name: Build and Deploy to Cloud Run on: push: branches: [ "main" ] env: PROJECT_ID: your-project-id REGION: asia-northeast1 # 既然你在日本,建议选东京或大阪 SERVICE_NAME: my-node-app REPOSITORY: my-repo jobs: deploy: runs-on: ubuntu-latest permissions: contents: 'read' id-token: 'write' # WIF 身份验证必填 steps: - name: Checkout uses: actions/checkout@v4 # 1. 身份验证 (使用 Workload Identity Federation) - name: Google Auth uses: google-github-actions/auth@v2 with: workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' service_account: 'my-service-account@your-project-id.iam.gserviceaccount.com' # 2. 配置 Docker 认证 - name: Docker Auth run: |- gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev --quiet # 3. 构建并推送镜像 - name: Build and Push Container run: |- DOCKER_TAG="${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE_NAME }}:${{ github.sha }}" docker build -t $DOCKER_TAG . docker push $DOCKER_TAG # 4. 部署到 Cloud Run - name: Deploy to Cloud Run uses: google-github-actions/deploy-cloudrun@v2 with: service: ${{ env.SERVICE_NAME }} region: ${{ env.REGION }} image: ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE_NAME }}:${{ github.sha }}