github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Integration: Switch to using auth Gcloud action in Windows workflow.

Browse Source 
Following the forking of `github-google-actions/setup-gcloud` into
individual actions, the functionality for authenticating on Google
Cloud within GitHub workflows has been moved to the
`github-google-actions/auth` action.

This patch updates the Windows Periodic Integration test workflow to use
the new `auth` action, as well as switching to using Workload Identity
Federation-based authorization which is superseding the Service Account
Key-based authorization the Windows Periodic workflow was using thus far.

Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
This commit is contained in:
Nashwan Azhari 2021-12-24 10:25:45 +02:00
parent bce18cb04f
commit 8a2b61356d
2 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/windows-periodic-trigger.yml vendored
View File

@ -21,5 +21,5 @@ jobs:
secrets: secrets:
AZURE_SUB_ID: "${{ secrets.AZURE_SUB_ID }}" AZURE_SUB_ID: "${{ secrets.AZURE_SUB_ID }}"
AZURE_CREDS: "${{ secrets.AZURE_CREDS }}" AZURE_CREDS: "${{ secrets.AZURE_CREDS }}"
GCP_PROJECT_ID: "${{ secrets.GCP_PROJECT_ID }}" GCP_SERVICE_ACCOUNT: "${{ secrets.GCP_SERVICE_ACCOUNT }}"
GCP_SA_KEY: "${{ secrets.GCP_SA_KEY }}" GCP_WORKLOAD_IDENTITY_PROVIDER: "${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}"

26
.github/workflows/windows-periodic.yml vendored
View File

@ -10,9 +10,9 @@ on:
required: true required: true
AZURE_CREDS: AZURE_CREDS:
required: true required: true
GCP_PROJECT_ID: GCP_SERVICE_ACCOUNT:
required: true required: true
GCP_SA_KEY: GCP_WORKLOAD_IDENTITY_PROVIDER:
required: true required: true
env: env:
@ -30,6 +30,10 @@ env:
jobs: jobs:
winIntegration: winIntegration:
# NOTE: the following permissions are required by `google-github-actions/auth`:
permissions:
contents: 'read'
id-token: 'write'
strategy: strategy:
matrix: matrix:
win_ver: [ltsc2019, ltsc2022] win_ver: [ltsc2019, ltsc2022]
@ -197,16 +201,18 @@ jobs:
- name: AssignGcpCreds - name: AssignGcpCreds
id: AssignGcpCreds id: AssignGcpCreds
run: | run: |
echo '::set-output name=GCP_PROJECT_ID::${{ secrets.GCP_PROJECT_ID }}' echo '::set-output name=GCP_SERVICE_ACCOUNT::${{ secrets.GCP_SERVICE_ACCOUNT }}'
echo '::set-output name=GCP_SA_KEY::${{ secrets.GCP_SA_KEY }}' echo '::set-output name=GCP_WORKLOAD_IDENTITY_PROVIDER::${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}'
- name: SetUpCloudSDK - name: AuthGcp
if: steps.AssignGcpCreds.outputs.GCP_PROJECT_ID && steps.AssignGcpCreds.outputs.GCP_SA_KEY uses: google-github-actions/auth@v0
uses: google-github-actions/setup-gcloud@master if: steps.AssignGcpCreds.outputs.GCP_SERVICE_ACCOUNT && steps.AssignGcpCreds.outputs.GCP_WORKLOAD_IDENTITY_PROVIDER
with: with:
project_id: ${{ secrets.GCP_PROJECT_ID }} service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
service_account_key: ${{ secrets.GCP_SA_KEY }} workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
export_default_credentials: true
- name: SetUpGcpSdk
uses: google-github-actions/setup-gcloud@master
- name: UploadArtifacts - name: UploadArtifacts
if: steps.AssignGcpCreds.outputs.GCP_PROJECT_ID && steps.AssignGcpCreds.outputs.GCP_SA_KEY if: steps.AssignGcpCreds.outputs.GCP_PROJECT_ID && steps.AssignGcpCreds.outputs.GCP_SA_KEY