name: 'test' on: push: branches: - 'main' pull_request: branches: - 'main' jobs: unit: name: 'unit' runs-on: 'ubuntu-latest' steps: - uses: 'actions/checkout@v2' - uses: 'actions/setup-node@v2' with: node-version: '12.x' - name: 'npm install' run: 'npm install' - name: 'npm lint' run: 'npm run lint' - name: 'npm test' run: 'npm run test' credentials_json: name: 'credentials_json' runs-on: '${{ matrix.os }}' strategy: fail-fast: false matrix: os: - 'ubuntu-latest' - 'windows-latest' - 'macos-latest' steps: - uses: 'actions/checkout@v2' - uses: 'actions/setup-node@v2' with: node-version: '12.x' - id: 'auth-default' name: 'auth-default' uses: './' with: credentials_json: '${{ secrets.GOOGLE_CREDENTIALS }}' - id: 'setup-gcloud' name: 'setup-gcloud' uses: 'google-github-actions/setup-gcloud@master' - id: 'gcloud' name: 'gcloud' shell: 'bash' run: |- gcloud secrets versions access "latest" --secret "my-secret" - id: 'auth-access-token' name: 'auth-access-token' uses: './' with: credentials_json: '${{ secrets.GOOGLE_CREDENTIALS }}' token_format: 'access_token' - id: 'access-token' name: 'access-token' shell: 'bash' run: |- curl https://secretmanager.googleapis.com/v1/projects/${{ steps.auth-access-token.outputs.project_id }}/secrets/my-secret/versions/latest:access \ --silent \ --show-error \ --fail \ --header "Authorization: Bearer ${{ steps.auth-access-token.outputs.access_token }}" - id: 'auth-id-token' name: 'auth-id-token' uses: './' with: credentials_json: '${{ secrets.GOOGLE_CREDENTIALS }}' token_format: 'id_token' id_token_audience: 'https://secretmanager.googleapis.com/' id_token_include_email: true workload_identity_federation: name: 'workload_identity_federation' runs-on: '${{ matrix.os }}' strategy: fail-fast: false matrix: os: - 'ubuntu-latest' - 'windows-latest' - 'macos-latest' permissions: id-token: 'write' steps: - uses: 'actions/checkout@v2' - uses: 'actions/setup-node@v2' with: node-version: '12.x' - id: 'auth-default' name: 'auth-default' uses: './' with: workload_identity_provider: 'projects/469401941463/locations/global/workloadIdentityPools/github-actions/providers/google-github-actions' service_account: 'github-secret-accessor@actions-oidc-test.iam.gserviceaccount.com' - id: 'setup-gcloud' name: 'setup-gcloud' uses: 'google-github-actions/setup-gcloud@master' - id: 'gcloud' name: 'gcloud' shell: 'bash' run: |- gcloud secrets versions access "latest" --secret "my-secret" - id: 'auth-access-token' name: 'auth-access-token' uses: './' with: workload_identity_provider: 'projects/469401941463/locations/global/workloadIdentityPools/github-actions/providers/google-github-actions' service_account: 'github-secret-accessor@actions-oidc-test.iam.gserviceaccount.com' token_format: 'access_token' - id: 'access-token' name: 'access-token' shell: 'bash' run: |- curl https://secretmanager.googleapis.com/v1/projects/${{ steps.auth-access-token.outputs.project_id }}/secrets/my-secret/versions/latest:access \ --silent \ --show-error \ --fail \ --header "Authorization: Bearer ${{ steps.auth-access-token.outputs.access_token }}" - id: 'auth-id-token' name: 'auth-id-token' uses: './' with: workload_identity_provider: 'projects/469401941463/locations/global/workloadIdentityPools/github-actions/providers/google-github-actions' service_account: 'github-secret-accessor@actions-oidc-test.iam.gserviceaccount.com' token_format: 'id_token' id_token_audience: 'https://secretmanager.googleapis.com/' id_token_include_email: true