blog.petitviolet.net

Fix GCP Deployment from GitHub Action

2020-11-23

GoogleAppEngineGitHub Actions

Previously, I posted about how to deploy this blog via GitHub Actions to Google AppEngine.

Deploy blog via GitHub Actions Deploy automation using GitHub Actions. This blog(https://blog.petitviolet.net) is hosted by Google AppEngine. GAE is useful not only for dynamic WEB applications but also for static sites. To deploy…

However, because of recent updates, it started failing. This post describes how to update the GitHub Action configurations to fix such issues.

Update GCP image

First, updating GCP image to fix the following errors.

The add-path command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/ The set-env command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

GoogleCloudPlatform/github-actions has been updated and its newer version fixed the above issues. The following diff is what I did to apply the updates.

     - name: setup gcloud environment
-      uses: GoogleCloudPlatform/github-actions@0.1.2
+      uses: GoogleCloudPlatform/github-actions/setup-gcloud@master
       with:
-        version: '281.0.0'
+        version: '290.0.1'
         service_account_email: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }}
         service_account_key: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }}
+        export_default_credentials: true

Update ServiceAccount roles

Second, gcloud app deployment failed due to PERMISSION_DENIED error as following.

ERROR: (gcloud.app.deploy) PERMISSION_DENIED: You do not have permission to act as '<id>@appspot.gserviceaccount.com'
'@type': type.googleapis.com/google.rpc.ResourceInfo
description: You do not have permission to act as this service account.
resourceName: <id>@appspot.gserviceaccount.com
resourceType: serviceAccount

As I described in the post(deploy-blog-via-github-actions), it has worked expectedly. However, it seems the newer image requires additional role of the ServiceAccount.

It has to have Service Account User role in addition to roles that described in the previous post.

service account user

Now, the all problems have been fixed!