github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added a guide to allow workload identity federation in other repos

Browse Source
This commit is contained in:
Andrew Dryga
2023-10-06 09:43:39 -06:00
parent 8c219c64c9
commit 7aadffa223
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
.github/README.md vendored Normal file
View File

@@ -0,0 +1,17 @@
# CI Tips and Tricks
## Adding a new repository to Google Cloud workload identity
We are using a separate Google Cloud project for GitHub Actions workload
federation, if you need `auth` action to work from a new repo - it needs to be
added to the principal set of a GitHub Actions service account:
```
export REPO="firezone/firezone"
gcloud iam service-accounts add-iam-policy-binding "github-actions@github-iam-387915.iam.gserviceaccount.com" \
--project="github-iam-387915" \
--role="roles/iam.workloadIdentityUser" \
--member="principalSet://iam.googleapis.com/projects/397012414171/locations/global/workloadIdentityPools/github-actions-pool/attribute.repository/${REPO}"
```
for more details see https://github.com/google-github-actions/auth.