another try at inheriting secrets

centrifuge · Jan 26, 2024 · cf4a88d · cf4a88d
1 parent 015e713
commit cf4a88d
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/.github/actions/discover_function/action.yml b/.github/actions/discover_function/action.yml
@@ -24,10 +24,12 @@ runs:
     - name: Auth gcloud
       id: gauth
       uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1
+      env:
+        GSA: ${{ inputs.GSA }}
+        GWIP: ${{ inputs.GWIP }}
       with:
-        workload_identity_provider: '${{ inputs.GWIP }}'
-        service_account: '${{ inputs.GSA }}'
-
+        workload_identity_provider: ${{ env.GWIP }}
+        service_account: ${{ env.GSA }}
     # Install gcloud, `setup-gcloud` automatically picks up authentication from `auth`.
     - name: Set up Cloud SDK
       uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1

diff --git a/.github/workflows/website-deploy.yml b/.github/workflows/website-deploy.yml
@@ -20,6 +20,10 @@ concurrency:
 jobs:
   build-web:
     runs-on: ubuntu-latest
+    environment: ${{ inputs.deploy_env || 'gcloud-dev' }}
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Checkout
         uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #@v3.1.0