Skip to content

Setup workload identity federation, using github as provider #24

Setup workload identity federation, using github as provider

Setup workload identity federation, using github as provider #24

Workflow file for this run

name: CI & Plan
on:
pull_request:
jobs:
build:
# The permissions are necessary for the google-github-actions/auth@v2 action
permissions:
contents: read
id-token: write
runs-on: [ubuntu-latest]
steps:
- uses: actions/checkout@v4
- uses: google-github-actions/auth@v2
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
workload_identity_provider: ${{ secrets.STATE_BUCKET_ACCESS_WIF_PROVIDER }}
- uses: hashicorp/setup-terraform@v3
- id: init
env:
TF_VAR_github_token: ${{ secrets.API_ACCESS_TOKEN }}
TF_VAR_project_id: ${{ secrets.GCP_PROJECT_ID }}
TF_IN_AUTOMATION: 'true'
TF_LOG: 'DEBUG'
run: |
terraform init -backend-config="impersonate_service_account=${{ secrets.STATE_SERVICE_ACCOUNT_ID }}"
- id: plan
run: terraform plan -no-color
- run: echo ${{ steps.plan.outputs.stdout }}
- run: echo ${{ steps.plan.outputs.stderr }}
- run: echo ${{ steps.plan.outputs.exitcode }}