petitviolet blog

    Deploy blog via GitHub Actions

    2020-03-10

    GoogleAppEngineGitHub Actions

    This blog(https://blog.petitviolet.net) is hosted on Google AppEngine(a.k.a GAE). GAE is super useful not only for dynamic WEB applications but also for static sites. To deploy applications and sites on GAE, it just needs to call gcloud app deploy command.
    Speaking of GAE deployments, it usually happens frequently, so that I wanted to make deployment automated one.

    This post describes how to deploy applications to GAE through GitHub Actions.

    Create a GCP ServiceAccount

    A GCP service account is needed to automate deployments. You can find and create it from here: https://console.cloud.google.com/iam-admin/serviceaccounts?project=[project-name]

    GAE deployment requires these IAM roles:

    • App Engine Deployer
    • App Engine Service Admin
    • Cloud Build Service Account
    • Storage Object Viewer

    At the last, you have to save the generated JSON key.

    Configure secrets

    The next step is to configure some secrets to be able to run gcloud app deploy in GitHub Actions. For example, it can configure like:

    • GCP_SERVICE_ACCOUNT_EMAIL: an email address created before section
    • GCP_SERVICE_ACCOUNT_KEY: whole JSON key file content

    I'm going to touch GITHUB_ACTION_TOKEN in future posts.

    Write GitHub Actions YAML

    Writing a YAML file is an inevitable step, unfortunately.
    The whole of a sample YAML file is below.

    name: deploy
    
    on:
      push:
        branches:
          - master
    
    jobs:
      run:
        runs-on: ubuntu-latest
    
        steps:
          - uses: actions/checkout@v2
    
          - name: setup node
            uses: actions/setup-node@v1
            with:
              node-version: "13.x"
    
          - name: cache dependencies
            uses: actions/cache@v1
            with:
              path: ~/.npm
              key: ${{ runner.os }}-node-${{ hashFiles('**/yarn.lock') }}
              restore-keys: |
                ${{ runner.os }}-node-
    
          - name: build
            run: |
              yarn
              yarn build
    
          - name: setup gcloud environment
            uses: GoogleCloudPlatform/github-actions@0.1.2
            with:
              version: "281.0.0"
              service_account_email: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }}
              service_account_key: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }}
    
          - name: deploy
            run: |
              gcloud app deploy \
                  --project <project> \
                  --version 'hoge' \
                  --promote \
                  --quiet \
                  ./app.yaml
    

    To be able to use gcloud command with a login session, setup gcloud environment section is the most important one. It uses GCP_SERVICE_ACCOUNT_EMAIL and GCP_SERVICE_ACCOUNT_KEY which are saved at the previous section, and then the following steps can access GCP with the credentials.

    Besides, the build process will create lots of caches and intermediate files, and affect deployment durations and package sizes. In order to mitigate such problemns, using .gcloudignore probably work to reduce them. It looks like:

    .* # hidden files
    node_modules
    yarn.lock