If you are using Googles App Engine and want to use secrets in the app.yaml file, you can store them as Secrets in
your repository and have them replaced during deployment.
Place the following in your /.github/workflows/main.yml behind actions/checkout@v2.
...
steps:
- uses: actions/checkout@v2
- uses: 73h/[email protected]
env:
SECRET_ONE: ${{ secrets.SECRET_ONE }}
ANOTHER_SECRET: ${{ secrets.ANOTHER_SECRET }}
with:
app_yaml_path: "app.yaml"
...Extract app.yaml
...
env_variables:
APP_ENV: production
SECRET_ONE: $SECRET_ONE
ANOTHER_SECRET: $ANOTHER_SECRET
...An example with Google's App Engine (GAE) deployment.
/.github/workflows/main.yml
on: push
name: Deploy site on push
jobs:
deploy_on_googles_app_engine:
name: Deploy
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: 73h/[email protected]
env:
SECRET_ONE: ${{ secrets.SECRET_ONE }}
SECRET_TWO: ${{ secrets.SECRET_TWO }}
with:
app_yaml_path: "app.yaml"
- uses: 'google-github-actions/auth@v0'
with:
credentials_json: '${{ secrets.GCP_SA_JSON }}'
- uses: 'google-github-actions/deploy-appengine@v0'
with:
deliverables: 'app.yaml'
promote: true
version: 'v1'The full app.yaml file looks like this.
runtime: python39
entrypoint: gunicorn -b :$PORT main:app --chdir app
handlers:
- url: /.*
script: auto
secure: always
redirect_http_response_code: 301
automatic_scaling:
max_instances: 1
env_variables:
APP_ENV: production
SECRET_ONE: $SECRET_ONE
SECRET_TWO: $SECRET_TWO
ANOTHER_PARAM: "73"| Key Name | Required | Examples | Default Value | Description |
|---|---|---|---|---|
app_yaml_path |
No | config/app.yamlmyapp.yaml |
app.yaml |
full path to your app.yaml file |