CollabOps
CI/CDTemplatesSystem Templates

GCP

Google Cloud Platform authentication, Artifact Registry, and GKE cluster setup

GCP templates follow a chain pattern: authenticate with gcloud-auth first, then use gcloud-docker-auth or gcloud-setup in subsequent steps.

collabops/gcloud-auth@v1

On-Premise: ❌ — requires GCP connectivity

Configures GCP service account authentication. Subsequent steps share authentication via CLOUDSDK_CONFIG.

InputRequiredDefaultDescription
project-idYES-GCP project ID
credentialsYES-GCP service account key JSON. $\{\{ secrets.GCP_SA_KEY \}\} recommended
config-pathNO"/workspace/source/.gcloud"gcloud config storage path

Examples

Service-account JSON key authentication

jobs:
  deploy:
    steps:
      - name: checkout
        uses: "collabops/checkout@v2"
        with:
          repo-url: "https://<collabops-host>/<workspace>/<repository>.git"
      # Downstream steps share credentials via CLOUDSDK_CONFIG automatically.
      - name: gcloud-auth
        uses: "collabops/gcloud-auth@v1"
        with:
          project-id: my-gcp-project
          # Pass the full service-account JSON key as a secret value.
          credentials: ${{ secrets.GCP_SA_KEY }}
      - name: sanity-check
        run: gcloud auth list
        image: gcr.io/google.com/cloudsdktool/cloud-sdk:484.0.0-alpine

Key pointscredentials accepts the full service-account key JSON string verbatim — keep the newlines intact when storing the secret. Prefer short-lived rotatable keys and grant the SA the least privilege required.

collabops/gcloud-docker-auth@v1

On-Premise: ❌ — requires GCP connectivity

Configures GCP Artifact Registry Docker authentication. Use after gcloud-auth.

InputRequiredDefaultDescription
registryYES-Docker registry host (e.g., asia-northeast3-docker.pkg.dev)
config-pathNO"/workspace/source/.gcloud"gcloud config path

Examples

Artifact Registry — auth → docker push

jobs:
  publish:
    services:
      - docker
    steps:
      - name: gcloud-auth
        uses: "collabops/gcloud-auth@v1"
        with:
          project-id: my-gcp-project
          credentials: ${{ secrets.GCP_SA_KEY }}
      # Configure docker config.json per registry host.
      - name: gcloud-docker-auth
        uses: "collabops/gcloud-docker-auth@v1"
        with:
          registry: asia-northeast3-docker.pkg.dev
      - name: build-push
        uses: "collabops/docker-build-push@v1"
        with:
          tags: "asia-northeast3-docker.pkg.dev/my-gcp-project/repo/api:${{ collabops.sha }}"

Key pointsgcloud-auth must run first. registry is the Artifact Registry host (e.g. asia-northeast3-docker.pkg.dev) — do not append the /project/repo path. If you use multiple regions, authenticate each one in its own step.

collabops/gcloud-setup@v1

On-Premise: ❌ — requires GCP connectivity

Configures GKE cluster authentication and kubectl context. Use after gcloud-auth.

InputRequiredDefaultDescription
project-idYES-GCP project ID
cluster-nameYES-GKE cluster name
cluster-locationYES-GKE cluster location (zone or region)
config-pathNO"/workspace/source/.gcloud"gcloud config path

Examples

GKE auth + kubectl apply

jobs:
  deploy:
    steps:
      - name: checkout
        uses: "collabops/checkout@v2"
        with:
          repo-url: "https://<collabops-host>/<workspace>/<repository>.git"
      - name: gcloud-auth
        uses: "collabops/gcloud-auth@v1"
        with:
          project-id: my-gcp-project
          credentials: ${{ secrets.GCP_SA_KEY }}
      # kubeconfig is configured automatically via gke-gcloud-auth-plugin.
      - name: gke-setup
        uses: "collabops/gcloud-setup@v1"
        with:
          project-id: my-gcp-project
          cluster-name: prod-cluster
          cluster-location: asia-northeast3
      - name: apply-manifests
        run: |
          kubectl apply -f k8s/
          kubectl -n prod rollout status deployment/api --timeout=5m
        image: bitnami/kubectl:1.30

Zonal cluster (location is a zone)

jobs:
  deploy:
    steps:
      - name: gcloud-auth
        uses: "collabops/gcloud-auth@v1"
        with:
          project-id: my-gcp-project
          credentials: ${{ secrets.GCP_SA_KEY }}
      - name: gke-zonal-setup
        uses: "collabops/gcloud-setup@v1"
        with:
          project-id: my-gcp-project
          cluster-name: dev-cluster
          # For zonal clusters pass the zone directly instead of a region.
          cluster-location: asia-northeast3-a
      - name: get-pods
        run: kubectl -n dev get pods
        image: bitnami/kubectl:1.30

Key pointscluster-location is the region (asia-northeast3) for regional clusters and the zone (asia-northeast3-a) for zonal ones. The kubeconfig flows to later steps automatically — no manual export. Wrap production rollouts with kubectl rollout status inside the same Job to confirm completion.

Core

Checkout, Docker build, cache, artifacts — essential building blocks for pipelines

AWS

AWS credentials, ECR Docker authentication, and EKS cluster setup

Table of Contents

collabops/gcloud-auth@v1ExamplesService-account JSON key authenticationcollabops/gcloud-docker-auth@v1ExamplesArtifact Registry — auth → docker pushcollabops/gcloud-setup@v1ExamplesGKE auth + kubectl applyZonal cluster (location is a zone)