Skip to content

Commit

Permalink
Switch to pull non-secret values from env (google-github-actions#624)
Browse files Browse the repository at this point in the history
  • Loading branch information
sethvargo authored Mar 24, 2023
1 parent 32963c5 commit 4e64424
Show file tree
Hide file tree
Showing 6 changed files with 14 additions and 14 deletions.
16 changes: 8 additions & 8 deletions .github/workflows/integration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -84,28 +84,28 @@ jobs:
- name: 'Set project ID'
uses: './'
with:
project_id: '${{ secrets.PROJECT_ID }}'
project_id: '${{ vars.PROJECT_ID }}'

- name: 'Check project ID'
run: 'npm run integration'
env:
TEST_PROJECT_ID: '${{ secrets.PROJECT_ID }}'
TEST_PROJECT_ID: '${{ vars.PROJECT_ID }}'

# Authenticate via WIF
- name: 'Authenticate via WIF'
uses: 'google-github-actions/auth@main'
with:
workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
service_account: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
workload_identity_provider: '${{ vars.WIF_PROVIDER_NAME }}'
service_account: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'

- name: 'Setup gcloud with WIF'
uses: './'

- name: 'Check WIF authentication'
run: 'npm run integration'
env:
TEST_ACCOUNT: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
TEST_PROJECT_ID: '${{ secrets.PROJECT_ID }}'
TEST_ACCOUNT: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
TEST_PROJECT_ID: '${{ vars.PROJECT_ID }}'

# Authenticate via SAKE
- name: 'Authenticate via SAKE'
Expand All @@ -119,5 +119,5 @@ jobs:
- name: 'Check SAKE authentication'
run: 'npm run integration'
env:
TEST_ACCOUNT: '${{ secrets.SERVICE_ACCOUNT_EMAIL }}'
TEST_PROJECT_ID: '${{ secrets.PROJECT_ID }}'
TEST_ACCOUNT: '${{ vars.SERVICE_ACCOUNT_EMAIL }}'
TEST_PROJECT_ID: '${{ vars.PROJECT_ID }}'
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ on:
- 'main'

env:
PROJECT_ID: ${{ secrets.RUN_PROJECT }}
PROJECT_ID: ${{ vars.RUN_PROJECT }}
SERVICE_NAME: helloworld-nodejs

jobs:
Expand All @@ -43,7 +43,7 @@ jobs:
uses: 'google-github-actions/auth@v1'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: '${{ secrets.RUN_SA_EMAIL }}'
service_account: '${{ vars.RUN_SA_EMAIL }}'

# Alternative option - authentication via credentials json
# - id: 'auth'
Expand Down
2 changes: 1 addition & 1 deletion example-workflows/cloud-run/cloud-run.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ on:

name: Build and Deploy to Cloud Run
env:
PROJECT_ID: ${{ secrets.GCP_PROJECT }}
PROJECT_ID: ${{ vars.GCP_PROJECT }}
SERVICE: YOUR_SERVICE_NAME
REGION: YOUR_SERVICE_REGION

Expand Down
2 changes: 1 addition & 1 deletion example-workflows/gce/.github/workflows/gce.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ on:
- 'main'

env:
PROJECT_ID: ${{ secrets.GCE_PROJECT }}
PROJECT_ID: ${{ vars.GCE_PROJECT }}
GCE_INSTANCE: my-githubactions-vm # TODO: update to instance name
GCE_INSTANCE_ZONE: us-central1-a # TODO: update to instance zone

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ on:
- main

env:
PROJECT_ID: ${{ secrets.GKE_PROJECT }}
PROJECT_ID: ${{ vars.GKE_PROJECT }}
GAR_LOCATION: us-central1 # # TODO: update region of the Artifact Registry
GKE_CLUSTER: cluster-1 # TODO: update to cluster name
GKE_ZONE: us-central1-c # TODO: update to cluster zone
Expand Down
2 changes: 1 addition & 1 deletion example-workflows/gke/.github/workflows/gke.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ on:
- main

env:
PROJECT_ID: ${{ secrets.GKE_PROJECT }}
PROJECT_ID: ${{ vars.GKE_PROJECT }}
GKE_CLUSTER: cluster-1 # TODO: update to cluster name
GKE_ZONE: europe-central2-a # TODO: update to cluster zone
DEPLOYMENT_NAME: gke-hello-app # TODO: update deployment name if changed in deployment.yaml
Expand Down

0 comments on commit 4e64424

Please sign in to comment.