This is needed in order for this example to "work". The runner that
needs to be picked is specified above, but it's still handy if we can
simply copy / paste from the README.
<!--
Thank you for proposing a pull request! Please note that SOME TESTS WILL
LIKELY FAIL due to how GitHub exposes secrets in Pull Requests from
forks.
Someone from the team will review your Pull Request and respond.
Please describe your change and any implementation details below.
-->
Closes https://github.com/google-github-actions/auth/pull/375
(Opening as me to trigger CI)
---------
Signed-off-by: Andrew Howden <hello@andrewhowden.com>
Signed-off-by: Seth Vargo <seth@sethvargo.com>
Co-authored-by: Andrew Howden <hello@andrewhowden.com>
This adds a new authentication mode, Direct Workload Identity
Federation. This new mode permits authenticating to Google Cloud
directly using the GitHub Actions OIDC token instead of proxying through
a Google Cloud Service Account.
This changes the default behavior to enable retries. Retry logic has
existed for awhile, but required direct user action to enable. This
enables 3 retries with a fibonacci backoff of 250ms by default to handle
transient communication errors with upstream APIs.
I really struggleded several days with this and thankfully i found
https://github.com/google-github-actions/auth/issues/77#issuecomment-990371420
big thanks to @sethvargo ❤
as @dobromyslov already said, this should be documented
so I went ahead and created added a paragrah for this use case
---------
Signed-off-by: Daniel Brown <djbrown@users.noreply.github.com>
<!--
Thank you for proposing a pull request! Please note that SOME TESTS WILL
LIKELY FAIL due to how GitHub exposes secrets in Pull Requests from
forks.
Someone from the team will review your Pull Request and respond.
Please describe your change and any implementation details below.
-->
---------
Signed-off-by: Kevin Cheung <kevinthecheung@users.noreply.github.com>
<!--
Thank you for proposing a pull request! Please note that SOME TESTS WILL
LIKELY FAIL due to how GitHub exposes secrets in Pull Requests from
forks.
Someone from the team will review your Pull Request and respond.
Please describe your change and any implementation details below.
-->
There's a chicken-and-egg problem here where we want to have the docs
reflect v1 (so the github marketplace shows the right thing), but we
can't cut v1 until the docs are updated.
This allows users to opt-out of exporting environment variables. This might be helpful if they **don't** want future steps to be authenticated, or if the exported environment variables conflict with other values.
There have been a number of GitHub issues recently due to users not adding actions/checkout before calling "auth", which makes the credentials unavailable to future steps. Worse, some people are putting checkout _after_ auth, which overwrites the generated credentials with a checkout of the repo.
This adds a feature that emits a warning with the workspace is empty.
