为 GCP 函数存储 json 密钥文件的最佳方法无服务器部署 Github 操作

Question

我使用 serveless & Github actions 来部署 GCP 功能。

serveless.ylm

service: serverless-test

provider:
  name: google
  runtime: go113
  project: my-gcp-project
  credentials: ./gcp_keyfile_serverless.json

frameworkVersion: '2'

plugins:
  - serverless-google-cloudfunctions

package:
  exclude:
    - .gitignore
    - .git/**

functions:
  hello-world:
    handler: Hello
    events:
      - http: path

deploy_gcp_go.yml

name: Deploy master branch

on:
  push:
    branches:
      - master

jobs:
  deploy:
    name: deploy
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [14.x]
    steps:
    - uses: actions/checkout@v2
    - name: Use Node.js ${{ matrix.node-version }}
      uses: actions/setup-node@v1
      with:
        node-version: ${{ matrix.node-version }}
    - run: npm ci
    - name: serverless deploy
      uses: serverless/github-action@master
      with:
        args: deploy
      env:
        SERVERLESS_ACCESS_KEY: ${{secrets.SERVERLESS_SECRET_KEY}}

有没有办法不在 Github 存储库中直接存储 gcp_keyfile_serverless.json 文件？（在serverless.yml文件中使用）

Answer 1

添加构建步骤，用 Cloud KMS.

解密加密的 *.json

或者这是另一个 example，做同样的事情，但是 pgp。

为 GCP 函数存储 json 密钥文件的最佳方法无服务器部署 Github 操作

Best way to store json keyfile for GCP functions serverless deployment with Github actions

serverless-framework

google-cloud-functions

github-actions