How can we attach a service account to cloud run service while deploying through github actions?

Question

I am trying to deploy a cloud run service using github workflow, this cloud run service performs some gcp actions for which I want to bind a service account to the cloud run service while deploying the same.

through gcloud cli we can achieve the same by using --service-account <service-account> option.

I want to achieve this using github actions as mentioned below:

      - name: Deploy to Cloud Run
        id: deploy
        uses: google-github-actions/deploy-cloudrun@v0
        with:
          service: ${{ env.SERVICE }}
          region: ${{ env.REGION }}
          # NOTE: If using a pre-built image, update the image name here
          image: gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }}
          flags: |
            --allow-unauthenticated

please let me know if there is any options, I have explored this link but I could not find any option for service-account

Answer 1

In the workflow yaml configuration we can define the service-account using flag as shown below:

- name: Deploy to Cloud Run
        id: deploy
        uses: google-github-actions/deploy-cloudrun@v0
        with:
          service: ${{ env.SERVICE }}
          region: ${{ env.REGION }}
          # NOTE: If using a pre-built image, update the image name here
          image: gcr.io/${{ env.PROJECT_ID }}/${{ env.SERVICE }}:${{ github.sha }}
          flags: |
            --allow-unauthenticated
            --service-account=<service-account-email>