diff --git a/.github/workflows/release.yml b/.github/workflows/publish_app_engine.yml similarity index 100% rename from .github/workflows/release.yml rename to .github/workflows/publish_app_engine.yml diff --git a/.github/workflows/publish_static.yml b/.github/workflows/publish_static.yml new file mode 100644 index 0000000..4036580 --- /dev/null +++ b/.github/workflows/publish_static.yml @@ -0,0 +1,32 @@ +name: Publish static files to a cloud bucket + +on: + workflow_dispatch: + push: + branches: + - main + +jobs: + Deploy: + runs-on: ubuntu-latest + permissions: + contents: 'read' + id-token: 'write' + + steps: + - uses: 'actions/checkout@v4' + + - id: 'auth' + uses: 'google-github-actions/auth@v2.1.3' + with: + project_id: 'probcomp-caliban' + workload_identity_provider: 'projects/110275315150/locations/global/workloadIdentityPools/gen-website-private-publishers/providers/github' + service_account: 'gen-website-private-admin@probcomp-caliban.iam.gserviceaccount.com' + audience: '//iam.googleapis.com/projects/110275315150/locations/global/workloadIdentityPools/gen-website-private-publishers/providers/github' + - name: Create info.json + run: | + echo '{ "createdAt": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'" }' > ./public/info.json + - id: 'deploy' + run: | + gcloud storage rsync --recursive ./public gs://gen-website-private/${{github.repository}} + \ No newline at end of file diff --git a/README.md b/README.md index 5f59b16..ea5a130 100644 --- a/README.md +++ b/README.md @@ -24,4 +24,6 @@ We will now find in our GCP account: - Cloud Build Service Account - Workload Identity User -To run this in a different repository, you'll need to edit the identity pool's [github provider](https://console.cloud.google.com/iam-admin/workload-identity-pools/pool/app-engine-publishers/provider/github?project=probcomp-caliban), specifically the "Attribute Conditions". \ No newline at end of file +To run this in a different repository, you'll need to edit the identity pool's [github provider](https://console.cloud.google.com/iam-admin/workload-identity-pools/pool/app-engine-publishers/provider/github?project=probcomp-caliban), specifically the "Attribute Conditions". + +I also created an identity for publishing to the `gen-website-private` bucket called `gen-website-private-publishers`. \ No newline at end of file