added read-permission to deploy.yaml #23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Cloud Functions | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| on: | |
| workflow_dispatch: # Manually trigger the workflow | |
| push: | |
| branches: [main] # Triggers the workflow on pushes to the 'main' branch | |
| # paths: # Optional: Only trigger on changes in these paths (for monorepos) | |
| # - 'cloud-function/**' # Example: Only trigger if changes are in the 'cloud-function' directory | |
| jobs: # Sequence of jobs for this workflow | |
| deploy: | |
| runs-on: ubuntu-latest # Specify virtual machine for running the job | |
| steps: # Sequence of steps for this job | |
| - name: 'Checkout' | |
| uses: 'actions/checkout@v3' | |
| - name: 'Google auth' | |
| id: 'auth' | |
| uses: 'google-github-actions/auth@v1' | |
| with: | |
| workload_identity_provider: '${{ secrets.WIF_PROVIDER }}' | |
| service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}' | |
| - name: Deploy first hello_world_function | |
| run: | | |
| gcloud functions deploy hello_world_function \ | |
| --source cloud_functions/hello_world \ | |
| --region europe-west1 \ | |
| --runtime python39 \ | |
| --trigger-http \ | |
| - name: Deploy second hello_world_function | |
| run: | | |
| gcloud functions deploy hello_world_function_2 \ | |
| --region europe-west1 \ | |
| --source cloud_functions/hello_world_2 \ | |
| --trigger-http \ | |
| --runtime python39 \ | |
| --entry-point hello_world \ | |
| --allow-unauthenticated \ |