This action uploads code to object storage and updates Serverless function in Yandex Cloud with enhanced security, input validation, and error handling.
- 🔒 Enhanced Security: Comprehensive input validation and sanitization
- 🛡️ Error Handling: Proper exception handling with descriptive error messages
- 📊 Input Validation: Memory (128-4096MB) and timeout (1-900s) bounds checking
- 🔧 Environment Parsing: Robust KEY=VALUE parsing with error recovery
- ⚡ Node.js 20: Updated to latest Node.js runtime for better performance
- 🏗️ Dependencies: All dependencies updated to latest secure versions
- Create serverless function in Yandex Cloud and copy function id
- Create s3 bucket (optional, if you want to upload code to bucket or if it's bigger than 5Mb)
- Add workflow to your repo
Place in a .yml|.yaml file such as this one in your .github/workflows folder. Refer to the documentation on workflow YAML syntax here.
name: Push and Deploy Serverless function
on: push
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: goodsmileduck/yandex-serverless-action@v2
with:
token: ${{ secrets.TOKEN }}
bucket: ${{ secrets.BUCKET }}
accessKeyId: ${{ secrets.ACCESS_KEY_ID }}
secretAccessKey: ${{ secrets.SECRET_ACCESS_KEY }}
function_id: '234awefq12345g24f'
runtime: 'python39'
memory: '256'
entrypoint: 'main.handler'
environment: DEBUG=True,COUNT=1
source: '.'
exclude: 'src/'The following settings must be passed as variables as shown in the example. Sensitive information, especially token should be set as encrypted secrets — otherwise, they'll be public to anyone browsing your repository.
| Key | Value | Suggested Type | Required |
|---|---|---|---|
token |
Token for access to yc cli. To get token visit link | secret |
Yes |
function_id |
The ID of function in Yandex Cloud | env |
Yes |
runtime |
Runtime for function in Yandex Cloud. To get the list of allowed args visit link | env |
Yes |
entrypoint |
Entry point of function | env |
Yes |
description |
Description for version of function | env |
No |
environment |
Comma-separated list with env variables in format KEY1=value1,KEY2=value2 |
env |
No |
memory |
Memory limit in megabytes for function in Yandex Cloud. Valid range: 128-4096MB. Default: 128 |
env |
No |
execution_timeout |
Execution timeout in seconds for function in Yandex Cloud. Valid range: 1-900s. Default: 5 |
env |
No |
service_account |
Service account id. | secret |
No |
bucket |
The name of the bucket you're syncing to. For example, bucket. If wasn't set action will try to upload code directly. Required if code bigger than 5Mb |
secret |
No |
accessKeyId |
Yandex AWS Access Key Id when s3 bucket used. Required if code bigger than 5Mb | secret |
No |
secretAccessKey |
Yandex AWS Secret Access Key when s3 bucket used. Required if code bigger than 5Mb | secret |
No |
source |
The local directory you wish to upload. For example, ./public. Defaults to the root of your repository (.) if not provided. |
env |
No |
exclude |
Comma-separated patterns to exclude from archive (e.g., *.txt, node_modules/). Defaults empty if not provided. |
env |
No |
This action includes comprehensive input validation to ensure security and reliability:
- Required fields:
token,function_id,runtime,entrypointare validated for presence - Memory limits: Must be between 128-4096 MB (defaults to 128 MB if invalid)
- Execution timeout: Must be between 1-900 seconds (defaults to 5s if invalid)
- Environment variables: Malformed KEY=VALUE pairs are skipped with warnings
- Exclude patterns: Empty patterns are automatically filtered out
- Minimum Node.js version: 20.x
- GitHub Actions runner: Uses Node.js 20 runtime
- Compatibility: Works with ubuntu-latest, ubuntu-20.04, ubuntu-22.04
- Zip and and deploy folder
- Zip and upload to bucket and deploy
- Exclude pattern from archive
- Set service account id
- uses: goodsmileduck/yandex-serverless-action@v2
with:
token: ${{ secrets.TOKEN }}
function_id: 'my_function_id'
runtime: 'python39'
memory: '256'
entrypoint: 'main.handler'
environment: DEBUG=True,COUNT=1
source: '.'- uses: goodsmileduck/yandex-serverless-action@v2
with:
description: "Function with bucket"
token: ${{ secrets.TOKEN }}
bucket: ${{ secrets.BUCKET }}
accessKeyId: ${{ secrets.ACCESS_KEY_ID }}
secretAccessKey: ${{ secrets.SECRET_ACCESS_KEY }}
function_id: 'my_function_id'
runtime: 'python39'
memory: '256'
entrypoint: 'main.handler'
environment: DEBUG=True,COUNT=1
source: './src'- uses: goodsmileduck/yandex-serverless-action@v2
with:
token: ${{ secrets.TOKEN }}
function_id: 'my_function_id'
runtime: 'python39'
memory: '256'
entrypoint: 'main.handler'
environment: DEBUG=True,COUNT=2
source: './public'
exclude: '*.txt, node_modules/'- uses: goodsmileduck/yandex-serverless-action@v2
with:
token: ${{ secrets.TOKEN }}
function_id: 'my_function_id'
runtime: 'python39'
memory: '256'
entrypoint: 'main.handler'
environment: DEBUG=True,COUNT=2
source: './public'
service_account: ${{ secrets.SERVICE_ACCOUNT }}❌ "Missing GITHUB_SHA environment variable"
- Cause: Action not running in GitHub Actions environment
- Solution: Ensure you're running this in a GitHub Actions workflow
❌ "Missing ACCESS_KEY_ID or SECRET_ACCESS_KEY when bucket is specified"
- Cause: Bucket specified but AWS credentials missing
- Solution: Add
accessKeyIdandsecretAccessKeyinputs when using bucket
❌ "Invalid memory: 'abc' is not a valid number"
- Cause: Non-numeric value provided for memory
- Solution: Use numeric values between 128-4096 (e.g.,
memory: '512')
❌ "Failed to find function with ID: xyz"
- Cause: Function doesn't exist or access denied
- Solution: Verify function ID and ensure token has proper permissions
Enable debug logging by setting:
env:
ACTIONS_STEP_DEBUG: trueRefer to Yandex Cloud documentation for current runtime versions:
python39,python311nodejs18,nodejs20go119,go121- And more...
This project is distributed under the MIT license.