From b1eabfb79383e2a28fedae72afe8a561f0fd1e65 Mon Sep 17 00:00:00 2001 From: Richard McCarthy Date: Mon, 24 Jun 2024 12:14:00 +0100 Subject: [PATCH 1/8] test keyless authentication --- .github/workflows/pull_request.yml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 90618f1..00ce9e9 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -10,20 +10,24 @@ jobs: docker-push: runs-on: ubuntu-22.04 steps: + - id: 'auth' + name: 'Authenticate to Google Cloud' + uses: 'google-github-actions/auth@v0.4.0' + with: + workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' + service_account: 'my-service-account@my-project.iam.gserviceaccount.com' - uses: actions/checkout@v3 - name: Set Tag and SHA run: | - CLEAN_TAG=$(echo "${{ github.event.pull_request.head.ref }}" | tr / -) + CLEAN_TAG=$(echo "${{ github.event.pull_request.head.ref }}" | tr / -) echo "TAG=$CLEAN_TAG" >> $GITHUB_ENV echo "SHA=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV - name: Build run: > - docker build -t ${{ secrets.GAR_LOCATION }}/${{ secrets.GAR_PROJECT_ID }}/docker-images/eq-runner-maintenance-page:$TAG . + docker build -t europe-west2-docker.pkg.dev/rich-gar/docker-images/eq-runner-maintenance-page:$TAG . - name: Push to GAR - env: - GAR_SERVICE_KEY: ${{ secrets.GAR_SERVICE_KEY }} run: | - echo $GAR_SERVICE_KEY | docker login -u _json_key --password-stdin https://${{ secrets.GAR_LOCATION }} - gcloud auth configure-docker ${{ secrets.GAR_LOCATION }} + docker login -u _json_key --password-stdin https://europe-west2-docker.pkg.dev + gcloud auth configure-docker europe-west2-docker.pkg.dev echo "Pushing to GAR with tag $TAG" - docker push ${{ secrets.GAR_LOCATION }}/${{ secrets.GAR_PROJECT_ID }}/docker-images/eq-runner-maintenance-page:$TAG + docker push europe-west2-docker.pkg.dev/rich-gar/docker-images/eq-runner-maintenance-page:$TAG From 7ad697b0e020ff9f6d02cc5f6d40c6a2de28ecfc Mon Sep 17 00:00:00 2001 From: Richard McCarthy Date: Mon, 24 Jun 2024 12:14:58 +0100 Subject: [PATCH 2/8] test --- .github/PULL_REQUEST_TEMPLATE.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index b2b2ba2..fe4b851 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -3,3 +3,4 @@ Describe what you have changed and why, link to other PRs or Issues as appropria ### How to review Describe the steps required to test the changes (include screenshots if appropriate). +ghfjghfd From f2c597361a08dbc52bcf21a47d2f3bae6b86b53c Mon Sep 17 00:00:00 2001 From: Richard McCarthy Date: Mon, 24 Jun 2024 12:17:50 +0100 Subject: [PATCH 3/8] test --- .github/PULL_REQUEST_TEMPLATE.md | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index fe4b851..b2b2ba2 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -3,4 +3,3 @@ Describe what you have changed and why, link to other PRs or Issues as appropria ### How to review Describe the steps required to test the changes (include screenshots if appropriate). -ghfjghfd From d10aa360351279c1f841fcbb893e4aae7baddac0 Mon Sep 17 00:00:00 2001 From: Richard McCarthy Date: Mon, 24 Jun 2024 13:41:29 +0100 Subject: [PATCH 4/8] test --- .github/workflows/pull_request.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 00ce9e9..459aa90 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -12,10 +12,10 @@ jobs: steps: - id: 'auth' name: 'Authenticate to Google Cloud' + uses: 'actions/checkout@v4' uses: 'google-github-actions/auth@v0.4.0' with: - workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' - service_account: 'my-service-account@my-project.iam.gserviceaccount.com' + workload_identity_provider: 'projects/rich-gar/locations/global/workloadIdentityPools/my-pool/providers/my-provider' - uses: actions/checkout@v3 - name: Set Tag and SHA run: | From 1fe04def90a1ace589dc876e54d1321618fb7162 Mon Sep 17 00:00:00 2001 From: Richard McCarthy Date: Mon, 24 Jun 2024 13:42:45 +0100 Subject: [PATCH 5/8] test --- .github/workflows/pull_request.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 459aa90..1ad10df 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -16,7 +16,6 @@ jobs: uses: 'google-github-actions/auth@v0.4.0' with: workload_identity_provider: 'projects/rich-gar/locations/global/workloadIdentityPools/my-pool/providers/my-provider' - - uses: actions/checkout@v3 - name: Set Tag and SHA run: | CLEAN_TAG=$(echo "${{ github.event.pull_request.head.ref }}" | tr / -) From 4ba332c4035d7fc793b0901d10ad4c1deb398ac3 Mon Sep 17 00:00:00 2001 From: Richard McCarthy Date: Mon, 24 Jun 2024 13:58:51 +0100 Subject: [PATCH 6/8] test --- .github/workflows/pull_request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 1ad10df..81e24d1 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -10,9 +10,9 @@ jobs: docker-push: runs-on: ubuntu-22.04 steps: + - uses: 'actions/checkout@v4' - id: 'auth' name: 'Authenticate to Google Cloud' - uses: 'actions/checkout@v4' uses: 'google-github-actions/auth@v0.4.0' with: workload_identity_provider: 'projects/rich-gar/locations/global/workloadIdentityPools/my-pool/providers/my-provider' From b64f1513c70d3a6afb395c323528b64573a10604 Mon Sep 17 00:00:00 2001 From: Richard McCarthy Date: Mon, 24 Jun 2024 14:30:59 +0100 Subject: [PATCH 7/8] test --- .github/workflows/pull_request.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 81e24d1..eb5704d 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -15,7 +15,8 @@ jobs: name: 'Authenticate to Google Cloud' uses: 'google-github-actions/auth@v0.4.0' with: - workload_identity_provider: 'projects/rich-gar/locations/global/workloadIdentityPools/my-pool/providers/my-provider' + workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ secrets.GAR_SERVICE_ACCOUNT }} - name: Set Tag and SHA run: | CLEAN_TAG=$(echo "${{ github.event.pull_request.head.ref }}" | tr / -) @@ -23,10 +24,10 @@ jobs: echo "SHA=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV - name: Build run: > - docker build -t europe-west2-docker.pkg.dev/rich-gar/docker-images/eq-runner-maintenance-page:$TAG . + docker build -t ${{ secrets.GAR_LOCATION }}/${{ secrets.GAR_PROJECT_ID }}/docker-images/eq-runner-maintenance-page:$TAG . - name: Push to GAR run: | - docker login -u _json_key --password-stdin https://europe-west2-docker.pkg.dev - gcloud auth configure-docker europe-west2-docker.pkg.dev + docker login -u _json_key --password-stdin https://${{ secrets.GAR_LOCATION }} + gcloud auth configure-docker ${{ secrets.GAR_LOCATION }} echo "Pushing to GAR with tag $TAG" - docker push europe-west2-docker.pkg.dev/rich-gar/docker-images/eq-runner-maintenance-page:$TAG + docker push ${{ secrets.GAR_LOCATION }}/${{ secrets.GAR_PROJECT_ID }}/docker-images/eq-runner-maintenance-page:$TAG From 791db286c1d68bf386ffc8ce15b763452b64ea35 Mon Sep 17 00:00:00 2001 From: Richard McCarthy Date: Mon, 24 Jun 2024 14:32:21 +0100 Subject: [PATCH 8/8] test --- .github/workflows/pull_request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index eb5704d..2eab21c 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -13,7 +13,7 @@ jobs: - uses: 'actions/checkout@v4' - id: 'auth' name: 'Authenticate to Google Cloud' - uses: 'google-github-actions/auth@v0.4.0' + uses: 'google-github-actions/auth@v2.1.3' with: workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} service_account: ${{ secrets.GAR_SERVICE_ACCOUNT }}