Step-by-Step Guide: Deploying a .NET API app to Google Cloud Run Using GitHub Actions
In this guide, we’ll walk through setting up a GitHub Action workflow that automatically builds and deploys a Dockerized API to Google Cloud Run. We’ll use Google Container Registry (GCR) to store the Docker images, and GitHub secrets to securely manage credentials.
This is a step-by-step explanation of the following GitHub Action configuration:
name: Build and Push Docker API to GCR
on:
push:
branches:
- api-deployment
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v1
with:
version: "latest"
project_id: your-projectid
service_account_key: ${{ secrets.GCP_SA_KEY }}
- name: Login to GCR
uses: docker/login-action@v3
with:
registry: gcr.io
username: _json_key
password: ${{ secrets.GCP_SA_KEY }}
- name: Build Docker image
run: |
docker build -f Dockerfile-api -t gcr.io/your-projectid/your-image-name:$GITHUB_SHA .
- name: Push Docker image to GCR
run: |
docker push gcr.io/your-projectid/your-image-name:$GITHUB_SHA
- id: "auth"
uses: "google-github-actions/auth@v2"
with:
credentials_json: "${{ secrets.GCP_SA_KEY }}"
- id: "deploy"
run: |-
gcloud run deploy your-image-name \
--image=gcr.io/your-projectid/your-image-name:${{ github.sha }} \
--platform=managed \
--region=europe-west4 \
--allow-unauthenticatedHere is the docker file Dockerfile-api
# Use the official .NET 8.0 SDK image for building the project
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build-env
WORKDIR /app
# Copy the contents of your project into the Docker image
COPY . ./
# Build and publish the application
RUN dotnet publish ./your-project-folder/App.Web.Host.csproj -c Release -o out/api
# Use the official .NET 8.0 ASP.NET Core runtime image for running the application
FROM mcr.microsoft.com/dotnet/aspnet:8.0
WORKDIR /app
# Copy the published files from the build stage to the runtime image
COPY --from=build-env /app/out/api .
# Expose port 80 for the web application
EXPOSE 80
# Set the entry point for the application
ENTRYPOINT ["dotnet", "App.Web.Host.dll"]Let’s break it down.
Prerequisites
Before we start, make sure you have the following:
- Google Cloud Project: A GCP project with billing enabled.
- Google Cloud Run: Enabled for the GCP project.
- Dockerfile: A Dockerfile to containerize your API (in this case, the API is
your-image-name). - GitHub Repository: With your project and the GitHub Actions set up.
- Service Account with GCR and Cloud Run Permissions: Create a GCP Service Account with the appropriate permissions to push to GCR and deploy to Cloud Run.
Step 1: Set Up GitHub Secrets
To securely authenticate with Google Cloud, you need to create a Service Account key and add it as a secret in your GitHub repository.
- Go to the Google Cloud Console.
- Navigate to IAM & Admin > Service Accounts.
- Create a new Service Account, or use an existing one, and assign the following roles:
Cloud Run AdminStorage Admin(for GCR)
- Download the service account key in JSON format.
- In your GitHub repository, go to Settings > Secrets > Actions.
- Add a new secret called
GCP_SA_KEYand paste the contents of the JSON file.
Step 2: Set Up the GitHub Action
1. Trigger the Workflow on Push
The action will trigger whenever you push to the api-deployment branch. You can change this to suit your needs:
on:
push:
branches:
- api-deployment2. Checkout the Code
First, we need to check out the code in the repository:
- name: Checkout code
uses: actions/checkout@v23. Set Up Google Cloud SDK
We then set up Google Cloud SDK to interact with Google Cloud services:
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v1
with:
version: "latest"
project_id: your-projectid
service_account_key: ${{ secrets.GCP_SA_KEY }}This step authenticates your project using the Service Account key stored in the GitHub secret.
4. Authenticate Docker with GCR
To push the Docker image to Google Container Registry (GCR), you need to authenticate Docker with GCR:
- name: Login to GCR
uses: docker/login-action@v3
with:
registry: gcr.io
username: _json_key
password: ${{ secrets.GCP_SA_KEY }}5. Build and Push the Docker Image
Next, we build the Docker image using the provided Dockerfile and tag it with the commit SHA. This ensures that each build is uniquely identified:
- name: Build Docker image
run: |
docker build -f Dockerfile-api -t gcr.io/your-projectid/your-image-name:$GITHUB_SHA .After building, we push the image to GCR:
- name: Push Docker image to GCR
run: |
docker push gcr.io/your-projectid/your-image-name:$GITHUB_SHA6. Authenticate and Deploy to Google Cloud Run
Finally, we authenticate with Google Cloud to deploy the Docker image to Cloud Run:
- id: "auth"
uses: "google-github-actions/auth@v2"
with:
credentials_json: "${{ secrets.GCP_SA_KEY }}"Then, we use gcloud to deploy the API to Cloud Run:
- id: "deploy"
run: |-
gcloud run deploy your-image-name \
--image=gcr.io/your-projectid/your-image-name:${{ github.sha }} \
--platform=managed \
--region=europe-west4 \
--allow-unauthenticatedThis command deploys the container to Cloud Run, using the image pushed to GCR.
Step 3: Test Your Workflow
Push a change to your api-deployment branch, and GitHub Actions will automatically run your new workflow. You should see your API deployed to Cloud Run, accessible via the Cloud Run service URL.
Conclusion
You’ve now set up a GitHub Action that automatically builds and deploys a Dockerized API to Google Cloud Run. This workflow ensures that your API is always up-to-date with the latest code changes and can scale effortlessly on Google Cloud’s managed infrastructure.
