Skip to content

Commit

Permalink
Authorise workflows to GCP
Browse files Browse the repository at this point in the history
  • Loading branch information
saliceti committed Dec 6, 2024
1 parent a4e2cbb commit 35bcafc
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 2 deletions.
5 changes: 5 additions & 0 deletions .github/workflows/actions/deploy/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,11 @@ runs:
;;
esac
- uses: google-github-actions/auth@v2
with:
project_id: get-into-teaching
workload_identity_provider: projects/574582782335/locations/global/workloadIdentityPools/schools-experience/providers/schools-experience

- name: Use Terraform ${{ env.TERRAFORM_VERSION }}
uses: hashicorp/setup-terraform@v3
with:
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ permissions:
issues: write
packages: write
pull-requests: write
id-token: write

env:
code-coverage-artifact-name: code_coverage_${{github.run_number}}_${{github.run_attempt}}
Expand Down Expand Up @@ -382,6 +383,7 @@ jobs:
concurrency: ${{matrix.environment}}_${{github.event.number}}
needs: [prepare]
runs-on: ubuntu-latest

steps:
- name: Check out the repo
uses: actions/checkout@v4
Expand Down Expand Up @@ -544,7 +546,6 @@ jobs:
echo "::add-mask::$SECRET_VALUE"
echo "SLACK-WEBHOOK=$SECRET_VALUE" >> $GITHUB_OUTPUT
- name: Slack Notification
if: failure()
uses: rtCamp/action-slack-notify@master
Expand Down
10 changes: 10 additions & 0 deletions .github/workflows/destroy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@ on:
pull_request:
types: [closed]

permissions:
id-token: write
pull-requests: write

jobs:
destroy:
name: Destroy
Expand All @@ -16,13 +20,19 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Set Environment variables
shell: bash
run: |
tf_vars_file=terraform/aks/config/review.tfvars.json
terraform_version=$(awk '/{/{f=/^terraform/;next}f' terraform/aks/terraform.tf | grep -o [0-9\.]*)
echo "TERRAFORM_VERSION=$terraform_version" >> $GITHUB_ENV
- uses: google-github-actions/auth@v2
with:
project_id: get-into-teaching
workload_identity_provider: projects/574582782335/locations/global/workloadIdentityPools/schools-experience/providers/schools-experience

- name: Use Terraform ${{ env.TERRAFORM_VERSION }}
uses: hashicorp/setup-terraform@v3
with:
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/manual.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ on:
description: Release Tag
required: true

permissions:
id-token: write

jobs:
manual:
name: Deploy to ${{github.event.inputs.environment}}
Expand All @@ -31,7 +34,7 @@ jobs:
- uses: Azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

- name: Fetch slack token
uses: azure/CLI@v2
id: fetch-slack-secret
Expand Down

0 comments on commit 35bcafc

Please sign in to comment.