Accept KUBECONFIG environment variable

[StevenACoffman]

Currently, in a GitHub Action, if I do not specify -kubeconfig "${KUBECONFIG}" when I execute run-job, I get back an error:

KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined

This is because the default for the string flag is "$HOME/.kube/config", which in a GitHub Action is instead something like /home/runner/work/myrepo/myrepo/gha-kubeconfig-XXXXX.

This is not a huge big deal, but I'm filing this issue so that if someone else encounters it, the solution is documented.

Btw, I happily use run-job as a GitHub action so developers can execute parameterized code in our Kubernetes cluster using GCP's workload identity federation. (I believe equivalents like AWS IRSA exist for other cloud providers). It pairs very nicely with ko-build/ko to quickly build static Go binaries into static docker images.

name: Run Job for District
on:
  workflow_dispatch:
    inputs:
      district_id:
        description: District Key ID
        required: true
env:
  PROJECT_ID: XXXXXX
  GKE_CLUSTER: XXXXX
  GKE_ZONE: us-central1
jobs:
  provision:
#    runs-on: [self-hosted, linux, x64]
    runs-on: ubuntu-latest
    timeout-minutes: 30
    # Adds "id-token" with the intended permissions.
    permissions:
      contents: 'read'
      id-token: 'write'
    steps:
    - name: Clone Repository (Latest)
      uses: actions/checkout@v4
    - name: Install Go
      uses: actions/setup-go@v5
      with:
        go-version: 1.21.x
        cache-dependency-path: "**/*.sum"
#    - name: Setup kubectl
#      uses: azure/setup-kubectl@v3.2
    - name: Install KO
      uses: imjasonh/setup-ko@v0.6
    - name: 'Authenticate to Google Cloud'
      id: 'auth'
      uses: 'google-github-actions/auth@v2'
      with:
        workload_identity_provider: 'projects/XXXXX/locations/global/workloadIdentityPools/github-action-pool/providers/github-action-provider'
        service_account: 'XXXXX@XXXXXXiam.gserviceaccount.com'
        #  token_format: 'access_token'
    - id: 'get-kube-credentials'
      name: 'get kubernetes credentials'
      uses: 'google-github-actions/get-gke-credentials@v2'
      with:
        cluster_name: 'districts'
        location: 'us-central1'
    - id: 'build-image-deploy-kube-and-update-manifests'
      name: 'build-image-deploy-kube-and-update-manifests'
      run: |-
        # Build docker image without docker, tag image as Git commit SHA1
        export KO_DOCKER_REPO=us-central1-docker.pkg.dev/myproject/myregistry/myapp
        export GOPRIVATE=github.com/MyOrg
        export GO111MODULE=on
        export COMMIT_SHA=$(git rev-parse HEAD)
        ko publish --sbom=none --bare --platform=linux/amd64 . -t ${COMMIT_SHA}
        # Create run-job Kubernetes template file with docker tag
        echo "name: runjob" > runjob.yaml
        echo "namespace: jobber" >> runjob.yaml
        echo "image: ${KO_DOCKER_REPO}:$(git rev-parse HEAD)" >> runjob.yaml
        echo "args:" >> runjob.yaml
        echo "  - publish" >>runjob.yaml
        echo "  - -district=${{ github.event.inputs.app }}" >> runjob.yaml
        # install run-job
        go install github.com/alexellis/run-job@latest
        # run run-job
        run-job -kubeconfig "${KUBECONFIG}" -f runjob.yaml

Anyway, thanks for making wonderful things!

[StevenACoffman]

To speed up (avoid go install by downloading release artifact binaries) and slightly simplify my above use case, I made a setup-run-job GitHub action to install your alexellis/run-job in case it is useful to others:

    - name: Install run-job
      uses: StevenACoffman/setup-run-job@v0.0.4

My example above now looks like:

name: Run Job for District
on:
  workflow_dispatch:
    inputs:
      district_id:
        description: District Key ID
        required: true
env:
  PROJECT_ID: XXXXXX
  GKE_CLUSTER: XXXXX
  GKE_ZONE: us-central1
jobs:
  provision:
#    runs-on: [self-hosted, linux, x64]
    runs-on: ubuntu-latest
    timeout-minutes: 30
    # Adds "id-token" with the intended permissions.
    permissions:
      contents: 'read'
      id-token: 'write'
    steps:
    - name: Clone Repository (Latest)
      uses: actions/checkout@v4
    - name: Install Go
      uses: actions/setup-go@v5
      with:
        go-version: 1.21.x
        cache-dependency-path: "**/*.sum"
#    - name: Setup kubectl
#      uses: azure/setup-kubectl@v3.2
    - name: Install KO
      uses: imjasonh/setup-ko@v0.6
    - name: Install run-job
      uses: StevenACoffman/setup-run-job@v0.0.4
    - name: 'Authenticate to Google Cloud'
      id: 'auth'
      uses: 'google-github-actions/auth@v2'
      with:
        workload_identity_provider: 'projects/XXXXX/locations/global/workloadIdentityPools/github-action-pool/providers/github-action-provider'
        service_account: 'XXXXX@XXXXXXiam.gserviceaccount.com'
        #  token_format: 'access_token'
    - id: 'get-kube-credentials'
      name: 'get kubernetes credentials'
      uses: 'google-github-actions/get-gke-credentials@v2'
      with:
        cluster_name: 'districts'
        location: 'us-central1'
    - id: 'build-image-deploy-kube-and-update-manifests'
      name: 'build-image-deploy-kube-and-update-manifests'
      run: |-
        # Build docker image without docker, tag image as Git commit SHA1
        export KO_DOCKER_REPO=us-central1-docker.pkg.dev/myproject/myregistry/myapp
        export GOPRIVATE=github.com/MyOrg
        export GO111MODULE=on
        export COMMIT_SHA=$(git rev-parse HEAD)
        ko publish --sbom=none --bare --platform=linux/amd64 . -t ${COMMIT_SHA}
        # Create run-job Kubernetes template file with docker tag
        echo "name: runjob" > runjob.yaml
        echo "namespace: jobber" >> runjob.yaml
        echo "image: ${KO_DOCKER_REPO}:$(git rev-parse HEAD)" >> runjob.yaml
        echo "args:" >> runjob.yaml
        echo "  - publish" >>runjob.yaml
        echo "  - -district=${{ github.event.inputs.app }}" >> runjob.yaml
        # run run-job
        run-job -kubeconfig "${KUBECONFIG}" -f runjob.yaml