[英]Github Actions to Google Cloud Functions "Constraint constraints/gcp.resourceLocations violated for projects/GOOGLE_PROJECT_ID attempting GenerateU
我正在尝试构建一个存储在 Github 中的 Python 应用程序,我想在 Google Cloud Functions 上运行它。
.github/workflows/main.yaml
看起来像这样(workload_identity_provider 和 service_account 更改为我的值)
# This is a basic workflow to help you get started
name: CD
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the main branch
push:
branches: [main]
pull_request:
branches: [main]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "deploy"
deploy:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Add "id-token" with the intended permissions.
permissions:
contents: "read"
id-token: "write"
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
- id: "auth"
name: "Authenticate to Google Cloud"
uses: "google-github-actions/auth@v0"
with:
# Replace with your Workload Identity Provider Location
workload_identity_provider: "$WORKLOAD_IDENTITY_PROVIDER_LOCATION"
# Replace with your GitHub Service Account
service_account: "$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com"
- id: "deploy"
uses: "google-github-actions/deploy-cloud-functions@v0"
with:
# Name of the Cloud Function, same as the entry point name
name: "helloWorld"
# Runtime to use for the function
runtime: "python3.10"
# Example of using the output
- id: "test"
run: 'curl "${{ steps.deploy.outputs.url }}"'
这在 Github 操作中给我以下错误:
Run google-github-actions/deploy-cloud-functions@v0
with:
name: helloWorld
runtime: python3.10
region: us-central1
source_dir: ./
timeout: 60s
https_trigger_security_level: security_level_unspecified
event_trigger_retry: false
deploy_timeout: 300
docker_registry: container-registry
env:
CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/helloWorld/helloWorld/gha-creds-xxx.json
GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/helloWorld/helloWorld/gha-creds-xxx.json
GOOGLE_GHA_CREDS_PATH: /home/runner/work/helloWorld/helloWorld/gha-creds-xxx.json
CLOUDSDK_CORE_PROJECT: engineering-infra
CLOUDSDK_PROJECT: engineering-infra
GCLOUD_PROJECT: engineering-infra
GCP_PROJECT: engineering-infra
GOOGLE_CLOUD_PROJECT: engineering-infra
Extracted project ID 'engineering-infra' from $GCLOUD_PROJECT
Created zip file from './' at '/tmp/cfsrc-xxx.zip'
Error: google-github-actions/deploy-cloud-functions failed with: failed to upload zip file: Failed to POST https://cloudfunctions.googleapis.com/v1/projects/engineering-infra/locations/us-central1/functions:generateUploadUrl: (400) {
"error": {
"code": 400,
"message": "The request has violated one or more Org Policies. Please refer to the respective violations for more information.",
"status": "FAILED_PRECONDITION",
"details": [
{
"@type": "type.googleapis.com/google.rpc.PreconditionFailure",
"violations": [
{
"type": "constraints/gcp.resourceLocations",
"subject": "orgpolicy:projects/engineering-infra",
"description": "Constraint constraints/gcp.resourceLocations violated for projects/engineering-infra attempting GenerateUploadUrlActionV1 with location set to us-central1. See https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints for more information."
}
]
}
]
}
}
我位于北欧,所以我想使用 Findland。
可能有多种情况可能导致您遇到的错误。
您能否验证您的服务帐户是否具有足够的权限,例如项目上的iam.serviceAccountUser
和iam.cloudFunctionsDeveloper
角色? 您可以在文档中查看详细信息。
您是否检查过上面共享的博客/教程中链接的Stackoverflow ?
另一种情况可能是,如果组织策略:资源位置限制不允许多区域(例如包含两个或更多地理位置的欧盟、美国或亚洲),但允许您要部署 function 的区域(例如我们-central1-locations),则 function 将无法部署并出现此错误。
如果这与您的用例相关,您可以在组织策略中允许多区域:资源位置限制,或者您可以临时更改资源位置约束以允许多区域,然后部署 function,然后编辑组织策略到区域限制。 有关详细信息,您可以查看文档
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.