An example workflow that uses [GitHub Actions][actions] to deploy a simple hello app -to an existing [Google Kubernetes Engine][gke] cluster. - -This code is intended to be an _example_. You will likely need to change or -update values to match your setup. - -## Workflow description - -For pushes to the `main` branch, this workflow will: - -1. Download and configure the Google [Cloud SDK][sdk] with the provided - credentials. - -1. Use a Kubernetes Deployment to push the image to the cluster. - - - Note that a GKE deployment requires a unique Tag to update the pods. Using - a constant tag `latest` or a branch name `main` may result in successful - workflows that don't update the cluster. - -## Setup - -1. Create a new Google Cloud Project (or select an existing project) and - [enable the Container Registry and Kubernetes Engine APIs](https://console.cloud.google.com/flows/enableapi?apiid=containerregistry.googleapis.com,container.googleapis.com). - -1. [Create a new GKE cluster][cluster] or select an existing GKE cluster. - -1. Create or reuse a GitHub repository for the example workflow: - - 1. [Create a repository](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-new-repository). - - 1. Move into the repository directory: - - ``` - $ cd - ``` - - 1. Copy the example into the repository: - - ``` - $ cp -r /github-actions/example-workflows/gke/ . - ``` - -1. [Create a Google Cloud service account][create-sa] if one does not already - exist. - -1. Add the following [Cloud IAM roles][roles] to your service account: - - - `Kubernetes Engine Developer` - allows deploying to GKE - - **Note:** *These permissions are overly broad to favor a quick start. They do not - represent best practices around the Principle of Least Privilege. To - properly restrict access, you should create a custom IAM role with the most - restrictive permissions.* - -1. [Create a JSON service account key][create-key] for the service account. - - **Note**: *You won't require this if you are using [self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners)* - -1. Add the following secrets to your repository's secrets: - - - `GKE_PROJECT`: Google Cloud project ID - - - `GKE_SA_KEY`: the content of the service account JSON file - -1. Update `.github/workflows/gke.yml` to match the values corresponding to your - VM: - - - `GKE_CLUSTER` - the instance name of your cluster - - - `GKE_ZONE` - the zone your cluster resides - - You can find the names of your clusters using the command: - - ``` - $ gcloud container clusters list --project $PROJECT_ID - ``` - - and the zone using the command: - - ``` - $ gcloud container clusters describe - ``` - -## Run the workflow - -1. Add and commit your changes: - - ```text - $ git add . - $ git commit -m "Set up GitHub workflow" - ``` - -1. Push to the `main` branch: - - ```text - $ git push -u origin main - ``` - -1. View the GitHub Actions Workflow by selecting the `Actions` tab at the top - of your repository on GitHub. Then click on the `Deploy simple nginx to GKE` - element to see the details. - -[actions]: https://help.github.com/en/categories/automating-your-workflow-with-github-actions -[cluster]: https://cloud.google.com/kubernetes-engine/docs/quickstart#create_cluster -[gke]: https://cloud.google.com/gke -[create-sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts -[create-key]: https://cloud.google.com/iam/docs/creating-managing-service-account-keys -[sdk]: https://cloud.google.com/sdk -[secrets]: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets -[roles]: https://cloud.google.com/iam/docs/granting-roles-to-service-accounts#granting_access_to_a_service_account_for_a_resource diff --git a/example-workflows/gke/deployment.yml b/example-workflows/gke/deployment.yml deleted file mode 100644 index 44674931d..000000000 --- a/example-workflows/gke/deployment.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gke-hello-app -spec: - replicas: 2 - selector: - matchLabels: - app: gke-hello-app - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - minReadySeconds: 5 - template: - metadata: - labels: - app: gke-hello-app - spec: - containers: - - name: hello-app - image: gcr.io/google-samples/hello-app:1.0 - ports: - - containerPort: 8080 - resources: - requests: - cpu: 100m - limits: - cpu: 100m ---- -apiVersion: v1 -kind: Service -metadata: - name: gke-hello-app-service -spec: - type: LoadBalancer - ports: - - port: 80 - targetPort: 8080 - selector: - app: gke-hello-app