feat: add example workflow (#14)

* feat: add example workflow

* docs: Add roles link

Author: averikitsch

.github/workflows/example-workflow.yaml

@@ -0,0 +1,38 @@
+# Copyright 2020 Google, LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+on:
+  push:
+    branches:
+      - example
+
+name: Deploy to Google App Engine
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Deploy to App Engine
+        id: deploy
+        uses: google-github-actions/[email protected]
+        with:
+          deliverables: example-app/app.yaml
+          project_id: ${{ secrets.GCP_PROJECT }}
+          credentials: ${{ secrets.GCP_SA_KEY }}
+
+      - name: Show Output
+        run: echo ${{ steps.deploy.outputs.url }}

README.md

@@ -77,13 +77,12 @@ for more information.
 There are a few ways to authenticate this action. The caller must have
 permissions to access the secrets being requested.
 
-Roles needed:
+[Roles needed](https://cloud.google.com/appengine/docs/standard/python/roles#predefined_roles):
 
+- App Engine Admin (`roles/appengine.appAdmin`): can manage all App Engine resources
+- Service Account User (`roles/iam.serviceAccountUser`): to deploy as the service account
 - Storage Admin (`roles/compute.storageAdmin`): to upload files
 - Cloud Build Editor (`cloudbuild.builds.editor`): to build the application
-- App Engine roles:
-  - Deployer (`roles/appengine.deployer`): Can deploy but can not promote
-  - Admin (`roles/appengine.appAdmin`): Can manage all App Engine resources (not recommended)
 
 *Note:* An owner will be needed to create the App Engine application
 
@@ -133,6 +132,75 @@ only works using a custom runner hosted on GCP.**
 The action will automatically detect and use the Application Default
 Credentials.
 
+## Example Workflows
+
+* [Deploy from source](#deploy-from-source)
+
+### Setup
+
+1.  Clone this repo.
+
+1. Create a new Google Cloud Project (or select an existing project).
+
+1. [Initialize your App Engine app with your project](https://cloud.google.com/appengine/docs/standard/nodejs/console#console).
+
+1.  [Create a Google Cloud service account][sa] or select an existing one.
+
+1.  Add the the following [Cloud IAM roles][roles] to your service account:
+
+    - `App Engine Admin` - allows for the creation of new App Engine apps
+
+    - `Service Account User` -  required to deploy to App Engine as service account
+
+    - `Storage Admin` - allows upload of source code
+
+    - `Cloud Build Editor` - allows building of source code
+
+1.  [Download a JSON service account key][create-key] for the service account.
+
+1.  Add the following [secrets to your repository's secrets][gh-secret]:
+
+    - `GCP_PROJECT`: Google Cloud project ID
+
+    - `GCP_SA_KEY`: the downloaded service account key
+
+### Deploy from source
+
+To run this workflow, push to the branch named `example`:
+
+```sh
+git push YOUR-FORK main:example
+```
+
+## Migrating from `setup-gcloud`
+
+Example using `setup-gcloud`:
+
+```YAML
+- name: Setup Cloud SDK
+  uses: google-github-actions/[email protected]
+  with:
+    project_id: ${{ env.PROJECT_ID }}
+    service_account_key: ${{ secrets.GCP_SA_KEY }}
+
+- name: Deploy to App Engine
+  run: gcloud app deploy app.yaml --quiet --no-promote --version v1
+
+```
+
+Migrated to `deploy-appengine`:
+
+```YAML
+- name: Deploy to App Engine
+  uses: google-github-actions/[email protected]
+  with:
+    deliverables: app.yaml
+    project_id: ${{ secrets.GCP_PROJECT }}
+    credentials: ${{ secrets.GCP_SA_KEY }}
+    promote: false
+    version: v1
+```
+
 [gae]: https://cloud.google.com/appengine
 [sm]: https://cloud.google.com/secret-manager
 [sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts

action.yml

@@ -11,6 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
 name: Deploy to Google App Engine
 author: Google LLC
 description: |-

example-app/.gcloudignore

@@ -0,0 +1,4 @@
+.github
+node_modules
+dist
+README.md

example-app/app.yaml

@@ -0,0 +1,15 @@
+# Copyright 2020 Google, LLC.
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+runtime: nodejs12

example-app/index.js

@@ -0,0 +1,28 @@
+// Copyright 2020 Google, LLC.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+const express = require('express');
+const app = express();
+
+app.get('/', (req, res) => {
+  console.log('Hello world received a request.');
+
+  const target = process.env.TARGET || 'World';
+  res.send(`Hello ${target}!`);
+});
+
+const port = process.env.PORT || 8080;
+app.listen(port, () => {
+  console.log('Hello world listening on port', port);
+});