From ffc71304eece8e340f8bd302af77390ee5a80772 Mon Sep 17 00:00:00 2001 From: Yuru Shao Date: Wed, 12 Jun 2024 05:46:32 +0000 Subject: [PATCH] Use identity provider --- .github/workflows/deploy_api.yml | 4 ++-- .github/workflows/gcp_test.yaml | 25 +++++++++++++++++++++++++ .github/workflows/pr_test_api.yml | 2 +- 3 files changed, 28 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/gcp_test.yaml diff --git a/.github/workflows/deploy_api.yml b/.github/workflows/deploy_api.yml index 9c6ae028..c5eb88c4 100644 --- a/.github/workflows/deploy_api.yml +++ b/.github/workflows/deploy_api.yml @@ -1,8 +1,8 @@ name: Deploy api to GAE on: - pull_request: - branches: ["main"] + # pull_request: + # branches: ["main"] workflow_dispatch: inputs: diff --git a/.github/workflows/gcp_test.yaml b/.github/workflows/gcp_test.yaml new file mode 100644 index 00000000..c441ee7d --- /dev/null +++ b/.github/workflows/gcp_test.yaml @@ -0,0 +1,25 @@ +name: List services in GCP +on: + pull_request: + branches: + - main + +permissions: + id-token: write + +jobs: + Get_OIDC_ID_token: + runs-on: ubuntu-latest + steps: + - id: "auth" + name: "Authenticate to GCP" + uses: "google-github-actions/auth@v0.3.1" + with: + create_credentials_file: "true" + workload_identity_provider: "https://iam.googleapis.com/projects/639940077006/locations/global/workloadIdentityPools/github-workflow/providers/github" + service_account: "glam-api-419002@appspot.gserviceaccount.com" + - id: "gcloud" + name: "gcloud" + run: |- + gcloud auth login --brief --cred-file="${{ steps.auth.outputs.credentials_file_path }}" + gcloud services list diff --git a/.github/workflows/pr_test_api.yml b/.github/workflows/pr_test_api.yml index a53e7714..9723b628 100644 --- a/.github/workflows/pr_test_api.yml +++ b/.github/workflows/pr_test_api.yml @@ -5,7 +5,7 @@ on: branches: ["main"] paths: - "api/**" - - ".github/workflows/**" + # - ".github/workflows/**" # Allows you to run this workflow manually from the Actions tab workflow_dispatch: