actions/auth
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

chore: switch to using test-infra resources (#44)

Browse Source 
* chore: switch to using test-infra resources

* swap secret name
This commit is contained in:
Bharath KKB 2021-11-09 21:40:23 -06:00 committed by GitHub
parent a61909d048
commit 19e4d7845e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
.github/workflows/test.yaml vendored
View File

@ -84,7 +84,7 @@ jobs:
name: 'auth-default'
uses: './'
with:
credentials_json: '${{ secrets.GOOGLE_CREDENTIALS }}'
credentials_json: '${{ secrets.AUTH_SA_KEY_JSON }}'
- id: 'setup-gcloud'
name: 'setup-gcloud'
@ -94,20 +94,20 @@ jobs:
name: 'gcloud'
shell: 'bash'
run: |-
gcloud secrets versions access "latest" --secret "my-secret"
gcloud secrets versions access "latest" --secret "${{ secrets.OIDC_AUTH_TEST_SECRET_NAME }}"
- id: 'auth-access-token'
name: 'auth-access-token'
uses: './'
with:
credentials_json: '${{ secrets.GOOGLE_CREDENTIALS }}'
credentials_json: '${{ secrets.AUTH_SA_KEY_B64 }}'
token_format: 'access_token'
- id: 'access-token'
name: 'access-token'
shell: 'bash'
run: |-
curl https://secretmanager.googleapis.com/v1/projects/${{ steps.auth-access-token.outputs.project_id }}/secrets/my-secret/versions/latest:access \
curl https://secretmanager.googleapis.com/v1/projects/${{ steps.auth-access-token.outputs.project_id }}/secrets/${{ secrets.OIDC_AUTH_TEST_SECRET_NAME }}/versions/latest:access \
--silent \
--show-error \
--fail \
@ -117,7 +117,7 @@ jobs:
name: 'auth-id-token'
uses: './'
with:
credentials_json: '${{ secrets.GOOGLE_CREDENTIALS }}'
credentials_json: '${{ secrets.AUTH_SA_KEY_JSON }}'
token_format: 'id_token'
id_token_audience: 'https://secretmanager.googleapis.com/'
id_token_include_email: true
@ -149,8 +149,8 @@ jobs:
name: 'auth-default'
uses: './'
with:
workload_identity_provider: 'projects/469401941463/locations/global/workloadIdentityPools/github-actions/providers/google-github-actions'
service_account: 'github-secret-accessor@actions-oidc-test.iam.gserviceaccount.com'
workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
service_account: '${{ secrets.OIDC_AUTH_SA_EMAIL }}'
- id: 'setup-gcloud'
name: 'setup-gcloud'
@ -160,21 +160,21 @@ jobs:
name: 'gcloud'
shell: 'bash'
run: |-
gcloud secrets versions access "latest" --secret "my-secret"
gcloud secrets versions access "latest" --secret "${{ secrets.OIDC_AUTH_TEST_SECRET_NAME }}"
- id: 'auth-access-token'
name: 'auth-access-token'
uses: './'
with:
workload_identity_provider: 'projects/469401941463/locations/global/workloadIdentityPools/github-actions/providers/google-github-actions'
service_account: 'github-secret-accessor@actions-oidc-test.iam.gserviceaccount.com'
workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
service_account: '${{ secrets.OIDC_AUTH_SA_EMAIL }}'
token_format: 'access_token'
- id: 'access-token'
name: 'access-token'
shell: 'bash'
run: |-
curl https://secretmanager.googleapis.com/v1/projects/${{ steps.auth-access-token.outputs.project_id }}/secrets/my-secret/versions/latest:access \
curl https://secretmanager.googleapis.com/v1/projects/${{ steps.auth-access-token.outputs.project_id }}/secrets/${{ secrets.OIDC_AUTH_TEST_SECRET_NAME }}/versions/latest:access \
--silent \
--show-error \
--fail \
@ -184,8 +184,8 @@ jobs:
name: 'auth-id-token'
uses: './'
with:
workload_identity_provider: 'projects/469401941463/locations/global/workloadIdentityPools/github-actions/providers/google-github-actions'
service_account: 'github-secret-accessor@actions-oidc-test.iam.gserviceaccount.com'
workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
service_account: '${{ secrets.OIDC_AUTH_SA_EMAIL }}'
token_format: 'id_token'
id_token_audience: 'https://secretmanager.googleapis.com/'
id_token_include_email: true