Cloud Workflows Continuous Deployment with GitHub Actions!

Grant Timmerman
Google Cloud - Community
3 min readMay 18, 2021
GitHub → Cloud Workflows

As an engineer, I find most interesting questions start with “what if”.

I like to keep YAML files for my Cloud Workflows on GitHub. However, I must remember to deploy my workflow to Google Cloud every time I modify it.

That’s a pain.

Wouldn’t it be nice if

  • Whenever we updated a workflow file in a GitHub repo
  • Then our Cloud Workflow is automatically updated in Google Cloud

(i.e. no need to manually update a workflow with gcloud)

We can do that with the help of a few handy tools! Let me show you how:

The Goal

To automatically deploy to Cloud Workflows, we’ll want to create a GitHub action that listens to pushes to our main branch and runs gcloud workflows deploy. The action will look something like this on GitHub:

An image of a successful GitHub workflow run.

The Setup

1. Create a Cloud Workflow

First, we’ll need to create a Cloud Workflow file in a GitHub repo. Let’s use the classic, myFirstWorkflow.workflows.yaml:

A simple Cloud Workflow that gets Wikipedia results from searching the day of the week.

2. Create a GitHub Action to Deploy a Cloud Workflow

Next, we’ll create a GitHub Action for our repo with 2 steps:

.github/workflows/deploy-cloud-workflow.yaml

This action has the following steps:

  • Step 1: Setup the handy setup-gcloud action to enable gcloud within our GitHub workflow.
  • Step 2: Run the gcloud workflows deploy command with some configuration like the source, project, and service account stored as GitHub secrets.

If you want to deploy a different workflow name in Cloud Workflows, or are using a different YAML file, be sure to change your setup in this file.

3. Authorize the GitHub Action with a Service Account

Now, the tricky part is allowing GitHub to deploy a Cloud Workflow on your behalf without your intervention or credentials.

In the previous step, we told the GitHub Action to use a service account 🤖 stored in GitHub secrets. We need to actually set that up:

Here’s a handy script for creating a service account with the necessary IAM roles for updating a Cloud Workflow. We’ll use the GitHub CLI, gh, to add these properties to our GitHub repo.

setup_iam.sh

In this script, we’ll add a service account key with the roles workflows.editor and iam.serviceAccountUser to GitHub such that GitHub Actions can have permissions to deploy our Workflow.

The Workflow

Now, with this setup, we can simply push to our main branch and see our GitHub Action working in the background. We can even check out the logs and see a history of all executions. Sweet!

Here’s a little gif of what the action looks like on GitHub:

Deploy Cloud Workflow action

Thanks for reading! It’s a little meta, right? If you enjoyed this article, please give a clap (or two) 👏.

Perhaps check out this other related post too:

--

--