How to pass multiline secrets? #587
Description
TL;DR
I'm trying to pass a multiline secret to a deployment, but I can't figure out how to do it!
Currently:
- name: Deploy to Cloud Run
id: deploy
uses: google-github-actions/deploy-cloudrun@v2
with:
service: ${{ env.SERVICE }}
region: ${{ env.REGION }}
image: ...
flags: ...
env_vars: |
NODE_ENV=production
NEXT_TELEMETRY_DISABLED=1
BASE_URL=...
secrets: |-
APP_CLIENT_SECRET=${{ secrets.APP_CLIENT_SECRET }}:latest
APP_PRIVATE_KEY="${{ secrets.APP_PRIVATE_KEY }}:latest"
Where APP_CLIENT_SECRET is a single line, and that seems to work.
APP_PRIVATE_KEY is multiline , and I get the following error:
X google-github-actions/deploy-cloudrun failed with: failed to deploy: ERROR: (gcloud.run.deploy) No secret version specified for APP_PRIVATE_KEY. Use APP_PRIVATE_KEY:latest to reference the latest version.
Is this possible? and if so it would be greatly appreciated to add some documentation for this case.
Expected behavior
No response
Observed behavior
No response
Action YAML
name: Deploy to Cloud Run
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
PROJECT_ID: chipflow-configurator
SERVICE: chipflow-configurator
REGION: us-central1
jobs:
deploy:
runs-on: ubuntu-latest
# Only deploy on main branch pushes (not PRs)
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
permissions:
contents: read
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Google Auth
id: auth
uses: google-github-actions/auth@v2
with:
token_format: 'access_token'
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
- name: Docker Auth
id: docker-auth
uses: docker/login-action@v3
with:
username: 'oauth2accesstoken'
password: '${{ steps.auth.outputs.access_token }}'
registry: '${{ env.REGION }}-docker.pkg.dev'
- name: Build and Push Container
run: |-
docker build --platform linux/amd64 -t "${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ github.sha }}" ./
docker push "${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ github.sha }}"
- name: Deploy to Cloud Run
id: deploy
uses: google-github-actions/deploy-cloudrun@v2
with:
service: ${{ env.SERVICE }}
region: ${{ env.REGION }}
image: ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ github.sha }}
flags: '--allow-unauthenticated --port=3000 --memory=1Gi --cpu=1 --min-instances=0 --max-instances=10'
env_vars: |
NODE_ENV=production
NEXT_TELEMETRY_DISABLED=1
BASE_URL=https://xxxx.yyyy.com
secrets: |-
APP_CLIENT_ID=${{ secrets.APP_CLIENT_ID }}:latest
APP_CLIENT_SECRET=${{ secrets.APP_CLIENT_SECRET }}:latest
APP_ID=${{ secrets.APP_ID }}:latest
APP_PRIVATE_KEY="${{ secrets.APP_PRIVATE_KEY }}:latest"
APP_INSTALLATION_ID=${{ secrets.APP_INSTALLATION_ID }}:latest
APP_WEBHOOK_SECRET=${{ secrets.APP_WEBHOOK_SECRET }}:latest
ANTHROPIC_API_KEY=${{ secrets.ANTHROPIC_API_KEY }}:latest
- name: Show Output
run: echo ${{ steps.deploy.outputs.url }}
# Separate job for testing on PRs
test:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run tests
run: npm test -- --passWithNoTests --watchAll=false
- name: Build application
run: npm run buildLog output
##[debug]Evaluating condition for step: 'Deploy to Cloud Run'
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> true
##[debug]Result: true
##[debug]Starting: Deploy to Cloud Run
##[debug]Loading inputs
##[debug]Evaluating: env.SERVICE
##[debug]Evaluating Index:
##[debug]..Evaluating env:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'SERVICE'
##[debug]=> 'chipflow-configurator'
##[debug]Result: 'chipflow-configurator'
##[debug]Evaluating: env.REGION
##[debug]Evaluating Index:
##[debug]..Evaluating env:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'REGION'
##[debug]=> 'us-central1'
##[debug]Result: 'us-central1'
##[debug]Evaluating: format('{0}-docker.pkg.dev/{1}/{2}/{3}:{4}', env.REGION, env.PROJECT_ID, env.SERVICE, env.SERVICE, github.sha)
##[debug]Evaluating format:
##[debug]..Evaluating String:
##[debug]..=> '{0}-docker.pkg.dev/{1}/{2}/{3}:{4}'
##[debug]..Evaluating Index:
##[debug]....Evaluating env:
##[debug]....=> Object
##[debug]....Evaluating String:
##[debug]....=> 'REGION'
##[debug]..=> 'us-central1'
##[debug]..Evaluating Index:
##[debug]....Evaluating env:
##[debug]....=> Object
##[debug]....Evaluating String:
##[debug]....=> 'PROJECT_ID'
##[debug]..=> 'chipflow-configurator'
##[debug]..Evaluating Index:
##[debug]....Evaluating env:
##[debug]....=> Object
##[debug]....Evaluating String:
##[debug]....=> 'SERVICE'
##[debug]..=> 'chipflow-configurator'
##[debug]..Evaluating Index:
##[debug]....Evaluating env:
##[debug]....=> Object
##[debug]....Evaluating String:
##[debug]....=> 'SERVICE'
google-cloud-sdk/platform/gsutil/third_party/urllib3/test/with_dummyserver/test_https.py
google-cloud-sdk/platform/gsutil/third_party/urllib3/test/with_dummyserver/test_no_ssl.py
google-cloud-sdk/platform/gsutil/third_party/urllib3/test/with_dummyserver/test_poolmanager.py
google-cloud-sdk/platform/gsutil/third_party/urllib3/test/with_dummyserver/test_proxy_poolmanager.py
google-cloud-sdk/platform/gsutil/third_party/urllib3/test/with_dummyserver/test_socketlevel.py
google-cloud-sdk/platform/gsutil/third_party/urllib3/towncrier.toml
google-cloud-sdk/properties
google-cloud-sdk/rpm/mapping/command_mapping.yaml
google-cloud-sdk/rpm/mapping/component_mapping.yaml
##[debug]Caching tool gcloud 541.0.0 x64
##[debug]source dir: /home/runner/work/_temp/82985e2f-5f27-4775-b34b-ce022e265050/google-cloud-sdk
##[debug]destination /opt/hostedtoolcache/gcloud/541.0.0/x64
##[debug]finished caching tool
##[debug]Running command: gcloud --quiet auth login --force --cred-file /home/runner/work/configurator/configurator/gha-creds-9d90aa7523c78c88.json
Successfully authenticated
Running: gcloud run deploy chipflow-configurator --image us-central1-docker.pkg.dev/chipflow-configurator/chipflow-configurator/chipflow-configurator:6d81322895f6b7a19be399edf69a7e4c98e7b7ce --update-env-vars ^,^NODE_ENV=production,NEXT_TELEMETRY_DISABLED=1,BASE_URL=https://configurator.chipflow.io --update-secrets ^,^APP_CLIENT_ID=***:latest,APP_CLIENT_SECRET=***:latest,APP_ID=***:latest,APP_PRIVATE_KEY="***,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***,***:latest"=,APP_INSTALLATION_ID=***:latest,APP_WEBHOOK_SECRET=:latest,ANTHROPIC_API_KEY=***:latest --update-labels ^,^managed-by=github-actions,commit-sha=6d81322895f6b7a19be399edf69a7e4c98e7b7ce --format json --region us-central1 --allow-unauthenticated --port 3000 --memory 1Gi --cpu 1 --min-instances 0 --max-instances 10
##[debug]{
##[debug] "toolCommand": "gcloud",
##[debug] "args": [
##[debug] "run",
##[debug] "deploy",
##[debug] "chipflow-configurator",
##[debug] "--image",
##[debug] "us-central1-docker.pkg.dev/chipflow-configurator/chipflow-configurator/chipflow-configurator:6d81322895f6b7a19be399edf69a7e4c98e7b7ce",
##[debug] "--update-env-vars",
##[debug] "^,^NODE_ENV=production,NEXT_TELEMETRY_DISABLED=1,BASE_URL=https://xxxx.yyyy.com”,
##[debug] "--update-secrets",
##[debug] "^,^APP_CLIENT_ID=***:latest,APP_CLIENT_SECRET=***:latest,APP_ID=***:latest,APP_PRIVATE_KEY=\"***,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***,***:latest\"=,APP_INSTALLATION_ID=***:latest,APP_WEBHOOK_SECRET=:latest,ANTHROPIC_API_KEY=***:latest",
##[debug] "--update-labels",
##[debug] "^,^managed-by=github-actions,commit-sha=6d81322895f6b7a19be399edf69a7e4c98e7b7ce",
##[debug] "--format",
##[debug] "json",
##[debug] "--region",
##[debug] "us-central1",
##[debug] "--allow-unauthenticated",
##[debug] "--port",
##[debug] "3000",
##[debug] "--memory",
##[debug] "1Gi",
##[debug] "--cpu",
##[debug] "1",
##[debug] "--min-instances",
##[debug] "0",
##[debug] "--max-instances",
##[debug] "10"
##[debug] ],
##[debug] "options": {
##[debug] "silent": true,
##[debug] "ignoreReturnCode": true
##[debug] }
##[debug]}
Error: google-github-actions/deploy-cloudrun failed with: failed to deploy: ERROR: (gcloud.run.deploy) No secret version specified for APP_PRIVATE_KEY. Use APP_PRIVATE_KEY:latest to reference the latest version.
, full command:
gcloud run deploy chipflow-configurator --image us-central1-docker.pkg.dev/chipflow-configurator/chipflow-configurator/chipflow-configurator:6d81322895f6b7a19be399edf69a7e4c98e7b7ce --update-env-vars ^,^NODE_ENV=production,NEXT_TELEMETRY_DISABLED=1,BASE_URL=https://xxxx.yyyy.com --update-secrets ^,^APP_CLIENT_ID=***:latest,APP_CLIENT_SECRET=***:latest,APP_ID=***:latest,APP_PRIVATE_KEY="***,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***=,***,***:latest"=,APP_INSTALLATION_ID=***:latest,APP_WEBHOOK_SECRET=:latest,ANTHROPIC_API_KEY=***:latest --update-labels ^,^managed-by=github-actions,commit-sha=6d81322895f6b7a19be399edf69a7e4c98e7b7ce --format json --region us-central1 --allow-unauthenticated --port 3000 --memory 1Gi --cpu 1 --min-instances 0 --max-instances 10
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: Deploy to Cloud Run
Additional information
No response