Skip to content

Commit

Permalink
Feat: Added GCP authentication more inputs (#139)
Browse files Browse the repository at this point in the history
  • Loading branch information
Tanveer143s authored Jun 14, 2024
1 parent 3d06831 commit 7372b07
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 2 deletions.
6 changes: 6 additions & 0 deletions .github/workflows/terraform_workflow.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,11 @@ on:
required: false
type: string
description: 'ID of the default project to use for future API calls and invocations.'
create_credentials_file:
required: false
type: string
default: false
description: 'If true, the action will securely generate a credentials file which can be used for authentication via gcloud and Google Cloud SDKs.'
secrets:
AZURE_CREDENTIALS:
required: false
Expand Down Expand Up @@ -134,6 +139,7 @@ jobs:
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
create_credentials_file: ${{ inputs.create_credentials_file }}
token_format: ${{ inputs.token_format }}
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.SERVICE_ACCOUNT }}
Expand Down
38 changes: 37 additions & 1 deletion .github/workflows/tf-checks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,11 @@ on:
required: false
type: string
default: './examples/complete/'
provider:
required: true
type: string
default: gcp
description: 'Cloud provider to run the workflow. e.g. azurerm or aws or gcp'
terraform_version:
description: 'Terraform version to use. Leave empty for the latest version.'
required: false
Expand All @@ -24,6 +29,25 @@ on:
required: false
default: false
type: string
token_format:
required: false
type: string
default: access_token
description: 'Output format for the generated authentication token. For OAuth 2.0 access tokens, specify "access_token". For OIDC tokens, specify "id_token". To skip token generation, leave this value empty'
access_token_lifetime:
required: false
type: string
default: 300s
description: 'Desired lifetime duration of the access token, in seconds'
project_id:
required: false
type: string
description: 'ID of the default project to use for future API calls and invocations.'
create_credentials_file:
required: false
type: string
default: false
description: 'If true, the action will securely generate a credentials file which can be used for authentication via gcloud and Google Cloud SDKs.'
secrets:
AWS_ACCESS_KEY_ID:
description: 'aws access keys'
Expand All @@ -34,6 +58,12 @@ on:
GCP_CREDENTIALS:
description: 'The Google Cloud JSON service account key to use for authentication'
required: false
WORKLOAD_IDENTITY_PROVIDER:
required: false
description: 'The full identifier of the Workload Identity Provider'
SERVICE_ACCOUNT:
required: false
description: 'The service account to be used'


jobs:
Expand Down Expand Up @@ -84,10 +114,16 @@ jobs:
aws-region: us-east-1

- name: 'Authenticate to Google Cloud'
if: ${{ inputs.gcp_credentials == 'true' }}
if: ${{ inputs.provider == 'gcp' }}
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
create_credentials_file: ${{ inputs.create_credentials_file }}
token_format: ${{ inputs.token_format }}
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.SERVICE_ACCOUNT }}
access_token_lifetime: ${{ inputs.access_token_lifetime }}
project_id: ${{ inputs.project_id }}

# - Installing terraform version based on version extract.
- name: Install Terraform v${{ inputs.terraform_version || needs.versionExtract.outputs.maxVersion }}
Expand Down
8 changes: 7 additions & 1 deletion .github/workflows/tfdrift.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ on:
required: true
type: string
default: azurerm
description: 'Cloud provider to run the workflow. e.g. azurerm or aws'
description: 'Cloud provider to run the workflow. e.g. azurerm or aws or gcp'
aws_region:
required: false
type: string
Expand Down Expand Up @@ -41,6 +41,11 @@ on:
required: false
type: string
description: 'ID of the default project to use for future API calls and invocations.'
create_credentials_file:
required: false
type: string
default: false
description: 'If true, the action will securely generate a credentials file which can be used for authentication via gcloud and Google Cloud SDKs.'
secrets:
AZURE_CREDENTIALS:
required: false
Expand Down Expand Up @@ -117,6 +122,7 @@ jobs:
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
create_credentials_file: ${{ inputs.create_credentials_file }}
token_format: ${{ inputs.token_format }}
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.SERVICE_ACCOUNT }}
Expand Down

0 comments on commit 7372b07

Please sign in to comment.