Skip to content

feat: add cloudrun deploy job #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
smelchior merged 15 commits into from
Nov 19, 2025
Merged

feat: add cloudrun deploy job #29

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
dd9dcf7
feat: add cloudrun deploy jobs
smelchior Nov 7, 2025
9666519
fix: review items
smelchior Nov 7, 2025
e606a4d
feat: add container flag
smelchior Nov 8, 2025
6a4dad1
fix: cloudrun commands
smelchior Nov 8, 2025
de7e13d
fix: cloudrun commands
smelchior Nov 8, 2025
ab029e3
fix: cloudrun commands
smelchior Nov 8, 2025
0c2369b
fix: cloudrun commands
smelchior Nov 8, 2025
4887ad5
fix: cloudrun commands
smelchior Nov 8, 2025
39572c8
fix: cloudrun commands
smelchior Nov 8, 2025
94051b3
fix: add beta component to gcloud CLI installation
smelchior Nov 8, 2025
33c8e62
fix: cloudrun commands
smelchior Nov 8, 2025
64bdf69
fix: review comments
smelchior Nov 10, 2025
80e6d85
chore: fix review comments
smelchior Nov 14, 2025
ac94dcf
Apply suggestion from @coderabbitai[bot]
smelchior Nov 14, 2025
8996ff3
Merge branch 'v1' into feat/cloudrun
smelchior Nov 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 92 additions & 0 deletions .github/workflows/deploy-cloudrun.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
name: 'Reusable gcp cloudrun deploy workflow'

on:
workflow_call:
inputs:
job-name:
description: 'Cloud Run Job name (at least one of job-name or service-name required)'
required: false
type: string
service-name:
description: 'Cloud Run Service name (at least one of job-name or service-name required)'
required: false
type: string
registry:
description: 'Container registry URL (e.g., gcr.io, europe-west3-docker.pkg.dev)'
required: true
type: string
artifact-repository:
description: 'Image repository name without registry prefix (e.g., my-image)'
required: true
type: string
artifact-tag:
description: 'Image tag of the container image to deploy'
required: true
type: string
region:
description: 'GCP region for Cloud Run deployment (e.g., europe-west3)'
required: true
type: string
flags:
description: 'Additional flags to pass to the gcloud deploy command'
type: string
container:
description: 'Container name for multi-container deployments'
type: string
workload-identity-provider:
description: 'GCP Workload Identity Provider resource name'
required: true
type: string
workload-identity-service-account-mail:
description: 'GCP service account email for workload identity OIDC authentication'
required: true
type: string
jobs:
deploy_cloudrun:
name: Deployment job
permissions:
contents: 'read'
id-token: 'write'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate inputs
run: |
if [[ -z "${{ inputs.job-name }}" && -z "${{ inputs.service-name }}" ]]; then
echo "::error::At least one of 'job-name' or 'service-name' must be provided"
exit 1
fi
- uses: 'google-github-actions/auth@v3'
with:
service_account: ${{ inputs.workload-identity-service-account-mail }}
workload_identity_provider: ${{ inputs.workload-identity-provider }}
- name: 'Set up gcloud CLI'
uses: 'google-github-actions/setup-gcloud@v3'
with:
install_components: 'beta'

# we cannot use google-github-actions/deploy-cloudrun here due to:
# https://github.com/google-github-actions/deploy-cloudrun/issues/558
- name: 'deploy cloudrun'
env:
CONTAINER: ${{ inputs.container }}
run: |
if [ -n "$CONTAINER" ]; then
CONTAINER_FLAG="--container $CONTAINER"
else
CONTAINER_FLAG=""
fi
IMAGE="${{ inputs.registry }}/${{ inputs.artifact-repository }}:${{ inputs.artifact-tag }}"
EXTRA_FLAGS="${{ inputs.flags }}"
gcloud config set run/region "${{ inputs.region }}"
if [ -n "${{ inputs.job-name }}" ]; then
gcloud beta run jobs deploy "${{ inputs.job-name }}" \
${CONTAINER_FLAG} \
--image "$IMAGE" \
${EXTRA_FLAGS}
else
gcloud run deploy "${{ inputs.service-name }}" \
${CONTAINER_FLAG} \
--image "$IMAGE" \
${EXTRA_FLAGS}
Comment on lines +71 to +91
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

Improve shell robustness: quote variable assignments to prevent word-splitting issues.

The deployment step constructs flag strings that could be vulnerable to word-splitting if inputs contain spaces or special characters. While container names and flags typically don't have such characters in practice, shell best practices suggest explicit quoting.

Current approach:

CONTAINER_FLAG="--container $CONTAINER"
# Later used as: ${CONTAINER_FLAG}

If inputs.container contains unexpected characters, the construction could fail.

Consider refactoring to apply the env var directly and quote the variable value:

  env:
    CONTAINER: ${{ inputs.container }}
  run: |
    if [ -n "$CONTAINER" ]; then
-     CONTAINER_FLAG="--container $CONTAINER"
+     CONTAINER_FLAG="--container \"$CONTAINER\""
    else
      CONTAINER_FLAG=""
    fi
    IMAGE="${{ inputs.registry }}/${{ inputs.artifact-repository }}:${{ inputs.artifact-tag }}"
-   EXTRA_FLAGS="${{ inputs.flags }}"
+   EXTRA_FLAGS="${{ inputs.flags }}"

Alternatively, conditionally inject the flag directly into the gcloud command to avoid intermediate variable construction.

This aligns with the previous review suggestion to guard against weird characters in inputs.

🤖 Prompt for AI Agents 
.github/workflows/deploy-cloudrun.yaml lines 71-91: the script builds flag
strings with unquoted variable expansions (e.g., CONTAINER_FLAG="--container
$CONTAINER" and later ${CONTAINER_FLAG}), which can cause word-splitting if
inputs contain spaces/special chars; change to either (a) avoid intermediate
flag concatenation and inject the flag directly into the gcloud call using a
conditional that passes "--container" "$CONTAINER" when CONTAINER is non-empty,
or (b) quote expansions when building and expanding the variables (e.g.,
CONTAINER_FLAG="--container \"$CONTAINER\"" and use "${CONTAINER_FLAG}" ), and
also quote IMAGE and EXTRA_FLAGS usages in the gcloud commands to ensure robust
handling of spaces/special characters.

fi
6 changes: 6 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,12 @@ Template:

When a GH commit URL is included in commit message, link the commit from said comment.

### Cloud Run Deployment

Deploy images to Google Cloud Run services or jobs.

See [deploy-cloudrun.yaml](./.github/workflows/deploy-cloudrun.yaml) for details.

### Cloud Function Deployment

Deploy code to Google Cloud Function.
Expand Down