yc-actions /yc-sls-container-deploy
GitHub Action to deploy Serverless Container to Yandex Cloud
Repository Statistics
Key metrics and engagement data
Timeline
Repository has been active for N/A
Repository Created
Last ActivityInactive for NaN months
Stars
Looks like this repository is a hidden gem!
No stargazers yet. Why not be the first to give it a star?
Check back soon, we will update it in background!
yc-actions/yc-sls-container-deploy
GitObs.com⭐0
Want deeper insights? Explore GitObs.com
Languages
README.md
GitHub Action to deploy Serverless Container to Yandex Cloud
Create a serverless container with the provided name if there is no one. Then deploy a new revision using the provided image name and tag.
Table of Contents
Usage
yaml1 - uses: actions/checkout@v423 - name: Get Yandex Cloud IAM token4 id: get-iam-token5 uses: docker://ghcr.io/yc-actions/yc-iam-token-fed:1.0.06 with:7 yc-sa-id: aje***89 - name: Login to Docker Hub10 uses: docker/login-action@v311 with:12 registry: cr.yandex13 username: iam14 password: ${{ steps.get-iam-token.outputs.token }}1516 - name: Build, tag, and push image to Yandex Cloud Container Registry17 env:18 CR_REGISTRY: crp0000000000000000019 CR_REPOSITORY: my-cr-repo20 IMAGE_TAG: ${{ github.sha }}21 run: |22 docker build -t cr.yandex/$CR_REGISTRY/$CR_REPOSITORY:$IMAGE_TAG .23 docker push cr.yandex/$CR_REGISTRY/$CR_REPOSITORY:$IMAGE_TAG2425 - name: Deploy Serverless Container26 id: deploy-sls-container27 uses: yc-actions/yc-sls-container-deploy@v328 with:29 yc-sa-id: aje***30 container-name: yc-action-demo31 folder-id: bbajn5q2d74c********32 revision-service-account-id: ajeqnasj95o7********33 revision-cores: 134 revision-memory: 512Mb35 revision-core-fraction: 10036 revision-concurrency: 837 revision-image-url: cr.yandex/crp00000000000000000/my-cr-repo:${{ github.sha }}38 revision-execution-timeout: 10
One of yc-sa-json-credentials, yc-iam-token or yc-sa-id should be provided depending on the authentication method you
want to use. The action will use the first one it finds.
yc-sa-json-credentialsshould contain JSON with authorized key for Service Account. More info in Yandex Cloud IAM documentation.yc-iam-tokenshould contain IAM token. It can be obtained usingyc iam create-tokencommand or using yc-actions/yc-iam-token-fed
yaml1 - name: Get Yandex Cloud IAM token2 id: get-iam-token3 uses: docker://ghcr.io/yc-actions/yc-iam-token-fed:1.0.04 with:5 yc-sa-id: aje***
yc-sa-idshould contain Service Account ID. It can be obtained usingyc iam service-accounts listcommand. It is used to exchange GitHub token for IAM token using Workload Identity Federation. More info in Yandex Cloud IAM documentation.
See action.yml for the full documentation for this action's inputs and outputs.
Permissions
Deploy time permissions
To perform this action, the service account on behalf of which we are acting must have
the serverless-containers.editor role or higher.
Additionally, you may need to grant the following optional roles depending on your specific needs:
| Optional Role | Required For |
|---|---|
iam.serviceAccounts.user | Providing the service account ID in parameters, ensuring access to the service account |
vpc.user | Deploying the container in a VPC with a specified network ID |
serverless-containers.admin | Making the container public |
functions.editor | If you are using secrets. serverless-containers.editor missing some permissions, so you have to use this one additionnaly. |
Runtime permissions
The service account provided to container via revision-service-account-id parameter must have the following roles:
| Required Role | Required For |
|---|---|
storage.viewer | To mount the bucket to the container in read only mode. |
storage.editor | To mount the bucket to the container in read-write mode. |
lockbox.payloadViewer | To access the Lockbox secrets. |
kms.keys.encrypterDecrypter | To decrypt the Lockbox secrets, if they are encrypted with KMS key. |
License Summary
This code is made available under the MIT license.