Cloud Workflows Continuous Deployment with GitHub Actions!
As an engineer, I find most interesting questions start with “what if”.
I like to keep YAML files for my Cloud Workflows on GitHub. However, I must remember to deploy my workflow to Google Cloud every time I modify it.
That’s a pain.
Wouldn’t it be nice if…
- Whenever we updated a workflow file in a GitHub repo
- Then our Cloud Workflow is automatically updated in Google Cloud
(i.e. no need to manually update a workflow with
gcloud
)
We can do that with the help of a few handy tools! Let me show you how:
The Goal
To automatically deploy to Cloud Workflows, we’ll want to create a GitHub action that listens to pushes to our main branch and runs gcloud workflows deploy
. The action will look something like this on GitHub:
The Setup
1. Create a Cloud Workflow
First, we’ll need to create a Cloud Workflow file in a GitHub repo. Let’s use the classic, myFirstWorkflow.workflows.yaml
:
2. Create a GitHub Action to Deploy a Cloud Workflow
Next, we’ll create a GitHub Action for our repo with 2 steps:
This action has the following steps:
- Step 1: Setup the handy
setup-gcloud
action to enablegcloud
within our GitHub workflow. - Step 2: Run the
gcloud workflows deploy
command with some configuration like the source, project, and service account stored as GitHub secrets.
If you want to deploy a different workflow name in Cloud Workflows, or are using a different YAML file, be sure to change your setup in this file.
3. Authorize the GitHub Action with a Service Account
Now, the tricky part is allowing GitHub to deploy a Cloud Workflow on your behalf without your intervention or credentials.
In the previous step, we told the GitHub Action to use a service account 🤖 stored in GitHub secrets. We need to actually set that up:
Here’s a handy script for creating a service account with the necessary IAM roles for updating a Cloud Workflow. We’ll use the GitHub CLI, gh
, to add these properties to our GitHub repo.
In this script, we’ll add a service account key with the roles workflows.editor
and iam.serviceAccountUser
to GitHub such that GitHub Actions can have permissions to deploy our Workflow.
The Workflow
Now, with this setup, we can simply push to our main branch and see our GitHub Action working in the background. We can even check out the logs and see a history of all executions. Sweet!
Here’s a little gif of what the action looks like on GitHub:
Thanks for reading! It’s a little meta, right? If you enjoyed this article, please give a clap (or two) 👏.
Perhaps check out this other related post too: