From 5f2d53ed915a3125d5af8b4028468fae10582b67 Mon Sep 17 00:00:00 2001
From: Ethan <39577870+ethanndickson@users.noreply.github.com>
Date: Tue, 12 Aug 2025 22:02:56 +1000
Subject: [PATCH] ci: fix gcp service accounts (#19312)
Service accounts got deleted, oops
---
.github/workflows/ci.yaml | 16 ++++++++--------
.github/workflows/dogfood.yaml | 4 ++--
.github/workflows/pr-deploy.yaml | 2 +-
.github/workflows/release.yaml | 8 ++++----
4 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index fbc34b0dfb6ec..a7fad297a8304 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -256,8 +256,8 @@ jobs:
pushd /tmp/proto
curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.4/protoc-23.4-linux-x86_64.zip
unzip protoc.zip
- cp -r ./bin/* /usr/local/bin
- cp -r ./include /usr/local/bin/include
+ sudo cp -r ./bin/* /usr/local/bin
+ sudo cp -r ./include /usr/local/bin/include
popd
- name: make gen
@@ -869,8 +869,8 @@ jobs:
pushd /tmp/proto
curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.4/protoc-23.4-linux-x86_64.zip
unzip protoc.zip
- cp -r ./bin/* /usr/local/bin
- cp -r ./include /usr/local/bin/include
+ sudo cp -r ./bin/* /usr/local/bin
+ sudo cp -r ./include /usr/local/bin/include
popd
- name: Setup Go
@@ -1123,8 +1123,8 @@ jobs:
id: gcloud_auth
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
with:
- workload_identity_provider: ${{ secrets.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }}
- service_account: ${{ secrets.GCP_CODE_SIGNING_SERVICE_ACCOUNT }}
+ workload_identity_provider: ${{ vars.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }}
+ service_account: ${{ vars.GCP_CODE_SIGNING_SERVICE_ACCOUNT }}
token_format: "access_token"
- name: Setup GCloud SDK
@@ -1427,8 +1427,8 @@ jobs:
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
with:
- workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
- service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com
+ workload_identity_provider: ${{ vars.GCP_WORKLOAD_ID_PROVIDER }}
+ service_account: ${{ vars.GCP_SERVICE_ACCOUNT }}
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@6a7c903a70c8625ed6700fa299f5ddb4ca6022e9 # v2.1.5
diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml
index bafdb5fb19767..9fcb286b8539e 100644
--- a/.github/workflows/dogfood.yaml
+++ b/.github/workflows/dogfood.yaml
@@ -131,8 +131,8 @@ jobs:
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
with:
- workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
- service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com
+ workload_identity_provider: ${{ vars.GCP_WORKLOAD_ID_PROVIDER }}
+ service_account: ${{ vars.GCP_SERVICE_ACCOUNT }}
- name: Terraform init and validate
run: |
diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index c82861db22094..7c9f78ca4d1a3 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -420,7 +420,7 @@ jobs:
curl -fsSL "$URL" -o "${DEST}"
chmod +x "${DEST}"
"${DEST}" version
- mv "${DEST}" /usr/local/bin/coder
+ sudo mv "${DEST}" /usr/local/bin/coder
- name: Create first user
if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true'
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 6ea28ad87a90c..da18f1b312dba 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -288,8 +288,8 @@ jobs:
id: gcloud_auth
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
with:
- workload_identity_provider: ${{ secrets.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }}
- service_account: ${{ secrets.GCP_CODE_SIGNING_SERVICE_ACCOUNT }}
+ workload_identity_provider: ${{ vars.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }}
+ service_account: ${{ vars.GCP_CODE_SIGNING_SERVICE_ACCOUNT }}
token_format: "access_token"
- name: Setup GCloud SDK
@@ -698,8 +698,8 @@ jobs:
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@140bb5113ffb6b65a7e9b937a81fa96cf5064462 # v2.1.11
with:
- workload_identity_provider: ${{ secrets.GCP_WORKLOAD_ID_PROVIDER }}
- service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
+ workload_identity_provider: ${{ vars.GCP_WORKLOAD_ID_PROVIDER }}
+ service_account: ${{ vars.GCP_SERVICE_ACCOUNT }}
- name: Setup GCloud SDK
uses: google-github-actions/setup-gcloud@6a7c903a70c8625ed6700fa299f5ddb4ca6022e9 # 2.1.5
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy