The project ID of the setup gcloud action is occasionally being parsed with a $ at the head of the string. It is not happening on every run, but seems to happen more than half of the time.
This is happening whether the with: project_id: variable is set or not. The output of the action shows the project_id is being passed in correctly.
No unnecessary $ at the start of the Project ID
Regularly (but not for all runs) a $ is being inserted at the front of the Project ID
name: Deploy
on:
push:
branches:
- main
release:
types:
- prereleased
- released
pull_request:
branches:
- main
jobs:
setup_env:
name: Setup Environment Variables
runs-on: ubuntu-latest
outputs:
repository_project: ${{ steps.set_repo.outputs.repository_project }}
environment: ${{ steps.set_env.outputs.env }}
git_short: ${{ steps.set_git_short.outputs.git_short }}
steps:
- name: Checkout Code
uses: actions/[email protected]
- name: Set Environment
id: set_env
run: |
if [[ "${{ github.event_name }}" == "release" ]]; then
if [[ "${{ github.event.action }}" == "prereleased" ]]; then
echo "::set-output name=env::stg"
elif [[ "${{ github.event.action }}" == "released" ]]; then
echo "::set-output name=env::prd"
fi
else
echo "::set-output name=env::test"
fi
- name: Set Repository Project
id: set_repo
run: echo "::set-output name=repository_project::<our-project>"
- name: Set Git Short
id: set_git_short
run: |
export GIT_SHORT_HASH=`git rev-parse --short ${GITHUB_SHA}`
echo "::set-output name=git_short::${GIT_SHORT_HASH}"
# Builds and pushes the <first-image> docker image to GCR
build_and_push_first_image:
name: Build and Publish <first-image> Docker Image
runs-on: ubuntu-latest
needs: [setup_env]
environment: ${{ needs.setup_env.outputs.environment }}
outputs:
image_with_tag: ${{ steps.get_image_with_tag.outputs.image_with_tag }}
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: Checkout Code
uses: actions/[email protected]
# Creates a docker image using the git commit short
- name: Create Docker Image Tag
id: dockertag
env:
IMAGE: <our-project>-<first-image>
REPOSITORY: ${{ needs.setup_env.outputs.repository_project }}
GIT_SHORT: ${{ needs.setup_env.outputs.git_short }}
run: |
echo "::set-output name=image_name::gcr.io/${REPOSITORY}/${IMAGE}"
echo "::set-output name=image_with_git_short::gcr.io/${REPOSITORY}/${IMAGE}:${GIT_SHORT}"
echo "::set-output name=image_with_latest::gcr.io/${REPOSITORY}/${IMAGE}:latest"
echo "::set-output name=image_with_release::gcr.io/${REPOSITORY}/${IMAGE}:${GITHUB_REF/refs\/tags\//}"
- id: 'auth'
uses: 'google-github-actions/[email protected]'
with:
workload_identity_provider: projects/<project-number>/locations/global/workloadIdentityPools/new-pool/providers/<workload-provider>
service_account: <service-account>@${{ needs.setup_env.outputs.repository_project }}.iam.gserviceaccount.com
# Setup the gcloud SDK with the repository project
- name: Setup Google Cloud SDK
uses: google-github-actions/[email protected]
with:
project_id: ${{ needs.setup_env.outputs.repository_project }}
# Configure docker to use gcloud
- name: Configure Docker with gcloud
run: gcloud auth configure-docker
# Tags an image with build tag
- name: Build Test Image
# Build an image when push to main (test gcr)
if: needs.setup_env.outputs.environment == 'test'
env:
GONOSUMDB: "<gonosumdb"
GOPROXY: https://github:${{ secrets.GITHUB_TOKEN }}@athens.prd.cds.internal.unity3d.com/
run: |
docker build \
-t ${{ steps.dockertag.outputs.image_with_git_short }} \
-t ${{ steps.dockertag.outputs.image_with_latest }} \
-f build/docker/<first-image>.Dockerfile \
--build-arg GONOSUMDB=${GONOSUMDB} \
--build-arg GOPROXY=${GOPROXY} \
.
# Tags an image with build and release-candidate tag
- name: Build Stage Image
# Build an image when creating a prerelease (prd gcr)
if: needs.setup_env.outputs.environment == 'stg'
env:
GONOSUMDB: "<gonosumdb"
GOPROXY: https://github:${{ secrets.GITHUB_TOKEN }}@athens.prd.cds.internal.unity3d.com/
run: |
docker build \
-t ${{ steps.dockertag.outputs.image_with_git_short }} \
-t ${{ steps.dockertag.outputs.image_with_release }} \
-f build/docker/<first-image>.Dockerfile \
--build-arg GONOSUMDB=${GONOSUMDB} \
--build-arg GOPROXY=${GOPROXY} \
.
# Tag an existing image with production release tag
- name: Tag Prod Image
if: needs.setup_env.outputs.environment == 'prd'
run: |
docker pull ${{ steps.dockertag.outputs.image_with_git_short }}
docker tag \
${{ steps.dockertag.outputs.image_with_git_short }} \
${{ steps.dockertag.outputs.image_with_release }} \
# Publish the images to gcr with all tags
- name: Publish to GCR
run: |
docker push ${{ steps.dockertag.outputs.image_name }} --all-tags
# Gets the image and tag we want to deploy. On test env, we use the git_short. Stage and Prod use the release tag
- name: Get Image with Tag
id: get_image_with_tag
run: |
if [[ "${{ github.event_name }}" == "release" ]]; then
echo "::set-output name=image_with_tag::${{ steps.dockertag.outputs.image_with_release }}"
else
echo "::set-output name=image_with_tag::${{ steps.dockertag.outputs.image_with_git_short }}"
fi
# Builds and pushes the <second-image> docker image to GCR
build_and_push_<second-image>:
name: Build and Publish <second-image> Docker Image
runs-on: ubuntu-latest
needs: [setup_env]
environment: ${{ needs.setup_env.outputs.environment }}
outputs:
image_with_tag: ${{ steps.get_image_with_tag.outputs.image_with_tag }}
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: Checkout Code
uses: actions/[email protected]
# Creates a docker image using the git commit short
- name: Create Docker Image Tag
id: dockertag
env:
IMAGE: <our-project>-<second-image>
REPOSITORY: ${{ needs.setup_env.outputs.repository_project }}
GIT_SHORT: ${{ needs.setup_env.outputs.git_short }}
run: |
echo "::set-output name=image_name::gcr.io/${REPOSITORY}/${IMAGE}"
echo "::set-output name=image_with_git_short::gcr.io/${REPOSITORY}/${IMAGE}:${GIT_SHORT}"
echo "::set-output name=image_with_latest::gcr.io/${REPOSITORY}/${IMAGE}:latest"
echo "::set-output name=image_with_release::gcr.io/${REPOSITORY}/${IMAGE}:${GITHUB_REF/refs\/tags\//}"
- name: 'auth'
uses: 'google-github-actions/[email protected]'
with:
workload_identity_provider: projects/<project-number>/locations/global/workloadIdentityPools/new-pool/providers/<workload-provider>
service_account: <service-account>@$${{ needs.setup_env.outputs.repository_project }}.iam.gserviceaccount.com
# Setup the gcloud SDK with the repository project
- name: Setup Google Cloud SDK
uses: google-github-actions/[email protected]
with:
project_id: ${{ needs.setup_env.outputs.repository_project }}
# Configure docker to use gcloud
- name: Configure Docker with gcloud
run: gcloud auth configure-docker
# Tags an image with build tag
- name: Build Test Image
# Build an image when push to main (test gcr)
if: needs.setup_env.outputs.environment == 'test'
env:
GONOSUMDB: "<gonosumdb"
GOPROXY: https://github:${{ secrets.GITHUB_TOKEN }}@athens.prd.cds.internal.unity3d.com/
run: |
docker build \
-t ${{ steps.dockertag.outputs.image_with_git_short }} \
-t ${{ steps.dockertag.outputs.image_with_latest }} \
-f build/docker/<second-image>.Dockerfile \
--build-arg GONOSUMDB=${GONOSUMDB} \
--build-arg GOPROXY=${GOPROXY} \
.
# Tags an image with build and release-candidate tag
- name: Build Stage Image
# Build an image when creating a prerelease (prd gcr)
if: needs.setup_env.outputs.environment == 'stg'
env:
GONOSUMDB: "<gonosumdb"
GOPROXY: https://github:${{ secrets.GITHUB_TOKEN }}@athens.prd.cds.internal.unity3d.com/
run: |
docker build \
-t ${{ steps.dockertag.outputs.image_with_git_short }} \
-t ${{ steps.dockertag.outputs.image_with_release }} \
-f build/docker/<second-image>.Dockerfile \
--build-arg GONOSUMDB=${GONOSUMDB} \
--build-arg GOPROXY=${GOPROXY} \
.
# Tag an existing image with production release tag
- name: Tag Prod Image
if: needs.setup_env.outputs.environment == 'prd'
run: |
docker pull ${{ steps.dockertag.outputs.image_with_git_short }}
docker tag \
${{ steps.dockertag.outputs.image_with_git_short }} \
${{ steps.dockertag.outputs.image_with_release }} \
# Publish the images to gcr with all tags
- name: Publish to GCR
run: |
docker push ${{ steps.dockertag.outputs.image_name }} --all-tags
# Gets the image and tag we want to deploy. On test env, we use the git_short. Stage and Prod use the release tag
- name: Get Image with Tag
id: get_image_with_tag
run: |
if [[ "${{ github.event_name }}" == "release" ]]; then
echo "::set-output name=image_with_tag::${{ steps.dockertag.outputs.image_with_release }}"
else
echo "::set-output name=image_with_tag::${{ steps.dockertag.outputs.image_with_git_short }}"
fi
## Two more jobs have been truncated for readability as the action fails before it can reach them.### Job build_and_push_<first-image> (runs fine on this run. Fails with the same error on other runs)
2022-05-18T17:35:47.3897474Z ##[group]Run google-github-actions/[email protected]
2022-05-18T17:35:47.3897728Z with:
2022-05-18T17:35:47.3897910Z project_id: <our-project>
2022-05-18T17:35:47.3898118Z version: latest
2022-05-18T17:35:47.3898330Z export_default_credentials: false
2022-05-18T17:35:47.3898556Z cleanup_credentials: true
2022-05-18T17:35:47.3898744Z env:
2022-05-18T17:35:47.3899041Z CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/<our-project>/<our-project>/<creds>.json
2022-05-18T17:35:47.3899447Z GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/<our-project>/<our-project>/<creds>.json
2022-05-18T17:35:47.3899822Z GOOGLE_GHA_CREDS_PATH: /home/runner/work/<our-project>/<our-project>/<creds>.json
2022-05-18T17:35:47.3900117Z CLOUDSDK_CORE_PROJECT: <our-project>
2022-05-18T17:35:47.3900359Z CLOUDSDK_PROJECT: <our-project>
2022-05-18T17:35:47.3900585Z GCLOUD_PROJECT: <our-project>
2022-05-18T17:35:47.3900802Z GCP_PROJECT: <our-project>
2022-05-18T17:35:47.3901014Z GOOGLE_CLOUD_PROJECT: <our-project>
2022-05-18T17:35:47.3901247Z ##[endgroup]
<fully completes run with no issue>
### Job build_and_push_<second-image> (fails on this run)
2022-05-18T17:35:38.8521363Z ##[group]Run google-github-actions/[email protected]
2022-05-18T17:35:38.8521658Z with:
2022-05-18T17:35:38.8521863Z project_id: <our-project>
2022-05-18T17:35:38.8522100Z version: latest
2022-05-18T17:35:38.8522322Z export_default_credentials: false
2022-05-18T17:35:38.8522565Z cleanup_credentials: true
2022-05-18T17:35:38.8522773Z env:
2022-05-18T17:35:38.8523109Z CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/<our-project>/<our-project>/<creds>.json
2022-05-18T17:35:38.8523571Z GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/<our-project>/<our-project>/<creds>.json
2022-05-18T17:35:38.8524001Z GOOGLE_GHA_CREDS_PATH: /home/runner/work/<our-project>/<our-project>/<creds>.json
2022-05-18T17:35:38.8524338Z CLOUDSDK_CORE_PROJECT: $<our-project>
2022-05-18T17:35:38.8524592Z CLOUDSDK_PROJECT: $<our-project>
2022-05-18T17:35:38.8524838Z GCLOUD_PROJECT: $<our-project>
2022-05-18T17:35:38.8525075Z GCP_PROJECT: $<our-project>
2022-05-18T17:35:38.8525304Z GOOGLE_CLOUD_PROJECT: $<our-project>
2022-05-18T17:35:38.8525554Z ##[endgroup]
2022-05-18T17:35:39.8965919Z [command]/usr/bin/tar xz --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/bbc8309c-72df-4321-b75e-0acbee76bd7e -f /home/runner/work/_temp/8c579c06-8586-48cb-a12b-4bac7c75781d
2022-05-18T17:35:53.2437187Z Successfully set default project
2022-05-18T17:35:54.3782833Z ##[error]google-github-actions/setup-gcloud failed with: failed to execute command `gcloud --quiet auth login --cred-file /home/runner/work/<our-project>/<our-project>/<creds>.json`: ERROR: (gcloud.auth.login) The project property must be set to a valid project ID, [$<our-project>] is not a valid project ID.
To set your project, run:
$ gcloud config set project PROJECT_ID
or to unset it, run:
$ gcloud config unset project
No response
After looking closer, it was only failing on the <second-image> build. Turns out I had an extra $ on the service account on the auth module
- name: 'auth'
uses: 'google-github-actions/[email protected]'
with:
workload_identity_provider: ...
service_account: <service-account>@$${{ env.project_name }}.iam.gserviceaccount.com
While it's a bit strange that this value overrides the explicitly set project_id, the action would have failed regardless.
| Owner Name | google-github-actions |
| Repo Name | setup-gcloud |
| Full Name | google-github-actions/setup-gcloud |
| Language | TypeScript |
| Created Date | 2019-11-05 |
| Updated Date | 2023-03-23 |
| Star Count | 1505 |
| Watcher Count | 65 |
| Fork Count | 548 |
| Issue Count | 11 |
| Issue Title | Created Date | Updated Date |
|---|