Skip to content

Commit

Permalink
Fix ADC documentation, issue#685 (#686)
Browse files Browse the repository at this point in the history
<!--
Thank you for proposing a pull request! Please note that SOME TESTS WILL
LIKELY FAIL due to how GitHub exposes secrets in Pull Requests from
forks.
Someone from the team will review your Pull Request and respond.

Please describe your change and any implementation details below.
-->
Fixes to readme for inaccurate guidance on setting Application Default
Credentials.
#685

---------

Signed-off-by: eeaton <ellioteaton@gmail.com>
  • Loading branch information
eeaton authored Apr 4, 2024
1 parent 87fba63 commit f989621
Showing 1 changed file with 11 additions and 7 deletions.
18 changes: 11 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -114,9 +114,11 @@ jobs:

## Authorization

This action installs the Cloud SDK (`gcloud`). To configure its authentication
to Google Cloud, use the [google-github-actions/auth][auth] action. You can
authenticate via:
The `setup-gcloud` action installs the Cloud SDK (`gcloud`). To configure its authentication
to Google Cloud, you must first use the [google-github-actions/auth][auth] action. The `auth`
action sets [Application Default Credentials][adc], then the `setup-gcloud` action references
these credentials to configure [gcloud credentials][gcloud-credentials] . You can
authenticate via the following options:

### Workload Identity Federation (preferred)

Expand Down Expand Up @@ -163,10 +165,11 @@ jobs:
run: 'gcloud info'
```

### Application Default Credentials
### Self-hosted runners on Google Cloud Platform

If and only if you are using self-hosted runners that are hosted on Google Cloud Platform,
the Cloud SDK will automatically authenticate using the machine credentials:
If you are using self-hosted runners that are hosted on Google Cloud Platform, credentials
are automatically obtained from the service account attached to the runner.
In this scenario, you do not need to run the [google-github-actions/auth][auth] action.

```yaml
jobs:
Expand Down Expand Up @@ -243,9 +246,10 @@ explicitly updating your version number. Note that we only publish `MAJOR` and

[github-action]:https://help.github.com/en/categories/automating-your-workflow-with-github-actions
[auth]: https://github.com/google-github-actions/auth
[adc]: https://cloud.google.com/docs/authentication/production
[adc]: https://cloud.google.com/docs/authentication/application-default-credentials
[sdk]: https://cloud.google.com/sdk/
[gcloud]: https://cloud.google.com/sdk/gcloud/
[gcloud-credentials]: https://cloud.google.com/docs/authentication/gcloud#gcloud-credentials
[gsutil]: https://cloud.google.com/storage/docs/gsutil
[sa-iam-docs]: https://cloud.google.com/iam/docs/service-accounts
[sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts
Expand Down

0 comments on commit f989621

Please sign in to comment.