From cf4a88d894a8be597d55e0b8576233a3a72500b9 Mon Sep 17 00:00:00 2001 From: Guillermo Perez Date: Fri, 26 Jan 2024 12:35:13 +0100 Subject: [PATCH] another try at inheriting secrets --- .github/actions/discover_function/action.yml | 8 +++++--- .github/workflows/website-deploy.yml | 4 ++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/actions/discover_function/action.yml b/.github/actions/discover_function/action.yml index 2fc8b529..30716d44 100644 --- a/.github/actions/discover_function/action.yml +++ b/.github/actions/discover_function/action.yml @@ -24,10 +24,12 @@ runs: - name: Auth gcloud id: gauth uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1 + env: + GSA: ${{ inputs.GSA }} + GWIP: ${{ inputs.GWIP }} with: - workload_identity_provider: '${{ inputs.GWIP }}' - service_account: '${{ inputs.GSA }}' - + workload_identity_provider: ${{ env.GWIP }} + service_account: ${{ env.GSA }} # Install gcloud, `setup-gcloud` automatically picks up authentication from `auth`. - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1 diff --git a/.github/workflows/website-deploy.yml b/.github/workflows/website-deploy.yml index bef03be3..b1eea542 100644 --- a/.github/workflows/website-deploy.yml +++ b/.github/workflows/website-deploy.yml @@ -20,6 +20,10 @@ concurrency: jobs: build-web: runs-on: ubuntu-latest + environment: ${{ inputs.deploy_env || 'gcloud-dev' }} + permissions: + contents: read + id-token: write steps: - name: Checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #@v3.1.0