Skip to content

Commit b1e8f0a

Browse files
ethanndicksonethanndickson
authored
ci: fix gcp service accounts (#19312) (#19314)
Backport of #19312
1 parent 1be409c commit b1e8f0a

File tree

4 files changed

+15
-15
lines changed

4 files changed

+15
-15
lines changed

.github/workflows/ci.yaml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -256,8 +256,8 @@ jobs:
256256
pushd /tmp/proto
257257
curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.4/protoc-23.4-linux-x86_64.zip
258258
unzip protoc.zip
259-
cp -r ./bin/* /usr/local/bin
260-
cp -r ./include /usr/local/bin/include
259+
sudo cp -r ./bin/* /usr/local/bin
260+
sudo cp -r ./include /usr/local/bin/include
261261
popd
262262
263263
- name: make gen
@@ -988,8 +988,8 @@ jobs:
988988
pushd /tmp/proto
989989
curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.4/protoc-23.4-linux-x86_64.zip
990990
unzip protoc.zip
991-
cp -r ./bin/* /usr/local/bin
992-
cp -r ./include /usr/local/bin/include
991+
sudo cp -r ./bin/* /usr/local/bin
992+
sudo cp -r ./include /usr/local/bin/include
993993
popd
994994
995995
- name: Setup Go
@@ -1225,8 +1225,8 @@ jobs:
12251225
id: gcloud_auth
12261226
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
12271227
with:
1228-
workload_identity_provider: ${{ secrets.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }}
1229-
service_account: ${{ secrets.GCP_CODE_SIGNING_SERVICE_ACCOUNT }}
1228+
workload_identity_provider: ${{ vars.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }}
1229+
service_account: ${{ vars.GCP_CODE_SIGNING_SERVICE_ACCOUNT }}
12301230
token_format: "access_token"
12311231

12321232
- name: Setup GCloud SDK
@@ -1526,8 +1526,8 @@ jobs:
15261526
- name: Authenticate to Google Cloud
15271527
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
15281528
with:
1529-
workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
1530-
service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com
1529+
workload_identity_provider: ${{ vars.GCP_WORKLOAD_ID_PROVIDER }}
1530+
service_account: ${{ vars.GCP_SERVICE_ACCOUNT }}
15311531

15321532
- name: Set up Google Cloud SDK
15331533
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4

.github/workflows/dogfood.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -131,8 +131,8 @@ jobs:
131131
- name: Authenticate to Google Cloud
132132
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
133133
with:
134-
workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
135-
service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com
134+
workload_identity_provider: ${{ vars.GCP_WORKLOAD_ID_PROVIDER }}
135+
service_account: ${{ vars.GCP_SERVICE_ACCOUNT }}
136136

137137
- name: Terraform init and validate
138138
run: |

.github/workflows/pr-deploy.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -420,7 +420,7 @@ jobs:
420420
curl -fsSL "$URL" -o "${DEST}"
421421
chmod +x "${DEST}"
422422
"${DEST}" version
423-
mv "${DEST}" /usr/local/bin/coder
423+
sudo mv "${DEST}" /usr/local/bin/coder
424424
425425
- name: Create first user
426426
if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true'

.github/workflows/release.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -288,8 +288,8 @@ jobs:
288288
id: gcloud_auth
289289
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
290290
with:
291-
workload_identity_provider: ${{ secrets.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }}
292-
service_account: ${{ secrets.GCP_CODE_SIGNING_SERVICE_ACCOUNT }}
291+
workload_identity_provider: ${{ vars.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }}
292+
service_account: ${{ vars.GCP_CODE_SIGNING_SERVICE_ACCOUNT }}
293293
token_format: "access_token"
294294

295295
- name: Setup GCloud SDK
@@ -698,8 +698,8 @@ jobs:
698698
- name: Authenticate to Google Cloud
699699
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
700700
with:
701-
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_ID_PROVIDER }}
702-
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
701+
workload_identity_provider: ${{ vars.GCP_WORKLOAD_ID_PROVIDER }}
702+
service_account: ${{ vars.GCP_SERVICE_ACCOUNT }}
703703

704704
- name: Setup GCloud SDK
705705
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # 2.1.4

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy