Deploy blog via GitHub Actions


GoogleAppEngineGitHub Actions

This blog( is hosted by Google AppEngine. GAE is useful not only for dynamic WEB applications but also for static sites. To deploy application and site to GAE, it just needs to run gcloud app deploy command.
Speaking of deployment, it frequently happens so that I wanted to make deployment automated.

This post describes how to deploy to GAE through GitHub Actions.

Create a GCP ServiceAccount

A GCP service account is needed to automate deployment. You can find and create it from here:[project-name]

GAE deployment requires these IAM roles:

  • App Engine Deployer
  • App Engine Service Admin
  • Cloud Build Service Account
  • Storage Object Viewer

At last, you have to save the generated JSON key.

Configure secrets

Next step is configuring some secrets to run gcloud app deploy from GitHub Actions. For example, it can configure like:

  • GCP_SERVICE_ACCOUNT_EMAIL: an email address created before section
  • GCP_SERVICE_ACCOUNT_KEY: whole JSON key file content

I’m going to touch GITHUB_ACTION_TOKEN in future posts.

Write GitHub Actions YAML

Of course, writing a YAML file is an inevitable step 😇
A whole of a YAML file example is below.

name: deploy

      - master

    runs-on: ubuntu-latest

      - uses: actions/checkout@v2

      - name: setup node
        uses: actions/setup-node@v1
          node-version: "13.x"

      - name: cache dependencies
        uses: actions/cache@v1
          path: ~/.npm
          key: ${{ runner.os }}-node-${{ hashFiles('**/yarn.lock') }}
          restore-keys: |
            ${{ runner.os }}-node-

      - name: build
        run: |
          yarn build

      - name: setup gcloud environment
        uses: GoogleCloudPlatform/github-actions@0.1.2
          version: "281.0.0"
          service_account_email: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }}
          service_account_key: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }}

      - name: deploy
        run: |
          gcloud app deploy \
              --project <project> \
              --version 'hoge' \
              --promote \
              --quiet \

To use gcloud command within a login state, setup gcloud environment section is the important one. It uses GCP_SERVICE_ACCOUNT_EMAIL and GCP_SERVICE_ACCOUNT_KEY what saved above, and then the following steps can access GCP with the credentials.

Besides, the build process will create lots of cache and intermediate files, and affect deployment duration and package size. Using .gcloudignore probably work to reduce them. It looks like:

.* # hidden files