-
Notifications
You must be signed in to change notification settings - Fork 33
36 lines (30 loc) · 1.38 KB
/
oidc.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: "Example: GCP Workload identity Federation"
on:
workflow_dispatch: {}
jobs:
connect:
runs-on: ubuntu-latest
permissions:
id-token: 'write' # Required for requesting the JWT
contents: 'read' # Required for actions/checkout
steps:
# actions/checkout MUST come before auth
- uses: 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683' # v4 # Checkout your repository
# Authenticate to Google Cloud using the workload identity federation
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f' # v2
with:
create_credentials_file: 'true' # Create a credentials file
# Set the workload identity provider and service account
workload_identity_provider: 'projects/970557914270/locations/global/workloadIdentityPools/raspbernetes-oidc-pool/providers/github-provider'
service_account: 'raspbernetes-oidc-sa@raspbernetes.iam.gserviceaccount.com'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a' # v2
- id: 'gcloud'
name: 'gcloud'
run: |-
gcloud auth login --brief --cred-file="${{ steps.auth.outputs.credentials_file_path }}"
gcloud services list