-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.yml
59 lines (59 loc) · 2.53 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: 'Authenticate to Google Cloud'
description: 'Authenticate to Google Cloud with GitHub Actions OIDC tokens and Workload Identity Federation and setup gcloud'
inputs:
workload_identity_provider:
description: GCP Workload Identity Pool Provider ID (e.g. projects/<project-number>/locations/global/workloadIdentityPools/<pool>/providers/<id>)
required: true
gcp_service_account:
description: GCP service Account
required: true
use_system_gcloud:
description: Set to false to install latest gcloud from web. False is required in order to install additional components
required: false
default: "true"
outputs:
project_id:
description: |-
Provided or extracted value for the Google Cloud project ID.
credentials_file_path:
description: |-
Path on the local filesystem where the generated credentials file resides.
This is only available if "create_credentials_file" was set to true.
access_token:
description: |-
The Google Cloud access token for calling other Google Cloud APIs. This is
only available when "token_format" is "access_token".
access_token_expiration:
description: |-
The RFC3339 UTC "Zulu" format timestamp for the access token. This is only
available when "token_format" is "access_token".
id_token:
description: |-
The Google Cloud ID token. This is only available when "token_format" is
"id_token".
runs:
using: "composite"
steps:
- name: 'Authenticate to Google Cloud'
id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ inputs.workload_identity_provider}}
service_account: ${{ inputs.gcp_service_account }}
- name: Set outputs
shell: bash
run: |
echo project_id="${{ steps.auth.outputs.project_id }}" >> $GITHUB_OUTPUT
echo credentials_file_path="${{ steps.auth.outputs.credentials_file_path }}" >> $GITHUB_OUTPUT
echo access_token="${{ steps.auth.outputs.access_token }}" >> $GITHUB_OUTPUT
echo access_token_expiration="${{ steps.auth.outputs.access_token_expiration }}" >> $GITHUB_OUTPUT
echo id_token="${{ steps.auth.outputs.id_token }}" >> $GITHUB_OUTPUT
- name: 'Set up Cloud SDK'
#if: ${{ inputs.only_auth != 'true' }}
uses: google-github-actions/setup-gcloud@v2
with:
# Save ~20 seconds by using the gcloud that ships with the default github actions runner (n)
skip_install: ${{ inputs.use_system_gcloud }}
- name: Debug gcloud auth
shell: bash
run: gcloud auth list