zxyle / publish-gae-action Goto Github PK

Hi all,
quick question which is not really an issue:
Is the client-secret.json the key for the service account? If yes, why did we set up the key in the secret? Should it be used like so:

gcloud auth activate-service-account ${{ secrets.GCP_SA_EMAIL }} --key-file=${{ secrets.GCP_SA_KEY }}

I am having a bit of trouble to understand the doc here.

I want to use this template to depoy my Docker container to Google Cloud App Engine.
https://github.com/steinko/lumdb/blob/master/.github/workflows/google.yml
I have place the service account key an email as secret keys
https://github.com/steinko/lumdb/settings/secrets
A errr occure when GIthub execute the Github Action
ERROR: (gcloud.auth.activate-service-account) Unable to read file [client-secret.json]: [Errno 2] No such file or directory: 'client-secret.json'
##[error]Process completed with exit code 1.

https://github.com/steinko/lumdb/runs/428578324

What must I do to get the data from the service accout key to the client-secret.json?

##[error]ENOENT: no such file or directory, open './app.yaml'
but this file is in the root of the project

This is the error I’m getting:

ERROR: (gcloud.auth.activate-service-account) Unable to read file [client-secret.json]: [Errno 2] No such file or directory: 'client-secret.json'
##[error]Process completed with exit code 1.

This is my structure:

server
|-> index.js
|-> app.yaml
|-> package.json
|-> package-lock.json

This is my workflow file:

name: Build and Deploy
on:
  push:
    branches:
      - server

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repo
        uses: actions/checkout@master
      - name: Install Dependencies
        run: npm install
        working-directory: ./server
  deploy:
    name: Deploy
    needs: build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repo
        uses: actions/checkout@master
      - name: Initialize Google Cloud SDK
        uses: zxyle/publish-gae-action@master
        with:
          service_account_email: ${{ secrets.GCP_SA_EMAIL }}
          service_account_key: ${{ secrets.GCP_SA_KEY }}
          project_id: ${{ secrets.PROJECT_ID }}
          gae_config_path: ./server/app.yaml
      - name: Publish app to Google App Engine
        run: | 
          # This client-secret.json is converted by GCP_SA_KEY.
          gcloud auth activate-service-account ${{ secrets.GCP_SA_EMAIL }} --key-file=client-secret.json
          gcloud config set project ${{ secrets.PROJECT_ID }}
          gcloud -q app deploy app.yaml --promote
        working-directory: ./server

My workflow

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]

jobs:
  deploy:
    
    runs-on: ubuntu-latest
    
    steps:
    - name: Initialize Google Cloud SDK
      uses: zxyle/publish-gae-action@master
      with:
        service_account_email: ${{ secrets.GCP_SA_EMAIL }}
        service_account_key: ${{ secrets.GCP_SA_KEY }}
        project_id: ${{ secrets.PROJECT_ID }}

    - name: Publish app to Google App Engine
      run: |
        # This client-secret.json is converted by GCP_SA_KEY.
        gcloud auth activate-service-account ${{ secrets.GCP_SA_EMAIL }} --key-file=client-secret.json
        gcloud config set project ${{ secrets.PROJECT_ID }}
        gcloud -q app deploy app.yaml --promote
        # Suppose you need a cron task.
        gcloud -q app deploy cron.yaml

My app.yaml

This action works great for me and I wanted to start a quick thread to see if anyone has figured out how to hide the secret env variables in the App Engine dashboard as seen in the attached screenshot.

Has anybody figured out how to prevent Google App Engine from printing the environment variables in the dashboard that are written to the app.yaml? Seems odd they make it so difficult to hide and use secret keys in app engine 😅.

i wonder how can we get the output of the deploy url. Could you help me to figure out that

I get this error:

##[error]ENOENT: no such file or directory, open './app.yaml'

The file is under ./backend/src/main/appengine/app.yml starting from the repository root, but copying it to ./app.yml didn't fix the issue.

Where is this file supposed to be? Could you maybe add a configuration option to specify the file path?

My full workflow:

# GitHub actions

name: Deploy to App Engine (GCP)
on:
  push:
    branches: [master]
  pull_request:
    branches: [master]

jobs:
  build:
    name: Deployment
    runs-on: ubuntu-latest
    steps:
      - name: Initialize Google Cloud SDK
        uses: zxyle/publish-gae-action@master
        with:
          service_account_email: ${{ secrets.GCP_SA_EMAIL }}
          service_account_key: ${{ secrets.GCP_SA_KEY }}
          project_id: ${{ secrets.PROJECT_ID }}
          # An optional variables parameter can be used
          gae_variables: ${{ secrets.GAE_VARIABLES }}

      [remaining steps omitted]

You must activate the Cloud Resource Manager API, to be fix this issue. Just replace YOUR_PROJECT_ID_HERE of the link bellow and click ENABLE.

https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=YOUR_PROJECT_ID_HERE

When I pass gae_config_path input

uses: zxyle/publish-gae-action@master
with:
  service_account_email: ${{ secrets.GCP_SA_EMAIL }}
  service_account_key: ${{ secrets.GCP_SA_KEY }}
  project_id: ${{ secrets.PROJECT_ID }}
  gae_config_path: ./packages/my-project

I get this error:

##[warning]Unexpected input 'gae_config_path', valid inputs are ['service_account_email', 'service_account_key', 'project_id', 'gae_variables']

action.yml doesn't include this input. That might be the issue.

Is the text shown in usage supposed to be pasted into a yml file under workflows directly, or does some formatting need to go around it? I get an error from the parser about a list being found instead of an object when I do that.