Skip to content

Commit

Permalink
Force authentication if GOOGLE_GHA_CREDS_PATH is set (#587)
Browse files Browse the repository at this point in the history
* Force authentication if GOOGLE_GHA_CREDS_PATH is set

* Upgrade to latest setup-cloud-sdk package
  • Loading branch information
sethvargo authored Nov 10, 2022
1 parent 5c6749c commit 1e0945d
Show file tree
Hide file tree
Showing 6 changed files with 54 additions and 29 deletions.
8 changes: 6 additions & 2 deletions .github/workflows/setup-gcloud-it.yml
Original file line number Diff line number Diff line change
Expand Up @@ -372,8 +372,8 @@ jobs:
- uses: google-github-actions/auth@main
with:
workload_identity_provider: ${{ secrets.WIF_PROVIDER_NAME }}
service_account: ${{ secrets.OIDC_AUTH_SA_EMAIL }}
workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
service_account: '${{ secrets.OIDC_AUTH_SA_EMAIL }}'

- name: 'setup-gcloud'
uses: './'
Expand All @@ -385,6 +385,10 @@ jobs:
CURRENT_SA=$(gcloud auth list --format="value(account)" --filter="(status=ACTIVE)")
if [ ${{ secrets.OIDC_AUTH_SA_EMAIL }} != $CURRENT_SA ]; then exit 1; fi
- uses: google-github-actions/auth@main
with:
credentials_json: '${{ secrets.SETUP_GCLOUD_IT_KEY }}'

- name: setup-gcloud
uses: ./
with:
Expand Down
2 changes: 1 addition & 1 deletion dist/main/index.js

Large diffs are not rendered by default.

50 changes: 25 additions & 25 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
"@actions/core": "^1.10.0",
"@actions/tool-cache": "^2.0.1",
"@google-github-actions/actions-utils": "^0.4.3",
"@google-github-actions/setup-cloud-sdk": "^0.5.2"
"@google-github-actions/setup-cloud-sdk": "^1.0.0"
},
"devDependencies": {
"@types/chai": "^4.3.4",
Expand Down
12 changes: 12 additions & 0 deletions src/setup-gcloud.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
import * as core from '@actions/core';
import * as toolCache from '@actions/tool-cache';
import {
authenticateGcloudSDK,
getLatestGcloudSDKVersion,
installComponent,
installGcloudSDK,
Expand Down Expand Up @@ -60,6 +61,17 @@ export async function run(): Promise<void> {
await installComponent(components.split(',').map((comp) => comp.trim()));
}

// Authenticate - this comes from google-github-actions/auth
const credFile = process.env.GOOGLE_GHA_CREDS_PATH;
if (credFile) {
await authenticateGcloudSDK(credFile);
core.info('Successfully authenticated');
} else {
core.warning(
'No authentication found for gcloud, authenticate with `google-github-actions/auth`.',
);
}

// Set the project ID, if given.
const projectId = core.getInput('project_id');
if (projectId) {
Expand Down
9 changes: 9 additions & 0 deletions tests/setup-gcloud.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ describe('#run', function () {
exportVariable: sinon.stub(core, 'exportVariable'),
setFailed: sinon.stub(core, 'setFailed'),
warning: sinon.stub(core, 'warning'),
authenticateGcloudSDK: sinon.stub(setupGcloud, 'authenticateGcloudSDK'),
installGcloudSDK: sinon.stub(setupGcloud, 'installGcloudSDK'),
isInstalled: sinon.stub(setupGcloud, 'isInstalled').returns(false),
setProject: sinon.stub(setupGcloud, 'setProject'),
Expand Down Expand Up @@ -114,6 +115,14 @@ describe('#run', function () {
expect(this.stubs.installComponent.callCount).to.eq(1);
});

it('authenticates if GOOGLE_GHA_CREDS is set', async function () {
this.stubs.env
.value({ GOOGLE_GHA_CREDS_PATH: 'foo/bar/path.json' })
.returns('{}');
await run();
expect(this.stubs.authenticateGcloudSDK.callCount).to.eq(1);
});

it('sets the project ID if provided', async function () {
this.stubs.getInput.withArgs('project_id').returns('test');
await run();
Expand Down

0 comments on commit 1e0945d

Please sign in to comment.