search

google-github-actions / auth

A GitHub Action for authenticating to Google Cloud.
https://cloud.google.com/iam
Apache License 2.0
968 stars 207 forks source link

"create_credentials_file" option #395

Closed that70schris closed 9 months ago

that70schris commented 9 months ago

https://github.com/google-github-actions/auth/blob/51342a1a91dfd798639e5ce9c0c4fde05bb24f6a/src/main.ts#L171

I'm a bit confused by this warning: 

The "create_credentials_file" option is true, but the current GitHub workspace is empty. Did you forget to use "actions/checkout" before this step? If you do not intend to share authentication with future steps in this job, set "create_credentials_file" to false.

is a bit confusing. In my case I do need the credentials file for get-gke-credentials, but have no need to checkout the code. example:

name: Rollout

env:
  IMAGE: us-docker.pkg.dev/${{ vars.GCP_PROJECT }}/main/${{ inputs.image }}
  TAG: ${{ github.ref_type == 'tag' && github.ref_name || github.sha }}

on:
  workflow_call:
    inputs:
      image:
        description: Name of image to use
        required: true
        type: string
      resource:
        description: Name of the cloud resource
        required: true
        type: string
      type:
        description: Kubernetes resource type
        default: deployment
        type: string
      target:
        description: Dockerfile target
        type: string

jobs:
  rollout:
    name: Rollout ${{ inputs.image }} to ${{ inputs.resource }}
    environment: ${{ github.ref_type == 'tag' && 'production' || github.ref_name }}
    runs-on: ubuntu-latest
    steps:
      - name: GCP auth
        uses: google-github-actions/auth@v2
        with:
          credentials_json: ${{ secrets.GCP }}

      - name: GKE auth
        uses: google-github-actions/get-gke-credentials@v2
        with:
          cluster_name: main
          location: us-central1

      - name: Rollout
        run: kubectl set image ${{ inputs.type }} ${{ inputs.resource }}
          main=${{ env.IMAGE }}:${{ env.TAG }}
          ${{ inputs.target == 'run-subscriber' && 'dead-letter-subscriber=$IMAGE:$TAG' || '' }}

      - name: Check Rollout Status
        if: ${{ inputs.type == 'deployment' }}
        run: kubectl rollout status deployment ${{ inputs.resource }}
github-actions[bot] commented 9 months ago

Hi there @that70schris :wave:!

Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.

sethvargo commented 9 months ago

"Checkout" also creates the shared working directory which is shared with later steps. You can also touch $GITHUB_WORKSPACE in a bash script.

that70schris commented 9 months ago

@sethvargo right but it seems I don't need the shared working directory? however I do need the file. To be clear the script I shared is working just fine, but with that warning message. If I add create_credentials_file: false it fails