puppetlabs/infinitory
2
0
Fork 0
mirror of https://github.com/puppetlabs/infinitory.git synced 2026-01-26 02:08:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Release action needs id-token

Browse source
This commit is contained in:
suckatrash 2021-10-05 08:34:40 -07:00
parent 84d070b538
commit 5c4d9fce0c
No known key found for this signature in database
GPG key ID: 1A9EE78B881BED99
1 changed files with 20 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

30
.github/workflows/release.yml vendored
View file

@ -1,11 +1,19 @@
name: Publish App name: Publish App
on: workflow_dispatch on:
push:
tags:
- 'v*'
jobs: jobs:
publish-app: publish-app:
name: Tag Release and Publish to GCR name: Publish tagged release to GCR
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: 'read'
id-token: 'write'
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v2 uses: actions/checkout@v2
@ -16,14 +24,15 @@ jobs:
- name: Get Version - name: Get Version
id: get_version id: get_version
run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//} run: echo ::set-output name=VERSION::${GITHUB_REF##*/}
- name: 'Authenticate to Google Cloud' - name: 'Authenticate to Google Cloud'
id: 'auth' id: 'auth'
uses: 'google-github-actions/auth@v0.3.0' uses: 'google-github-actions/auth@v0.3.1'
with: with:
create_credentials_file: true token_format: 'access_token'
workload_identity_provider: 'projects/654128975483/locations/global/workloadIdentityPools/gh-action-pool' access_token_lifetime: '600s'
workload_identity_provider: 'projects/654128975483/locations/global/workloadIdentityPools/gh-action-pool/providers/github-action-provider'
service_account: 'gcr-gh-action@infracore.iam.gserviceaccount.com' service_account: 'gcr-gh-action@infracore.iam.gserviceaccount.com'
- name: Build & push Docker image - flask - name: Build & push Docker image - flask
@ -32,9 +41,10 @@ jobs:
image: infracore/infinitory-flask image: infracore/infinitory-flask
tags: ${{ steps.get_version.outputs.VERSION }} tags: ${{ steps.get_version.outputs.VERSION }}
registry: gcr.io registry: gcr.io
directory: infinitory-flask
dockerfile: infinitory-flask/Dockerfile dockerfile: infinitory-flask/Dockerfile
username: _json_key username: oauth2accesstoken
password: ${{ steps.auth.outputs.credentials_file_path }} password: ${{ steps.auth.outputs.access_token }}
- name: Build & push Docker image - cron - name: Build & push Docker image - cron
uses: mr-smithers-excellent/docker-build-push@v5 uses: mr-smithers-excellent/docker-build-push@v5
@ -43,5 +53,5 @@ jobs:
tags: ${{ steps.get_version.outputs.VERSION }} tags: ${{ steps.get_version.outputs.VERSION }}
registry: gcr.io registry: gcr.io
dockerfile: Dockerfile dockerfile: Dockerfile
username: _json_key username: oauth2accesstoken
password: ${{ steps.auth.outputs.credentials_file_path }} password: ${{ steps.auth.outputs.access_token }}