blog.petitviolet.net

Deploy blog via GitHub Actions

2020-03-10

GoogleAppEngineGitHub Actions

This blog(https://blog.petitviolet.net) is hosted by Google AppEngine. GAE is useful not only for dynamic WEB applications but also for static sites. To deploy application and site to GAE, it just needs to run gcloud app deploy command.
Speaking of deployment, it frequently happens so that I wanted to make deployment automated.

This post describes how to deploy to GAE through GitHub Actions.

Create a GCP ServiceAccount

A GCP service account is needed to automate deployment. You can find and create it from here: https://console.cloud.google.com/iam-admin/serviceaccounts?project=[project-name]

GAE deployment requires these IAM roles:

  • App Engine Deployer
  • App Engine Service Admin
  • Cloud Build Service Account
  • Storage Object Viewer

At last, you have to save the generated JSON key.

Configure secrets

Next step is configuring some secrets to run gcloud app deploy from GitHub Actions. For example, it can configure like:

  • GCP_SERVICE_ACCOUNT_EMAIL: an email address created before section
  • GCP_SERVICE_ACCOUNT_KEY: whole JSON key file content

I’m going to touch GITHUB_ACTION_TOKEN in future posts.

Write GitHub Actions YAML

Of course, writing a YAML file is an inevitable step 😇
A whole of a YAML file example is below.

name: deploy

on:
  push:
    branches:
      - master

jobs:
  run:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2

      - name: setup node
        uses: actions/setup-node@v1
        with:
          node-version: "13.x"

      - name: cache dependencies
        uses: actions/cache@v1
        with:
          path: ~/.npm
          key: ${{ runner.os }}-node-${{ hashFiles('**/yarn.lock') }}
          restore-keys: |
            ${{ runner.os }}-node-

      - name: build
        run: |
          yarn
          yarn build

      - name: setup gcloud environment
        uses: GoogleCloudPlatform/github-actions@0.1.2
        with:
          version: "281.0.0"
          service_account_email: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }}
          service_account_key: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }}

      - name: deploy
        run: |
          gcloud app deploy \
              --project <project> \
              --version 'hoge' \
              --promote \
              --quiet \
              ./app.yaml

To use gcloud command within a login state, setup gcloud environment section is the important one. It uses GCP_SERVICE_ACCOUNT_EMAIL and GCP_SERVICE_ACCOUNT_KEY what saved above, and then the following steps can access GCP with the credentials.

Besides, the build process will create lots of cache and intermediate files, and affect deployment duration and package size. Using .gcloudignore probably work to reduce them. It looks like:

.* # hidden files
node_modules
yarn.lock