feat: introduce service account keyless authentication

p1nkun1c0rns · Apr 11, 2024 · 9d7843f · 9d7843f
1 parent 40a6695
commit 9d7843f
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 10 deletions.
diff --git a/action.yml b/action.yml
@@ -10,7 +10,8 @@ inputs:
     required: true
   service_account_key:
     description: 'Base64 encoded JSON key for GCP service account'
-    required: true
+    required: false
+    default: ''
   image_name:
     description: 'Name of container image to be deployed'
     required: true

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -21,13 +21,13 @@ SERVICE_NAME_LENGTH_LIMIT=62
 
 set -e
 set -o pipefail
-
-echo "$INPUT_SERVICE_ACCOUNT_KEY" | base64 -d >key.json
-trap "{ rm -f key.json; }" EXIT
-
-enableDebug
-gcloud auth activate-service-account --key-file=key.json --project="$INPUT_PROJECT_ID"
-disableDebug
+if [ -n "$INPUT_SERVICE_ACCOUNT_KEY" ]; then
+  echo "$INPUT_SERVICE_ACCOUNT_KEY" | base64 -d >key.json
+  trap "{ rm -f key.json; }" EXIT
+  enableDebug
+  gcloud auth activate-service-account --key-file=key.json --project="$INPUT_PROJECT_ID"
+  disableDebug
+fi
 
 IMAGE_TAG="latest"
 if [ -n "$INPUT_IMAGE_TAG" ]; then

diff --git a/tests/run.bats b/tests/run.bats
@@ -51,8 +51,8 @@ function debug() {
 
   debug "${status}" "${output}" "${lines}"
 
-  echo $output | grep -q "Could not read json file key.json"
-  [[ "${status}" -eq 1 ]]
+  echo $output | grep -q "Deploying :latest as service"
+  [[ "${status}" -eq 2 ]]
 }
 
 @test "start hadolint" {