A GitHub Action for installing and configuring the gcloud CLI.
setup-gcloud
GitHub ActionConfigures the Google Cloud SDK in the GitHub Actions environment. The Google Cloud SDK includes both the gcloud and gsutil binaries.
Or integrate natively with other Google Cloud GitHub Actions:
This is not an officially supported Google product, and it is not covered by a Google Cloud support contract. To report bugs or request features in a Google Cloud product, please contact Google Cloud support.
This action requires Google Cloud credentials to execute gcloud commands. See Authorization for more details.
This action runs using Node 20. If you are using self-hosted GitHub Actions runners, you must use a runner version that supports this version or newer.
jobs:
job_id:
# Add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: '[email protected]'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
with:
version: '>= 363.0.0'
- name: 'Use gcloud CLI'
run: 'gcloud info'
skip_install
: (Optional) Skip the gcloud
installation and use the
system-installed gcloud instead. This can dramatically
improve workflow speeds at the expense of a slightly older gcloud version.
Setting this to true
ignores any value for the version
input. If you
skip installation, you will be unable to install components because the
system-install gcloud is locked. The default value is false
. ⚠️ Be aware
that GitHub plans to remove
the system-installed gcloud, and any workflows with skip_install: true
will stop working when that happens.
version
: (Optional) A string representing the version or version
constraint of the Cloud SDK (gcloud
) to install (e.g. "290.0.1"
or ">= 197.0.1"
). The default value is "latest"
, which will always download and
install the latest available Cloud SDK version.
- uses: 'google-github-actions/setup-gcloud@v2'
with:
version: '>= 416.0.0'
If there is no installed gcloud
version that matches the given constraint,
this GitHub Action will download and install the latest available version
that still matches the constraint.
Warning! Workload Identity Federation requires version 363.0.0 or newer. If you need support for Workload Identity Federation, specify your version constraint as such:
- uses: 'google-github-actions/setup-gcloud@v2'
with:
version: '>= 363.0.0'
You are responsible for ensuring the gcloud
version matches the features
and components required. See the gcloud release
notes for a full list of versions.
project_id
: (Optional) Project ID (not project number) of the Google
Cloud project. If provided, this will configure the gcloud
CLI to use that
project ID for commands. Individual commands can still override the project
with the --project
flag. If unspecified, the action attempts to find the
"best" project ID by looking at other inputs and environment variables.
install_components
: (Optional) List of Cloud SDK
components to install
specified as a comma-separated list of strings:
install_components: 'alpha,cloud-datastore-emulator'
The setup-gcloud
action installs the Cloud SDK (gcloud
). To configure its authentication
to Google Cloud, you must first use the google-github-actions/auth action. The auth
action sets Application Default Credentials, then the setup-gcloud
action references
these credentials to configure gcloud credentials . You can
authenticate via the following options:
⚠️ You must use the Cloud SDK version 390.0.0 or later to authenticate the
bq
and gsutil
tools.
jobs:
job_id:
# Add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: '[email protected]'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud info'
jobs:
job_id:
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud info'
If you are using self-hosted runners that are hosted on Google Cloud Platform, credentials are automatically obtained from the service account attached to the runner. In this scenario, you do not need to run the google-github-actions/auth action.
jobs:
job_id:
steps:
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud info'
To use multiple service accounts, a second auth step is required to update the credentials before using setup-gcloud
:
jobs:
job_id:
# Add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth service account 1'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: '[email protected]'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud auth list --filter=status:ACTIVE --format="value(account)"'
# [email protected]
- id: 'auth service account 2'
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Use gcloud CLI'
run: 'gcloud auth list --filter=status:ACTIVE --format="value(account)"'
# [email protected]
We recommend pinning to the latest available major version:
- uses: 'google-github-actions/setup-gcloud@v2'
While this action attempts to follow semantic versioning, but we're ultimately human and sometimes make mistakes. To prevent accidental breaking changes, you can also pin to a specific version:
- uses: 'google-github-actions/[email protected]'
However, you will not get automatic security updates or new features without
explicitly updating your version number. Note that we only publish MAJOR
and
MAJOR.MINOR.PATCH
versions. There is not a floating alias for
MAJOR.MINOR
.