Updating the function's service_account on existing functions will not update the SA in the function itself #373

gpmayorga · 2023-02-24T14:47:29Z

TL;DR

If you have an existing/deployed function , and you change the service_account_email: setting in your GH Actions, the function will deploy as usual, but it will maintain whichever Service Account was already assigned to it rather than the one indicated in the GH Action code

Expected behavior

The function will be updated with the new service account

Observed behavior

Code, vars and secrets update as expected but the service account stays at however it was set before.

Action YAML

# This is from a public repo:
# https://github.com/centrifuge/apps/blob/main/.github/actions/deploy-gfunction/action.yml
name: Deploy Gfunction
description: Deploy Apps repo function to Gcloud. Format env and secrets too.

inputs:
  app_name:
    description: app name to deploy
    required: true

  artifact_name:
    description: artifact to download and deploy
    required: true

  deploy_env:
    description: env to deploy function to
    required: false
  
  checkout_path:
    description: Folder with repository code
    required: true

  GWIP:
    description: Google Workflow Identity provider
    required: true
  GSA:
    description: Google Service Account
    required: true

  service_account:
    description: Gcloud SA for the function
    required: false

  target:
    description: "Gfunction target handler"
    required: true
    default: handler
    
  gcloud_region:
    description: "Google Cloud region to use"
    required: false
    default: europe-central2    

runs:
  using: composite
  steps:
    # This is probably redundant but in case this action 
    # needs to be used in isolation, it won't work
    # unless the repo is checked out somewhere first
    - name: Checkout
      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
      with:
        path: apps # The next 3 steps use this folder

    - name: prepare env logic
      id: prepare
      uses: "./apps/.github/actions/prepare-deploy"
      with:
        app_base_name: ${{ inputs.app_name }}
        deploy_to: ${{ inputs.deploy_env }}

    - name: set env vars for Gfunction deploy
      shell: bash
      id: set_env
      env:
        vars_file: ./apps/${{ inputs.app_name }}/env-vars/${{ steps.prepare.outputs.env_name }}.env  
      run: |
        if [ -f ${{ env.vars_file }} ]; then
          VARS_COMMA=$(cat ${{ env.vars_file }} | paste -s -d, -)
          echo "function_vars=$VARS_COMMA" >> $GITHUB_OUTPUT
        else
          echo "No function env file ${{ env.vars_file }}, continuing..."
        fi

    - name: Function env secrets
      shell: bash
      id: set_secrets
      env:
        secrets_file: ./apps/${{ inputs.app_name }}/env-vars/${{ steps.prepare.outputs.env_name }}.secrets  
      run: |
        if [ -f ${{ env.secrets_file }} ]; then
          FILE=${{ env.secrets_file }}
          delimiter="$(openssl rand -hex 8)"
          # Add a new line at the end if not already there:
          sed -i -e '$a\' $FILE 
          echo "function_secrets<<${delimiter}" >> $GITHUB_OUTPUT
          cat $FILE >> $GITHUB_OUTPUT
          echo "${delimiter}" >> $GITHUB_OUTPUT
        else
          echo "No secrets file in ${{ env.secrets_file }}, continuing..."
        fi
            
    - name: retrieve artifacts
      id: download
      uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # @v3.0.2
      with:
        name: ${{ inputs.artifact_name || inputs.app_name }} 
        # This will work only if we're matching the same string as
        # the upload step, which happens outside of this action file
        # by convention I use the app_name everywhere
        path: functions

    ## Every module from here on could potentially expose the Gcloud Auth Token
    ## Do not add untrusted code with `uses`
    ## Ideally run only google-github-actions code with commit SHA at the end from here on
    ## or `run` commands that we write.
    - name: Auth gcloud
      id: gauth
      uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1
      with:
        workload_identity_provider: ${{ inputs.GWIP }}
        service_account: ${{ inputs.GSA }}      
    
    - name: Deploy to google functions
      id: gclouddeploy
      uses: google-github-actions/deploy-cloud-functions@14509ca55199d9348161571e36c48e44f855030d #@v1
      with:
        name: '${{ steps.prepare.outputs.function_name }}'
        runtime: 'nodejs16'
        region: '${{ inputs.gcloud_region }}'
        source_dir: '${{ steps.download.outputs.download-path }}'
        entry_point: '${{ inputs.target }}'
        secret_environment_variables: ${{ steps.set_secrets.outputs.function_secrets }}
        env_vars: ${{ steps.set_env.outputs.function_vars }}
        service_account_email: ${{ inputs.service_account }}
        max_instances: ${{ contains(steps.prepare.outputs.function_name, 'production') && '200' || '10' }}

    - name: Print Gcloud functions URL
      shell: sh
      if: ${{ github.event_name == 'pull_request'}}
      run: echo "::notice title=Function_URL::${{ steps.gclouddeploy.outputs.url }}"

    - name: Set up Cloud SDK
      uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1 

    - name: Change function to allow_unathorized calls 
      shell: sh
      run: |
        gcloud functions add-iam-policy-binding ${{ steps.prepare.outputs.function_name }} \
        --region=${{ inputs.gcloud_region }} \
        --member="allUsers" --role="roles/cloudfunctions.invoker"

Log output

2023-02-23T18:35:26.1440089Z Prepare all required actions
2023-02-23T18:35:26.1440465Z Getting action download info
2023-02-23T18:35:26.4120339Z Download action repository 'actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a' (SHA:9bc31d5ccc31df68ecc42ccf4149144866c47d8a)
2023-02-23T18:35:27.0617860Z Download action repository 'google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d' (SHA:ef5d53e30bbcd8d0836f4288f5e50ff3e086997d)
2023-02-23T18:35:27.7292615Z Download action repository 'google-github-actions/deploy-cloud-functions@14509ca55199d9348161571e36c48e44f855030d' (SHA:14509ca55199d9348161571e36c48e44f855030d)
2023-02-23T18:35:28.5493159Z Download action repository 'google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce' (SHA:d51b5346f85640ec2aa2fa057354d2b82c2fcbce)
2023-02-23T18:35:29.2731459Z ##[group]Run ./apps/.github/actions/deploy-gfunction
2023-02-23T18:35:29.2731724Z with:
2023-02-23T18:35:29.2731920Z   app_name: faucet-api
2023-02-23T18:35:29.2732418Z   GWIP: ***
2023-02-23T18:35:29.2732761Z   GSA: ***
2023-02-23T18:35:29.2732964Z   target: faucetDev
2023-02-23T18:35:29.2733180Z   gcloud_region: europe-central2
2023-02-23T18:35:29.2733530Z   service_account: [email protected] 
2023-02-23T18:35:29.2733845Z env:
2023-02-23T18:35:29.2734043Z   app_name: faucet-api
2023-02-23T18:35:29.2734252Z   deploy_to: 
2023-02-23T18:35:29.2734462Z   function_handler: faucetDev
2023-02-23T18:35:29.2734673Z ##[endgroup]
2023-02-23T18:35:29.2977368Z ##[group]Run actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
2023-02-23T18:35:29.2977657Z with:
2023-02-23T18:35:29.2977843Z   path: apps
2023-02-23T18:35:29.2978060Z   repository: centrifuge/apps
2023-02-23T18:35:29.2978436Z   token: ***
2023-02-23T18:35:29.2978626Z   ssh-strict: true
2023-02-23T18:35:29.2978844Z   persist-credentials: true
2023-02-23T18:35:29.2979066Z   clean: true
2023-02-23T18:35:29.2979264Z   fetch-depth: 1
2023-02-23T18:35:29.2979458Z   lfs: false
2023-02-23T18:35:29.2979655Z   submodules: false
2023-02-23T18:35:29.2979862Z   set-safe-directory: true
2023-02-23T18:35:29.2980066Z env:
2023-02-23T18:35:29.2980253Z   app_name: faucet-api
2023-02-23T18:35:29.2980453Z   deploy_to: 
2023-02-23T18:35:29.2980668Z   function_handler: faucetDev
2023-02-23T18:35:29.2980881Z ##[endgroup]
2023-02-23T18:35:29.4243844Z Syncing repository: centrifuge/apps
2023-02-23T18:35:29.4301133Z ##[group]Getting Git version info
2023-02-23T18:35:29.4303986Z Working directory is '/home/runner/work/apps/apps/apps'
2023-02-23T18:35:29.4309058Z [command]/usr/bin/git version
2023-02-23T18:35:29.4335562Z git version 2.39.2
2023-02-23T18:35:29.4367148Z ##[endgroup]
2023-02-23T18:35:29.4381455Z Temporarily overriding HOME='/home/runner/work/_temp/cd1c1690-410f-4c63-a6a8-0b3f1b86d7b3' before making global git config changes
2023-02-23T18:35:29.4381976Z Adding repository directory to the temporary git global config as a safe directory
2023-02-23T18:35:29.4386168Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/apps/apps/apps
2023-02-23T18:35:29.4427484Z [command]/usr/bin/git config --local --get remote.origin.url
2023-02-23T18:35:29.4451295Z https://github.com/centrifuge/apps
2023-02-23T18:35:29.4462601Z ##[group]Removing previously created refs, to avoid conflicts
2023-02-23T18:35:29.4466884Z [command]/usr/bin/git rev-parse --symbolic-full-name --verify --quiet HEAD
2023-02-23T18:35:29.4491152Z HEAD
2023-02-23T18:35:29.4536998Z ##[endgroup]
2023-02-23T18:35:29.4537544Z ##[group]Cleaning the repository
2023-02-23T18:35:29.4539378Z [command]/usr/bin/git clean -ffdx
2023-02-23T18:35:29.4589784Z [command]/usr/bin/git reset --hard HEAD
2023-02-23T18:35:29.5669471Z HEAD is now at 84ae97c Merge c51d0312b4b27182c3a951730e49508eb4b8cc84 into a180c8617644c494b29a2af825b1100b5e7e691b
2023-02-23T18:35:29.5694072Z ##[endgroup]
2023-02-23T18:35:29.5694632Z ##[group]Disabling automatic garbage collection
2023-02-23T18:35:29.5740280Z [command]/usr/bin/git config --local gc.auto 0
2023-02-23T18:35:29.5794930Z ##[endgroup]
2023-02-23T18:35:29.5795517Z ##[group]Setting up auth
2023-02-23T18:35:29.5796266Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2023-02-23T18:35:29.5845010Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2023-02-23T18:35:29.6107062Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2023-02-23T18:35:29.6123314Z http.https://github.com/.extraheader
2023-02-23T18:35:29.6141096Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
2023-02-23T18:35:29.6184141Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2023-02-23T18:35:29.6405733Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
2023-02-23T18:35:29.6443398Z ##[endgroup]
2023-02-23T18:35:29.6444017Z ##[group]Fetching the repository
2023-02-23T18:35:29.6452159Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +84ae97cb218498c82bf4862fdcfd7678c4639670:refs/remotes/pull/1222/merge
2023-02-23T18:35:30.0382704Z remote: Total 0 (delta 0), reused 0 (delta 0), pack-reused 0        
2023-02-23T18:35:30.0446308Z ##[endgroup]
2023-02-23T18:35:30.0446897Z ##[group]Determining the checkout info
2023-02-23T18:35:30.0449598Z ##[endgroup]
2023-02-23T18:35:30.0450152Z ##[group]Checking out the ref
2023-02-23T18:35:30.0453040Z [command]/usr/bin/git checkout --progress --force refs/remotes/pull/1222/merge
2023-02-23T18:35:30.0502736Z HEAD is now at 84ae97c Merge c51d0312b4b27182c3a951730e49508eb4b8cc84 into a180c8617644c494b29a2af825b1100b5e7e691b
2023-02-23T18:35:30.0510707Z ##[endgroup]
2023-02-23T18:35:30.0549765Z [command]/usr/bin/git log -1 --format='%H'
2023-02-23T18:35:30.0577951Z '84ae97cb218498c82bf4862fdcfd7678c4639670'
2023-02-23T18:35:30.0728259Z Prepare all required actions
2023-02-23T18:35:30.0770305Z ##[group]Run ./apps/.github/actions/prepare-deploy
2023-02-23T18:35:30.0770566Z with:
2023-02-23T18:35:30.0770767Z   app_base_name: faucet-api
2023-02-23T18:35:30.0770971Z env:
2023-02-23T18:35:30.0771155Z   app_name: faucet-api
2023-02-23T18:35:30.0771352Z   deploy_to: 
2023-02-23T18:35:30.0771564Z   function_handler: faucetDev
2023-02-23T18:35:30.0771778Z ##[endgroup]
2023-02-23T18:35:30.0882868Z ##[group]Run echo "Discover GH environment for deploy:"
2023-02-23T18:35:30.0883240Z �[36;1mecho "Discover GH environment for deploy:"�[0m
2023-02-23T18:35:30.0883512Z �[36;1mif  false; then�[0m
2023-02-23T18:35:30.0883785Z �[36;1m  echo "gh_env=production" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.0884025Z �[36;1mfi �[0m
2023-02-23T18:35:30.0941240Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2023-02-23T18:35:30.0941527Z env:
2023-02-23T18:35:30.0941728Z   app_name: faucet-api
2023-02-23T18:35:30.0941937Z   deploy_to: 
2023-02-23T18:35:30.0942151Z   function_handler: faucetDev
2023-02-23T18:35:30.0942362Z ##[endgroup]
2023-02-23T18:35:30.1096019Z Discover GH environment for deploy:
2023-02-23T18:35:30.1130405Z ##[group]Run echo "Set app name based on env strategy"
2023-02-23T18:35:30.1130765Z �[36;1mecho "Set app name based on env strategy"�[0m
2023-02-23T18:35:30.1131017Z �[36;1mif false; then�[0m
2023-02-23T18:35:30.1131229Z �[36;1m  # PRODUCTION�[0m
2023-02-23T18:35:30.1131501Z �[36;1m  echo "function_name=faucet-api-" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1131831Z �[36;1m  echo "front_url=app.centrifuge.io" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1132149Z �[36;1m  echo "env_name=production" >> $GITHUB_OUTPUT        �[0m
2023-02-23T18:35:30.1132410Z �[36;1melif false; then�[0m
2023-02-23T18:35:30.1132606Z �[36;1m  # ALTAIR�[0m
2023-02-23T18:35:30.1132863Z �[36;1m  echo "function_name=faucet-api-" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1133297Z �[36;1m  echo "front_url=app.altair.centrifuge.io" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1133605Z �[36;1m  echo "env_name=altair" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1133930Z �[36;1melif false; then�[0m
2023-02-23T18:35:30.1134133Z �[36;1m  # STAGING�[0m
2023-02-23T18:35:30.1134388Z �[36;1m  echo "function_name=faucet-api-" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1134709Z �[36;1m  echo "front_url=app.staging.centrifuge.io" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1135029Z �[36;1m  echo "env_name=production" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1135380Z �[36;1m  # env_name is production because it needs to use the prod variable files inside each app�[0m
2023-02-23T18:35:30.1135690Z �[36;1melif  false; then�[0m
2023-02-23T18:35:30.1135898Z �[36;1m  # CATALYST�[0m
2023-02-23T18:35:30.1136170Z �[36;1m  echo "function_name=faucet-api-catalyst" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1136521Z �[36;1m  echo "front_url=faucet-api-catalyst.k-f.dev" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1136844Z �[36;1m  echo "env_name=catalyst" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1137081Z �[36;1melif false; then�[0m
2023-02-23T18:35:30.1137282Z �[36;1m  # DEMO�[0m
2023-02-23T18:35:30.1137541Z �[36;1m  echo "function_name=faucet-api-demo" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1137875Z �[36;1m  echo "front_url=faucet-api-demo.k-f.dev" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1138178Z �[36;1m  echo "env_name=demo" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1138419Z �[36;1melif  false; then�[0m
2023-02-23T18:35:30.1138618Z �[36;1m  # DEV�[0m
2023-02-23T18:35:30.1138869Z �[36;1m  echo "function_name=faucet-api-dev" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1139198Z �[36;1m  echo "front_url=faucet-api-dev.k-f.dev" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1139523Z �[36;1m  echo "env_name=development" >> $GITHUB_OUTPUT          �[0m
2023-02-23T18:35:30.1139780Z �[36;1melif true; then�[0m
2023-02-23T18:35:30.1139977Z �[36;1m  # PR�[0m
2023-02-23T18:35:30.1140242Z �[36;1m  echo "function_name=faucet-api" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1140581Z �[36;1m  echo "front_url=faucet-api.k-f.dev" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1140896Z �[36;1m  echo "env_name=development" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1141135Z �[36;1melse�[0m
2023-02-23T18:35:30.1141427Z �[36;1m  echo "::error title=No env to deploy::Workflow called from non-deployable branch/tag"�[0m
2023-02-23T18:35:30.1141712Z �[36;1mfi�[0m
2023-02-23T18:35:30.1190043Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2023-02-23T18:35:30.1190307Z env:
2023-02-23T18:35:30.1190505Z   app_name: faucet-api
2023-02-23T18:35:30.1190718Z   deploy_to: 
2023-02-23T18:35:30.1190925Z   function_handler: faucetDev
2023-02-23T18:35:30.1191135Z ##[endgroup]
2023-02-23T18:35:30.1257435Z Set app name based on env strategy
2023-02-23T18:35:30.1296049Z ##[group]Run echo "URL faucet-api.k-f.dev"
2023-02-23T18:35:30.1296380Z �[36;1mecho "URL faucet-api.k-f.dev"�[0m
2023-02-23T18:35:30.1296684Z �[36;1mecho "App name: faucet-api"�[0m
2023-02-23T18:35:30.1296951Z �[36;1mecho "Env name: development"�[0m
2023-02-23T18:35:30.1297184Z �[36;1mecho "GH env: "�[0m
2023-02-23T18:35:30.1343494Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2023-02-23T18:35:30.1343764Z env:
2023-02-23T18:35:30.1343969Z   app_name: faucet-api
2023-02-23T18:35:30.1344185Z   deploy_to: 
2023-02-23T18:35:30.1344394Z   function_handler: faucetDev
2023-02-23T18:35:30.1344609Z ##[endgroup]
2023-02-23T18:35:30.1410027Z URL faucet-api.k-f.dev
2023-02-23T18:35:30.1411519Z App name: faucet-api
2023-02-23T18:35:30.1411786Z Env name: development
2023-02-23T18:35:30.1411988Z GH env: 
2023-02-23T18:35:30.1520769Z ##[group]Run if [ -f ./apps/faucet-api/env-vars/development.env ]; then
2023-02-23T18:35:30.1521156Z �[36;1mif [ -f ./apps/faucet-api/env-vars/development.env ]; then�[0m
2023-02-23T18:35:30.1521533Z �[36;1m  VARS_COMMA=$(cat ./apps/faucet-api/env-vars/development.env | paste -s -d, -)�[0m
2023-02-23T18:35:30.1521982Z �[36;1m  echo "function_vars=$VARS_COMMA" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1522232Z �[36;1melse�[0m
2023-02-23T18:35:30.1522526Z �[36;1m  echo "No function env file under ./apps/faucet-api/env-vars/, continuing..."�[0m
2023-02-23T18:35:30.1522872Z �[36;1mfi�[0m
2023-02-23T18:35:30.1568630Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2023-02-23T18:35:30.1568897Z env:
2023-02-23T18:35:30.1569098Z   app_name: faucet-api
2023-02-23T18:35:30.1569302Z   deploy_to: 
2023-02-23T18:35:30.1569513Z   function_handler: faucetDev
2023-02-23T18:35:30.1569792Z   vars_file: ./apps/faucet-api/env-vars/development.env
2023-02-23T18:35:30.1570047Z ##[endgroup]
2023-02-23T18:35:30.1676341Z ##[group]Run if false; then
2023-02-23T18:35:30.1676601Z �[36;1mif false; then�[0m
2023-02-23T18:35:30.1676869Z �[36;1m  FILE=./apps/faucet-api/env-vars/prod.secrets�[0m
2023-02-23T18:35:30.1677124Z �[36;1melse�[0m
2023-02-23T18:35:30.1677368Z �[36;1m  FILE=./apps/faucet-api/env-vars/dev.secrets�[0m
2023-02-23T18:35:30.1677606Z �[36;1mfi�[0m
2023-02-23T18:35:30.1677806Z �[36;1mif [ -f $FILE ]; then�[0m
2023-02-23T18:35:30.1678055Z �[36;1m  delimiter="$(openssl rand -hex 8)"�[0m
2023-02-23T18:35:30.1678349Z �[36;1m  # Add a new line at the end if not already there:�[0m
2023-02-23T18:35:30.1678612Z �[36;1m  sed -i -e '$a\' $FILE �[0m
2023-02-23T18:35:30.1678893Z �[36;1m  echo "function_secrets<<${delimiter}" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1679181Z �[36;1m  cat $FILE >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1679434Z �[36;1m  echo "${delimiter}" >> $GITHUB_OUTPUT�[0m
2023-02-23T18:35:30.1679844Z �[36;1melse�[0m
2023-02-23T18:35:30.1680093Z �[36;1m  echo "No secrets file found in $FILE, continuing"�[0m
2023-02-23T18:35:30.1680335Z �[36;1mfi�[0m
2023-02-23T18:35:30.1680515Z �[36;1m    �[0m
2023-02-23T18:35:30.1726256Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2023-02-23T18:35:30.1726520Z env:
2023-02-23T18:35:30.1726713Z   app_name: faucet-api
2023-02-23T18:35:30.1726930Z   deploy_to: 
2023-02-23T18:35:30.1727129Z   function_handler: faucetDev
2023-02-23T18:35:30.1727344Z ##[endgroup]
2023-02-23T18:35:30.1794598Z No secrets file found in ./apps/faucet-api/env-vars/dev.secrets, continuing
2023-02-23T18:35:30.1824762Z ##[group]Run actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
2023-02-23T18:35:30.1825141Z with:
2023-02-23T18:35:30.1825361Z   name: faucet-api
2023-02-23T18:35:30.1825637Z   path: functions
2023-02-23T18:35:30.1825921Z env:
2023-02-23T18:35:30.1826200Z   app_name: faucet-api
2023-02-23T18:35:30.1826474Z   deploy_to: 
2023-02-23T18:35:30.1826713Z   function_handler: faucetDev
2023-02-23T18:35:30.1827026Z ##[endgroup]
2023-02-23T18:35:30.2462950Z Starting download for faucet-api
2023-02-23T18:35:30.4191247Z Directory structure has been setup for the artifact
2023-02-23T18:35:30.4196019Z Total number of files that will be downloaded: 1
2023-02-23T18:35:30.7241882Z Artifact faucet-api was downloaded to /home/runner/work/apps/apps/functions
2023-02-23T18:35:30.7248028Z Artifact download has finished successfully
2023-02-23T18:35:30.7331882Z ##[group]Run google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d
2023-02-23T18:35:30.7332287Z with:
2023-02-23T18:35:30.7332977Z   workload_identity_provider: ***
2023-02-23T18:35:30.7333408Z   service_account: ***
2023-02-23T18:35:30.7333745Z   create_credentials_file: true
2023-02-23T18:35:30.7334037Z   export_environment_variables: true
2023-02-23T18:35:30.7334356Z   cleanup_credentials: true
2023-02-23T18:35:30.7334664Z   access_token_lifetime: 3600s
2023-02-23T18:35:30.7335079Z   access_token_scopes: https://www.googleapis.com/auth/cloud-platform
2023-02-23T18:35:30.7335451Z   retries: 0
2023-02-23T18:35:30.7335735Z   id_token_include_email: false
2023-02-23T18:35:30.7335964Z env:
2023-02-23T18:35:30.7336223Z   app_name: faucet-api
2023-02-23T18:35:30.7336540Z   deploy_to: 
2023-02-23T18:35:30.7336821Z   function_handler: faucetDev
2023-02-23T18:35:30.7337109Z ##[endgroup]
2023-02-23T18:35:30.9428353Z Created credentials file at "/home/runner/work/apps/apps/gha-creds-aed5dcabb77a6a9e.json"
2023-02-23T18:35:30.9594705Z ##[group]Run google-github-actions/deploy-cloud-functions@14509ca55199d9348161571e36c48e44f855030d
2023-02-23T18:35:30.9595125Z with:
2023-02-23T18:35:30.9595337Z   name: faucet-api
2023-02-23T18:35:30.9595556Z   runtime: nodejs16
2023-02-23T18:35:30.9595763Z   region: europe-central2
2023-02-23T18:35:30.9596019Z   source_dir: /home/runner/work/apps/apps/functions
2023-02-23T18:35:30.9596277Z   entry_point: faucetDev
2023-02-23T18:35:30.9596575Z   env_vars: COLLATOR_WSS_URL=wss://fullnode.development.cntrfg.com
2023-02-23T18:35:30.9596999Z   service_account_email: [email protected] 
2023-02-23T18:35:30.9597326Z   max_instances: 10
2023-02-23T18:35:30.9597525Z   timeout: 60s
2023-02-23T18:35:30.9597783Z   https_trigger_security_level: security_level_unspecified
2023-02-23T18:35:30.9598059Z   event_trigger_retry: false
2023-02-23T18:35:30.9598290Z   deploy_timeout: 300
2023-02-23T18:35:30.9598524Z   docker_registry: container-registry
2023-02-23T18:35:30.9598747Z env:
2023-02-23T18:35:30.9598936Z   app_name: faucet-api
2023-02-23T18:35:30.9599172Z   deploy_to: 
2023-02-23T18:35:30.9599384Z   function_handler: faucetDev
2023-02-23T18:35:30.9600308Z   CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/apps/apps/gha-creds-aed5dcabb77a6a9e.json
2023-02-23T18:35:30.9600757Z   GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/apps/apps/gha-creds-aed5dcabb77a6a9e.json
2023-02-23T18:35:30.9601170Z   GOOGLE_GHA_CREDS_PATH: /home/runner/work/apps/apps/gha-creds-aed5dcabb77a6a9e.json
2023-02-23T18:35:30.9601516Z   CLOUDSDK_CORE_PROJECT: peak-vista
2023-02-23T18:35:30.9601789Z   CLOUDSDK_PROJECT: peak-vista
2023-02-23T18:35:30.9602050Z   GCLOUD_PROJECT: peak-vista
2023-02-23T18:35:30.9602298Z   GCP_PROJECT: peak-vista
2023-02-23T18:35:30.9602559Z   GOOGLE_CLOUD_PROJECT: peak-vista
2023-02-23T18:35:30.9602793Z ##[endgroup]
2023-02-23T18:35:31.3680341Z Created zip file from '/home/runner/work/apps/apps/functions' at '/tmp/cfsrc-8043f83e0ae25e579c5f28bb.zip'
2023-02-23T18:35:35.5548443Z Creating new Cloud Function deployment
2023-02-23T18:35:36.1613672Z Deploying Cloud Function
2023-02-23T18:35:42.0685156Z Still deploying Cloud Function (1/n)
2023-02-23T18:35:47.9836566Z Still deploying Cloud Function (2/n)
2023-02-23T18:35:53.8891389Z Still deploying Cloud Function (3/n)
2023-02-23T18:35:59.8057584Z Still deploying Cloud Function (4/n)
2023-02-23T18:36:05.7082302Z Still deploying Cloud Function (5/n)
2023-02-23T18:36:10.9587546Z Still deploying Cloud Function (6/n)
2023-02-23T18:36:16.8634233Z Still deploying Cloud Function (7/n)
2023-02-23T18:36:22.7859689Z Still deploying Cloud Function (8/n)
2023-02-23T18:36:28.6900719Z Still deploying Cloud Function (9/n)
2023-02-23T18:36:34.6020987Z Still deploying Cloud Function (10/n)
2023-02-23T18:36:39.8498198Z Still deploying Cloud Function (11/n)
2023-02-23T18:36:45.7571050Z Still deploying Cloud Function (12/n)
2023-02-23T18:36:51.6725056Z Still deploying Cloud Function (13/n)
2023-02-23T18:36:56.9266994Z Still deploying Cloud Function (14/n)
2023-02-23T18:36:57.8339361Z ##[group]Run echo "::notice title=Function_URL::https://europe-central2-peak-vista.cloudfunctions.net/faucet-api"
2023-02-23T18:36:57.8340018Z �[36;1mecho "::notice title=Function_URL::https://europe-central2-peak-vista.cloudfunctions.net/faucet-api"�[0m
2023-02-23T18:36:57.8393176Z shell: /usr/bin/sh -e {0}
2023-02-23T18:36:57.8393407Z env:
2023-02-23T18:36:57.8393614Z   app_name: faucet-api
2023-02-23T18:36:57.8393826Z   deploy_to: 
2023-02-23T18:36:57.8394040Z   function_handler: faucetDev
2023-02-23T18:36:57.8394404Z   CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/apps/apps/gha-creds-aed5dcabb77a6a9e.json
2023-02-23T18:36:57.8394862Z   GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/apps/apps/gha-creds-aed5dcabb77a6a9e.json
2023-02-23T18:36:57.8395282Z   GOOGLE_GHA_CREDS_PATH: /home/runner/work/apps/apps/gha-creds-aed5dcabb77a6a9e.json
2023-02-23T18:36:57.8395742Z   CLOUDSDK_CORE_PROJECT: peak-vista
2023-02-23T18:36:57.8396015Z   CLOUDSDK_PROJECT: peak-vista
2023-02-23T18:36:57.8396351Z   GCLOUD_PROJECT: peak-vista
2023-02-23T18:36:57.8396606Z   GCP_PROJECT: peak-vista
2023-02-23T18:36:57.8396855Z   GOOGLE_CLOUD_PROJECT: peak-vista
2023-02-23T18:36:57.8397091Z ##[endgroup]
2023-02-23T18:36:57.8500003Z ##[notice]https://europe-central2-peak-vista.cloudfunctions.net/faucet-api
2023-02-23T18:36:57.8533736Z ##[group]Run google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce
2023-02-23T18:36:57.8534056Z with:
2023-02-23T18:36:57.8534251Z   version: latest
2023-02-23T18:36:57.8534500Z env:
2023-02-23T18:36:57.8534684Z   app_name: faucet-api
2023-02-23T18:36:57.8534890Z   deploy_to: 
2023-02-23T18:36:57.8535104Z   function_handler: faucetDev
2023-02-23T18:36:57.8535470Z   CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/apps/apps/gha-creds-aed5dcabb77a6a9e.json
2023-02-23T18:36:57.8535937Z   GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/apps/apps/gha-creds-aed5dcabb77a6a9e.json
2023-02-23T18:36:57.8536367Z   GOOGLE_GHA_CREDS_PATH: /home/runner/work/apps/apps/gha-creds-aed5dcabb77a6a9e.json
2023-02-23T18:36:57.8536715Z   CLOUDSDK_CORE_PROJECT: peak-vista
2023-02-23T18:36:57.8536999Z   CLOUDSDK_PROJECT: peak-vista
2023-02-23T18:36:57.8537266Z   GCLOUD_PROJECT: peak-vista
2023-02-23T18:36:57.8537523Z   GCP_PROJECT: peak-vista
2023-02-23T18:36:57.8537787Z   GOOGLE_CLOUD_PROJECT: peak-vista
2023-02-23T18:36:57.8538024Z ##[endgroup]
2023-02-23T18:36:59.6302411Z [command]/usr/bin/tar xz --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/96a4e536-4fba-4b4a-96cb-eb6a77b3290f -f /home/runner/work/_temp/a26fb53b-fea6-4036-9221-da0ecdf7fc26
2023-02-23T18:37:17.5887007Z Successfully authenticated
2023-02-23T18:37:17.6001379Z ##[group]Run gcloud functions add-iam-policy-binding faucet-api \
2023-02-23T18:37:17.6001817Z �[36;1mgcloud functions add-iam-policy-binding faucet-api \�[0m
2023-02-23T18:37:17.6002135Z �[36;1m--region=europe-central2 \�[0m
2023-02-23T18:37:17.6002452Z �[36;1m--member="allUsers" --role="roles/cloudfunctions.invoker"�[0m
2023-02-23T18:37:17.6057512Z shell: /usr/bin/sh -e {0}
2023-02-23T18:37:17.6057736Z env:
2023-02-23T18:37:17.6057939Z   app_name: faucet-api
2023-02-23T18:37:17.6058146Z   deploy_to: 
2023-02-23T18:37:17.6058360Z   function_handler: faucetDev
2023-02-23T18:37:17.6058727Z   CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/apps/apps/gha-creds-aed5dcabb77a6a9e.json
2023-02-23T18:37:17.6059177Z   GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/apps/apps/gha-creds-aed5dcabb77a6a9e.json
2023-02-23T18:37:17.6059591Z   GOOGLE_GHA_CREDS_PATH: /home/runner/work/apps/apps/gha-creds-aed5dcabb77a6a9e.json
2023-02-23T18:37:17.6059934Z   CLOUDSDK_CORE_PROJECT: peak-vista
2023-02-23T18:37:17.6060208Z   CLOUDSDK_PROJECT: peak-vista
2023-02-23T18:37:17.6060472Z   GCLOUD_PROJECT: peak-vista
2023-02-23T18:37:17.6060721Z   GCP_PROJECT: peak-vista
2023-02-23T18:37:17.6060977Z   GOOGLE_CLOUD_PROJECT: peak-vista
2023-02-23T18:37:17.6061295Z   CLOUDSDK_METRICS_ENVIRONMENT: github-actions-setup-gcloud
2023-02-23T18:37:17.6061563Z ##[endgroup]
2023-02-23T18:37:19.6107234Z bindings:
2023-02-23T18:37:19.6107982Z - members:
2023-02-23T18:37:19.6108420Z   - allUsers
2023-02-23T18:37:19.6108809Z   role: roles/cloudfunctions.invoker
2023-02-23T18:37:19.6109180Z etag: BwX1Yk2Ai8s=
2023-02-23T18:37:19.6196174Z version: 1

Additional information

It's easy to test. Create a function or change your Service account in the function deployed by this Action, then run the action with a different SA, see how it won't change.
In contrast, using gcloud function deploy MY_FUNCTION_NAME --service-account my-account@MY_PROJECT.iam.gserviceaccount.com --source ./dist for an existing function updates the SA just fine.

The text was updated successfully, but these errors were encountered:

gpmayorga added the bug Something isn't working label Feb 24, 2023

sethvargo mentioned this issue May 21, 2024

Switch to gen2 API #409

Merged

sethvargo closed this as completed in #409 May 22, 2024

sethvargo closed this as completed in a5b186d May 22, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Updating the function's service_account on existing functions will not update the SA in the function itself #373

Updating the function's service_account on existing functions will not update the SA in the function itself #373

gpmayorga commented Feb 24, 2023

Updating the function's service_account on existing functions will not update the SA in the function itself #373

Updating the function's service_account on existing functions will not update the SA in the function itself #373

Comments

gpmayorga commented Feb 24, 2023

TL;DR

Expected behavior

Observed behavior

Action YAML

Log output

Additional information