Using GitHub Actions to CLI JFrog, AWS, GCP

Mike's Notes

What I'm learning today. I'm learning fast as I go. Its all new :)

Resources

• https://jfrog.com/ai-catalog/
• https://jfrog.com/help/r/jfrog-applications-and-cli-documentation/github-actions
• https://docs.github.com/en/actions/get-started/understand-github-actions

References

• Reference

Repository

• Home > Ajabbi Research > Library >
• Home > Handbook > 

Last Updated

21/11/2025

Using GitHub Actions to CLI JFrog, AWS, GCP

By: Mike Peters

On a Sandy Beach: 21/11/2025

Mike is the inventor and architect of Pipi and the founder of Ajabbi.

I finally figured out how to implement CI/CD so Pipi can autonomously manage all remote cloud platforms.

• AWS
• Azure
• GCP
• IBM
• etc

I was watching a video from the MLOPs community email that led me to JFrog (very useful), which led me to GitHub Actions. I had been looking for a way to enable Pipi 9 to autonomously control any Cloud Platform, but I did not know the correct technical terms, so I was asking the wrong questions. It's one of the disadvantages of being completely self-taught.

Use GitHub Actions

According to Google AI ..."

GitHub Actions can effectively control both Google Cloud Platform (GCP) and Amazon Web Services (AWS) Command Line Interfaces (CLIs) within your CI/CD workflows. This enables automation of cloud resource management, deployments, and other cloud-related tasks directly from your GitHub repositories.

• Controlling AWS CLI with GitHub Actions:
• Configure AWS Credentials:
• Store your AWS Access Key ID and Secret Access Key as GitHub Secrets in your repository settings.

Use the aws-actions/configure-aws-credentials action to configure the AWS CLI with these secrets within your workflow. This action handles the secure setup of credentials for subsequent AWS CLI commands.

Execute AWS CLI Commands:

Once credentials are configured, you can use the run step in your workflow to execute any AWS CLI command.

Example:

Code

        - name: Configure AWS Credentials

          uses: aws-actions/configure-aws-credentials@v1

          with:

            aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}

            aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

            aws-region: us-east-1

        - name: List S3 Buckets

          run: aws s3 ls

Controlling GCP CLI (gcloud) with GitHub Actions:

Authenticate to GCP:

Store your GCP Service Account Key (JSON format) as a GitHub Secret.
Use the google-github-actions/auth action to authenticate your workflow to GCP using this service account key.

Setup gcloud CLI:

Use the google-github-actions/setup-gcloud action to install and configure the gcloud CLI within your workflow. You can specify the desired gcloud version and project ID.

Execute gcloud Commands:

After authentication and gcloud setup, you can use the run step to execute gcloud commands.

Example:

Code

        - name: Authenticate to GCP

          uses: google-github-actions/auth@v1

          with:

            credentials_json: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }}

        - name: Setup gcloud CLI

          uses: google-github-actions/setup-gcloud@v1

          with:

            project_id: your-gcp-project-id

        - name: List GCS Buckets

          run: gcloud storage ls

Key Considerations:

• Security: Always use GitHub Secrets to store sensitive credentials and implement the principle of least privilege for your cloud service accounts/IAM roles. Consider using OpenID Connect (OIDC) for enhanced security with AWS and GCP.
• Actions Marketplace: Leverage pre-built actions from the GitHub Marketplace for common tasks like credential configuration and CLI setup, as demonstrated above.
• Error Handling: Include error handling and logging in your workflows for better debugging and reliability.
• Idempotency: Design your cloud operations to be idempotent, ensuring that running the workflow multiple times produces the same desired state without unintended side effects.

JFrog

JFrog looks great. Not cheap, but no one is better at security than the Israelis. They are the best in the world. So using their kit is a no-brainer.

There is no free tier, so plan for future use.

• https://jfrog.com/pricing/

Source: https://speedmedia2.jfrog.com/08612fe1-9391-4cf3-ac1a-6dd49c36b276/media.jfrog.com/wp-content/uploads/2025/09/17112948/github-diagram-3.png

Next Question

• Pipi can use CFML to easily output any of the code listed above.
• How does that generated code then get into GitHub Actions?
• So Pipi 9 can autonomously control GitHub Actions. (or GitLab, etc)
• Would BoxLang do the job?
• Am I using the correct technical terms?

Interesting examples

• https://docs.github.com/en/actions/how-tos/deploy/deploy-to-third-party-platforms/google-kubernetes-engine

YAML Code

# This workflow uses actions that are not certified by GitHub.

# They are provided by a third-party and are governed by

# separate terms of service, privacy policy, and support

# documentation.

# GitHub recommends pinning actions to a commit SHA.

# To get a newer version, you will need to update the SHA.

# You can also reference a tag or branch, but the action may change without warning.

name: Build and Deploy to GKE

on:

  push:

    branches:

      - main

env:

  PROJECT_ID: ${{ secrets.GKE_PROJECT }}

  GKE_CLUSTER: cluster-1    # Add your cluster name here.

  GKE_ZONE: us-central1-c   # Add your cluster zone here.

  DEPLOYMENT_NAME: gke-test # Add your deployment name here.

  IMAGE: static-site

jobs:

  setup-build-publish-deploy:

    name: Setup, Build, Publish, and Deploy

    runs-on: ubuntu-latest

    environment: production

    steps:

    - name: Checkout

      uses: actions/checkout@v5

    # Setup gcloud CLI

    - uses: google-github-actions/setup-gcloud@1bee7de035d65ec5da40a31f8589e240eba8fde5

      with:

        service_account_key: ${{ secrets.GKE_SA_KEY }}

        project_id: ${{ secrets.GKE_PROJECT }}

    # Configure Docker to use the gcloud command-line tool as a credential

    # helper for authentication

    - run: |-

        gcloud --quiet auth configure-docker

    # Get the GKE credentials so we can deploy to the cluster

    - uses: google-github-actions/get-gke-credentials@db150f2cc60d1716e61922b832eae71d2a45938f

      with:

        cluster_name: ${{ env.GKE_CLUSTER }}

        location: ${{ env.GKE_ZONE }}

        credentials: ${{ secrets.GKE_SA_KEY }}

    # Build the Docker image

    - name: Build

      run: |-

        docker build \

          --tag "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA" \

          --build-arg GITHUB_SHA="$GITHUB_SHA" \

          --build-arg GITHUB_REF="$GITHUB_REF" \

          .

    # Push the Docker image to Google Container Registry

    - name: Publish

      run: |-

        docker push "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA"

    # Set up kustomize

    - name: Set up Kustomize

      run: |-

        curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64

        chmod u+x ./kustomize

    # Deploy the Docker image to the GKE cluster

    - name: Deploy

      run: |-

        ./kustomize edit set image gcr.io/PROJECT_ID/IMAGE:TAG=gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA

        ./kustomize build . | kubectl apply -f -

        kubectl rollout status deployment/$DEPLOYMENT_NAME

        kubectl get services -o wide