Open
Description
TL;DR
this tool requires
- skaffold.yaml to be defined
- a
stablefolder to be present
I found both to be badly documented and we just found out through trial/error against GCP and digging into the logs. Any way we can get this documented better? Why is skaffold.yaml needed but not marked as required? And using an empty service, the below occurs
Downloading and unarchiving content from "gs://7b3bc9f2837146cb9f107205a84c8a35_clouddeploy/source/1745406046.456649-9c4ba98d85e9446caf6f415197f23d04.tgz" locally to "/workspace/source"
--
29 | Resolving the Skaffold Config at /workspace/source/skaffold.yaml
30 | Running the following command: skaffold [diagnose --yaml-only --filename=skaffold.yaml --profile= --output=/workspace/stable/config.yaml]
31 | Running the following command: skaffold [render --filename=/workspace/stable/config.yaml --build-artifacts=/workspace/artifacts.json --output=/workspace/stable/manifest.yaml --offline=true --digest-source=none --label="managed-by=google-cloud-deploy" --label="delivery-pipeline-id=orchard-delivery-pipeline" --label="release-id=dummy-051b43fd" --label="location=us-central1" --label="project-id=ec-orchard-dev" --label="target-id=orchard-target-dev"]
32 | --digest-source set to 'none', tags listed in Kubernetes manifests will be used for render
33 | error: yaml file /workspace/stable/manifest.yaml is empty
34 | ERROR
35 | ERROR: build step 0 "us-central1-docker.pkg.dev/cd-image-prod/cd-imag
Expected behavior
No response
Observed behavior
No response
Action YAML
name: Deploy Dummy Service via Cloud Deploy
on:
push:
branches:
- main
paths:
- 'services/dummy/**' # Trigger only if dummy service code changes
- '.github/workflows/deploy_dummy.yml'
jobs:
deploy:
name: Build and Deploy Dummy Service
runs-on: ubuntu-latest
permissions:
contents: 'read'
id-token: 'write' # Needed for Workload Identity Federation
# Configure these in GitHub Secrets or Variables
# GCP_PROJECT_ID: Your Google Cloud project ID
# GCP_REGION: The region for Cloud Run & Artifact Registry (e.g., us-central1)
# ENVIRONMENT: The deployment environment (e.g., dev, staging, prod) matching your Terraform setup
# WIF_PROVIDER: Your Workload Identity Pool Provider resource name
# format: https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token
# SERVICE_ACCOUNT: The email of the Google Service Account for deployment
env:
PROJECT_ID: ec-orchard-dev
REGION: us-central1
ENVIRONMENT: dev
SERVICE_NAME: 'orchard-backend-dev' # Matches naming in cloudrun.tf
ARTIFACT_REGISTRY_REPO: 'ec-orchard-repo' # Adjust if your repo name is different
GAR_LOCATION: us-central1 # Artifact Registry location
DELIVERY_PIPELINE_NAME: 'orchard-delivery-pipeline'
steps:
- name: Checkout code
uses: actions/checkout@v4
# ------------------------------------------------------------------------------------------------
# DEBUG START
# - name: Checkout actions-oidc-debugger
# uses: actions/checkout@v3
# with:
# repository: github/actions-oidc-debugger
# ref: main
# path: ./.github/actions/actions-oidc-debugger
# - name: Debug OIDC Claims
# uses: ./.github/actions/actions-oidc-debugger
# with:
# audience: '${{ github.server_url }}/${{ github.repository_owner }}'
# ------------------------------------------------------------------------------------------------
- name: Authenticate to Google Cloud
id: auth
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: 'projects/299386668624/locations/global/workloadIdentityPools/matrix-pool-rw/providers/matrix-gh-provider-rw'
project_id: ${{ env.PROJECT_ID }}
service_account: ${{ secrets.SERVICE_ACCOUNT }}
- name: Set up Cloud SDK
uses: 'google-github-actions/setup-gcloud@v2'
- name: Authorize Docker push
run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev --quiet
- name: Build and Push Docker Image
id: build-push
run: |
IMAGE_TAG=${{ github.sha }}
IMAGE_NAME="${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.ARTIFACT_REGISTRY_REPO }}/dummy"
echo "Building and pushing image: ${IMAGE_NAME}"
docker build -t "${IMAGE_NAME}" ./services/dummy --platform linux/amd64
# push to artifact registry
docker tag "${IMAGE_NAME}" "${IMAGE_NAME}:${IMAGE_TAG}"
docker push "${IMAGE_NAME}:${IMAGE_TAG}"
docker tag "${IMAGE_NAME}" "${IMAGE_NAME}:latest"
docker push "${IMAGE_NAME}:latest"
echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_OUTPUT
- name: Generate Short SHA
id: vars
run: echo "sha_short=$(echo ${{ github.sha }} | cut -c1-8)" >> $GITHUB_OUTPUT
- name: Create Cloud Deploy Release
id: create-release
uses: 'google-github-actions/create-cloud-deploy-release@v1'
with:
name: 'dummy-${{ steps.vars.outputs.sha_short }}' # Using short SHA for release name
delivery_pipeline: ${{ env.DELIVERY_PIPELINE_NAME }}
region: ${{ env.REGION }}
images: 'dummy-image=${{ steps.build-push.outputs.IMAGE_NAME }}'
description: 'Deploy dummy service revision ${{ github.sha }} triggered by GitHub Actions'
source: 'services/dummy'
- name: Show Cloud Deploy Release Link
run: |
echo "Created Cloud Deploy release ${{ steps.create-release.outputs.name }}."
echo "Link: ${{ steps.create-release.outputs.link }}"Log output
Additional information
No response