如何使用GitHub Actions部署Cloud Run服务

引言 (Introductions)

In this article, we will use GitHub Actions as a CI/CD pipeline in order to deploy automatically our Cloud Run service when you push new code to master.

在本文中，我们将GitHub Actions用作CI / CD管道，以便在您将新代码推送至主服务器时自动部署我们的Cloud Run服务。

TLDR； (TLDR;)

On this blog post, we created our simple java spring boot application on GitHub and set up the GitHub Actions to deploy it to Cloud Run.

在此博客文章上，我们在GitHub上创建了简单的java spring boot应用程序，并设置了GitHub Actions来将其部署到Cloud Run。

You can see a working repository here.

您可以在此处看到可用的存储库。

要求 (Requirements)

1. GCP account with the billing activated. If you don’t have one yet you can create a new one using the free tier at $300.

   帐单已激活的GCP帐户。 如果您还没有，可以使用$ 300的免费套餐创建一个新的。

2. Free GitHub account and a new repository.
   免费的GitHub帐户和一个新的存储库。

概念 (Concepts)

云跑 (Cloud Run)

Write code your way by deploying any container that listens for requests or events. Build applications in your favorite language, with your favorite dependencies and tools, and deploy them in seconds.

通过部署任何侦听请求或事件的容器，以自己的方式编写代码。 使用您喜欢的语言，您喜欢的依赖项和工具来构建应用程序，然后在几秒钟内部署它们。

Cloud Run abstracts away all infrastructure management by automatically scaling up and down from zero almost instantaneously — depending on traffic. Cloud Run only charges you for the exact resources you use.

Cloud Run通过几乎瞬间自动从零开始向上和向下缩放(取决于流量)来抽象化所有基础架构管理。 Cloud Run仅向您收取您使用的确切资源。

Cloud Run makes app development and deployment simpler and faster. And it’s fully integrated with Cloud Code, Cloud Build, Cloud Monitoring, and Cloud Logging for an enhanced end-to-end developer experience.

Cloud Run使应用程序开发和部署变得更简单，更快。 而且它与Cloud Code ， Cloud Build ， Cloud Monitoring和Cloud Logging完全集成在一起，以增强端到端的开发人员体验。

GitHub动作 (GitHub Actions)

GitHub Actions makes it easy to automate all your software workflows, now with world-class CI/CD. Build, test, and deploy your code right from GitHub. Make code reviews, branch management, and issue triaging work the way you want.

GitHub Actions借助世界一流的CI / CD，可轻松实现所有软件工作流程的自动化。 直接从GitHub构建，测试和部署代码。 使代码审查，分支机构管理和问题分类工作按您想要的方式进行。

** GitHub Action has a free tier of 2,000 minutes per month.

** GitHub Action每月有2,000分钟的免费套餐。

开始之前 (Before start)

You will need a GCP project, so if you haven’t created yet you can follow these steps:

您将需要一个GCP项目，因此，如果尚未创建，则可以按照以下步骤操作：

1. Go to the Manage resources page in the Cloud Console.

   转到Cloud Console中的“ 管理资源”页面。

   Go to the Manage resources page in the Cloud Console.GO TO THE MANAGE RESOURCES PAGE

   转到Cloud Console中的“ 管理资源”页面。 转到管理资源页面

2. On the Select organization drop-down list at the top of the page, select the organization in which you want to create a project. If you are a free trial user, skip this step, as this list does not appear.

   在页面顶部的“ 选择组织”下拉列表中，选择要在其中创建项目的组织。 如果您是免费试用用户，请跳过此步骤，因为此列表不会出现。

3. Click Create Project.

   单击创建项目 。

4. In the New Project window that appears, enter a project name and select a billing account as applicable. A project name can contain only letters, numbers, single quotes, hyphens, spaces, or exclamation points, and must be between 4 and 30 characters.

   在出现的“ 新建项目”窗口中，输入项目名称并选择一个计费帐户(如果适用)。 项目名称只能包含字母，数字，单引号，连字符，空格或感叹号，并且必须在4到30个字符之间。

5. Enter the parent organization or folder in the Location box. That resource will be the hierarchical parent of the new project.

   在位置框中输入上级组织或文件夹。 该资源将成为新项目的层次结构父级。

6. When you’re finished entering new project details, click Create.

   输入新的项目详细信息后，点击创建 。

You will also need to enable the Cloud Run API and Container Registry API:

您还需要启用Cloud Run API和Container Registry API：

1. Go to the Cloud Console API Library.

   转到Cloud Console API库。

2. From the projects list, select the project you want to use.
   从项目列表中，选择要使用的项目。

3. In the API Library, select the Cloud Run API

   在API库中，选择Cloud Run API

4. On the API page, click ENABLE.

   在API页面上，点击启用 。

5. Select Container Registry API

   选择容器注册表API

6. Click ENABLE

   单击启用

认证方式 (Authentication)

创建服务帐户 (Creating a Service Account)

The GitHub runner runs on their own data center, so we will need to authenticate the calls to our GCP project. GitHub also gives you the ability to have the actions running within your own environment, but this will be a topic for another post :).

GitHub运行程序在其自己的数据中心上运行，因此我们需要对对GCP项目的调用进行身份验证。 GitHub还使您能够在自己的环境中运行操作，但这将是另一篇文章的主题：)。

In order to achieve that, we will create a Service Account and add the keys int the GitHub Secrets section.

为了实现这一点，我们将创建一个服务帐户并将密钥添加到GitHub Secrets部分中。

1. In the Cloud Console, go to the Service Accounts page.

   在云控制台中，转到“ 服务帐户”页面。

2. Click Select a project, choose your project, and click Open.

   点击选择一个项目 ，选择您的项目，然后点击打开 。

3. Click Create Service Account.

   单击创建服务帐户 。

4. Enter a service account name — we will use github-action-deploy.

   输入服务帐户名称- 我们将使用 github-action-deploy。

5. As a best practice, we should grant the minimum permissions necessary, so this Service Account will need the roles Cloud Run Admin, Service Account User, and Storage Admin.

   最佳做法是，我们应授予必要的最低权限，因此该服务帐户将需要角色Cloud Run Admin，服务帐户用户 和 Storage Admin。

Save it.

保存。

In the next page, click on the service account name and click on Add Key

在下一页中，单击服务帐户名称，然后单击“ 添加密钥”

Click on Create a new key and leave it to the JSON format and click create. You should download a JSON key.

单击创建新密钥，并将其保留为JSON格式，然后单击创建。 您应该下载一个JSON密钥。

将服务帐户凭据添加到GitHub (Add the Service Account credentials to GitHub)

1. On the GitHub page in your new repo, go to the Settings -> Secrets. The values added here will work as an environment variable within the GitHub Action.

   在新仓库中的GitHub页面上，转到设置 -> 秘密。 此处添加的值将在GitHub Action中用作环境变量。

2. Click on new secret and add the name GCP_SA_KEY and copy the content of the service account key you just downloaded into the value section.

   单击新密码并添加名称GCP_SA_KEY，然后将刚刚下载的服务帐户密钥的内容复制到value部分。

3. Click on new secret again and add the name GCP_SA_EMAIL. Copy the service account email we just created into the value section.

   再次单击新密码 ，然后添加名称GCP_SA_EMAIL。 将我们刚刚创建的服务帐户电子邮件复制到value部分。

4. We will also add our GCP project ID into the secrets in order to avoid having this exposed within the code. Click on new secret and add the name GCP_PROJECT_ID. Copy the project ID from your GCP Console.

   我们还将GCP项目ID添加到机密中，以避免在代码中暴露此ID。 单击新密码并添加名称GCP_PROJECT_ID。 从GCP控制台复制项目ID。

Example of GitHub Secret creation

GitHub Secret创建示例

演示应用 (Demo App)

Creating a Java Application

创建一个Java应用程序

** You can use your own container with any language you desired and if you have one already you can skip this section **

**您可以使用自己想要的任何一种语言的容器，如果已经有一种语言，则可以跳过本节**

We will be using the java hello world application example from the GCP documentation that you can find here, and you can create your own following these steps.

我们将使用GCP文档中的java hello world应用程序示例，您可以在此处找到，您可以按照以下步骤创建自己的示例。

1. Create a new java spring boot app based on the spring starter website.
   根据spring starter网站创建一个新的java spring boot应用程序。

curl https://start.spring.io/starter.zip \
    -d dependencies=web \
    -d javaVersion=1.8 \
    -d bootVersion=2.1.3.RELEASE \
    -d name=helloworld \
    -d artifactId=helloworld \
    -d baseDir=helloworld \
    -o helloworld.zip
unzip helloworld.zip
cd helloworld

2. Update your HelloworldApplication.java file adding our HelloWorld endpoint. The file should be similar to

2.添加我们的HelloWorld端点来更新HelloworldApplication.java文件。 该文件应类似于

package com.example.helloworld;import org.springframework.beans.factory.annotation.Value;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;import org.springframework.web.bind.annotation.GetMapping;import org.springframework.web.bind.annotation.RestController;
@SpringBootApplicationpublic class HelloworldApplication {
   public static void main(String[] args) {
      SpringApplication.run(HelloworldApplication.class, args);
   }
   @Value("${TARGET:World}")
   String target;
   @RestController
   class HelloworldController {
      @GetMapping("/")
      String hello() {
         return "Hello " + target + "!";
      }
   }
}

创建您的Dockerfile (Create your Dockerfile)

We are also using the GCP example from here.

我们还在这里使用GCP示例。

# Use the official maven/Java 8 image to create a build artifact.
# https://hub.docker.com/_/maven
FROM maven:3.5-jdk-8-alpine as builder
# Copy local code to the container image.
WORKDIR /app
COPY pom.xml .
COPY src ./src
# Build a release artifact.
RUN mvn package -DskipTests
# Use AdoptOpenJDK for base image.
# It's important to use OpenJDK 8u191 or above that has container support enabled.
# https://hub.docker.com/r/adoptopenjdk/openjdk8
# https://docs.docker.com/develop/develop-images/multistage-build/#use-multi-stage-builds
FROM adoptopenjdk/openjdk8:jdk8u202-b08-alpine-slim
# Copy the jar to the production image from the builder stage.
COPY --from=builder /app/target/helloworld-*.jar /helloworld.jar
# Run the web service on container startup.
CMD ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/helloworld.jar"]

GitHub动作 (GitHub Action)

创建动作文件 (Create the Actions file)

Create a file on the folder .github/workflows/cloud-run-action.yaml inside your repo. Don’t forget to add the correct project ID.

在存储库中的文件夹.github / workflows / cloud-run-action.yaml上创建一个文件。 不要忘记添加正确的项目ID。

name: publish
on: [push]
jobs:
  build:
    name: Cloud Run Deployment
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@master
      - name: Setup GCP Service Account
        uses: GoogleCloudPlatform/github-actions/setup-gcloud@master
        with:
          version: 'latest'
          service_account_email: ${{ secrets.GCP_SA_EMAIL }}
          service_account_key: ${{ secrets.GCP_SA_KEY }}
          export_default_credentials: true
      - name: Configure Docker
        run: |
          gcloud auth configure-docker
      
      - name: Build
        run: |
          docker build -t gcr.io/${{ secrets.GCP_PROJECT_ID }}/helloworld:latest .
      - name: Push
        run: |
          docker push gcr.io/${{ secrets.GCP_PROJECT_ID }}/helloworld:latest
      - name: Deploy
        run: |
          gcloud run deploy helloworld \
          --region europe-west1 \
          --image gcr.io/${{ secrets.GCP_PROJECT_ID }}/helloworld \
          --platform managed \
          --allow-unauthenticated \
          --project ${{ secrets.GCP_PROJECT_ID }}

At the end of the deploy section log, you will see the Cloud Run URL deployed, and it should look like something similar this:

在“部署”部分日志的末尾，您将看到已部署的“云运行” URL，它看起来应类似于以下内容：

Service [helloworld] revision [helloworld-00002-123] has been deployed and is serving 100 percent of traffic at https://helloworld-abcsdefgh-ew.a.run.app

清理 (Clean UP)

1. Delete your Cloud Run instance.
   删除您的Cloud Run实例。
2. Remove the Service Account IAM permissions.
   删除服务帐户IAM权限。
3. Delete the Service Account.
   删除服务帐户。
4. Delete the Image from the registry.
   从注册表中删除图像。
5. Delete your GitHub Repo if you don’t need it anymore.
   如果您不再需要GitHub Repo，请删除它。
6. Delete the project in case you will not use it anymore.
   删除项目，以防您不再使用它。

所以… (So…)

You could see the GitHub Actions integrates smoothly with GCP. You also have an option to use your own runner inside your own environment if you are concern about security and data on someone's server.

您会看到GitHub Actions与GCP顺利集成。 如果您担心某人服务器上的安全性和数据，还可以选择在自己的环境中使用自己的运行程序。

Cloud Run is pretty straight forward as well and I do recommend you have a try if serverless is an option for you — and you don’t want to care about servers.

Cloud Run也非常简单，如果没有服务器，那么我建议您尝试一下-并且您不想关心服务器。

You can also see a fully working version on GitHub account https://github.com/femrtnz/cloud-run-github-action

您还可以在GitHub帐户https://github.com/femrtnz/cloud-run-github-action上看到一个完全可用的版本

Please feel free to comment and let me know if you have any questions.

请随时发表评论，如果您有任何疑问，请通知我。

翻译自: https://medium.com/google-cloud/how-to-deploy-your-cloud-run-service-using-github-actions-e5b6a6f597a3