deploy-cloudrun
deploy-cloudrun copied to clipboard
google-github-actions
Failed Parsing of List Parameters for inputs secrets and env_vars
TL;DR
If you put in your secrets or env_vars in list format like the docs:
secrets: |
SECRET=secret:latest
SECRET2=secret2:latest
The yaml is parsed incorrectly to the cli resulting in \n being added.
Example:
ERROR: gcloud crashed (ValueError): Invalid secret spec 'db_username:latest\nDB_PASSWORD=db_password:latest'
Expected behavior
I expected the yaml list to be parsed into the cli in a format without newlines.
Observed behavior
Instead newlines get added in to gcloud command called. The same thing happens with env_vars except the cli just takes it in stride and you end up with a env_vars in cloud run with one key and the rest of the key-value pairs on new lines. The current workaround is that we just put our env_vars and secrets in like this.
env_vars: ENV1=whaaat,ENV2=yaahhyaa,ENV3=ok
secrets: SECRET1=secret1:latest,SECRET2=secret2:latest
Action YAML
deploy:
name: Deploy to GCP Cloud Run
needs: build_n_push
runs-on: ubuntu-latest
# permission for gcp
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: Checkout # gcp auth needs this step
uses: actions/checkout@v2
- name: Get GCP Token
id: auth
uses: google-github-actions/auth@v0
with:
token_format: access_token
workload_identity_provider: our/identity/provider
service_account: our/service/account
access_token_lifetime: 300s
- name: Set Docker Metadata
id: meta
uses: docker/metadata-action@v3
with:
images: our/docker-image
tags: |
type=raw,value=latest
- name: Deploy to Cloud Run
uses: google-github-actions/deploy-cloudrun@v0
with:
image: us-central1-docker.pkg.dev/project/repository/${{ steps.meta.outputs.tags }}
service: servicename
region: us-central1
env_vars: |
RELEASEMODE=development
NODE_ENV=development
PORT=4000
DB_DATABASE=database_name
secrets: |
DB_SERVER=db_server:latest
DB_USERNAME=db_username:latest
DB_PASSWORD=db_password:latest
Log output
Run google-github-actions/deploy-cloudrun@v0
/usr/bin/tar xz --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/626a8de9-7b8e-4674-b93d-6e539bbd95a2 -f /home/runner/work/_temp/9a140801-40fb-4d40-99ab-ed87987c183b
Running: gcloud beta run deploy **** --image **** --quiet --platform managed --region us-central1 --update-env-vars RELEASEMODE=development
NODE_ENV=development
PORT=4000
DB_DATABASE=**** --update-secrets DB_SERVER=db_server:latest,DB_USERNAME=db_username:latest
DB_PASSWORD=db_password:latest --project ****** --format json
Error: failed to execute gcloud command `gcloud beta run deploy ***** --image **** --quiet --platform managed --region us-central1 --update-env-vars RELEASEMODE=development
NODE_ENV=development
PORT=4000
DB_DATABASE=database_name --update-secrets DB_SERVER=db_server:latest,DB_USERNAME=db_username:latest
DB_PASSWORD=db_password:latest --project database-api-dev --format json`: ERROR: gcloud crashed (ValueError): Invalid secret spec 'db_username:latest\nDB_PASSWORD=db_password:latest'
Additional information
No response
Interesting - we have logic to convert newlines to commas, but that doesn't appear to be working for some reason.
I should probably write an extension to https://github.com/google-github-actions/actions-utils/blob/main/src/csv.ts#L25 that handles newline-separation and trims leading whitespace.
Just a follow up as this is not fix in the latest version even with #312
The latest version supports multi-line parsing and CSV parsing. It does not support multi-line parsing where lines end in CSVs. It's been fixed in the upstream libraries.
The examples above should both work with the latest release:
env_vars: |
RELEASEMODE=development
NODE_ENV=development
PORT=4000
DB_DATABASE=database_name
env_vars: 'RELEASEMODE=development,NODE_ENV=development,PORT=4000,DB_DATABASE=database_name'
The following will not work until the next release:
env_vars: |
RELEASEMODE=development,
NODE_ENV=development,
PORT=4000,
DB_DATABASE=database_name'