Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jsp): use OIDC/IF to upload #622

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

feat(jsp): use OIDC/IF to upload #622

wants to merge 3 commits into from

Conversation

srl295
Copy link
Member

@srl295 srl295 commented Dec 8, 2023
edited
Loading

For #46

Note this is just the automated deployment, see #621 for an update to the documentation.

@srl295
feat(jsp): use OIDC/IF to upload
10af16d 
- per  https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions
- Won't work yet due to admin snags
- NOTE: temporarily pushes on every commit to this branch

For #46
@srl295 srl295 self-assigned this Dec 8, 2023
@srl295 srl295 requested review from sffc and macchiati December 8, 2023 18:41
@srl295
Copy link
Member Author

srl295 commented Dec 8, 2023

OK I think this is ready to go pending clearing admin hurdles.

Error: Action failed with error: Error: Failed to generate Google Cloud federated token for projects/goog-unicode-dev/locations/global/workloadIdentityPools/pool1/providers/unicode-dev-provider: {"error":"invalid_target","error_description":"The target service indicated by the \"audience\" parameters is invalid. This might either be because the pool or provider is disabled or deleted or because it doesn't exist."}

sffc
sffc reviewed Dec 8, 2023
View reviewed changes
Copy link
Member

@sffc sffc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The OIDC stuff looks approximately right; we use it already in ICU4X to upload things to the project "dev-infra-273822". However, we can't yet create a provider for the project "goog-unicode-dev" as proposed in this PR.

https://github.com/unicode-org/icu4x/blob/e9316a33ced425dcd217bbf30d6cb31063a79600/.github/workflows/artifacts-build.yml#L69

@srl295
Copy link
Member Author

srl295 commented Dec 8, 2023

The OIDC stuff looks approximately right; we use it already in ICU4X to upload things to the project "dev-infra-273822". However, we can't yet create a provider for the project "goog-unicode-dev" as proposed in this PR.

https://github.com/unicode-org/icu4x/blob/e9316a33ced425dcd217bbf30d6cb31063a79600/.github/workflows/artifacts-build.yml#L69

is projects/… supposed to be a number?

Thanks… i tried to make it so it's ready to go once the auth stuff is cleared

@srl295 srl295 added the JSP UnicodeJsps label Dec 19, 2023
@markusicu
Copy link
Member

@srl295 PR from December, in draft state. Are you intending to continue work here and take it out of "draft", for review?

@srl295
Copy link
Member Author

srl295 commented May 28, 2024

@srl295 PR from December, in draft state. Are you intending to continue work here and take it out of "draft", for review?

It's blocked pending google implementation of the feature.

Any update @sffc ?

@sffc
Copy link
Member

sffc commented May 28, 2024

I pinged again for an update.

Google link: b/303659622

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sffc sffc sffc left review comments

@macchiati macchiati macchiati approved these changes

Assignees

@srl295 srl295

Labels
JSP UnicodeJsps
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@srl295 @markusicu @sffc @macchiati