gha-creds file getting pushed to the storage

[harshitaXerox]

TL;DR

Hi Team,

The gha-creds* file is also getting pushed to the cloud storage along with the build folder.

Could you please check and let us know if by any chance we can ignore this file.

• id: 'auth' uses: 'google-github-actions/auth@v0' with: credentials_json: '${{ secrets.***}}' export_environment_variables: false

  • id: 'upload-folder' uses: 'google-github-actions/upload-cloud-storage@v1' with: path: '.' destination: 'carear-metroplex-portal' parent: false process_gcloudignore: true

Thanks Harshita

Expected behavior

No response

Observed behavior

No response

Action YAML

name: Move to Firebase storage on workflow_dispatch
'on': 
 workflow_dispatch:
    inputs:
      environment:
        description: 'Environment'
        required: true
        default: 'metroplex'

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
          path: main
      - name: Checkout ex builder repo
        uses: actions/checkout@v3
        with:
          repository: carear-io/CareARExperienceBuilder
          path: CareARExperienceBuilder
          ref: ${{ github.event.inputs.experiencebuilderbranch  }} 
          token: ${{ secrets.GIT_ACCESSTOKEN_CICD }}

 [[ here we have the logic to build the app]

      - name: Upload Artifact
        uses: actions/upload-artifact@master
        with:
          name: build
          path: ./main/build

  deploy:
    name: Deploy
    needs: [build]
    runs-on: ubuntu-latest
    steps:
      - name: Download the build output
        uses: actions/download-artifact@v3
        with:
          name: build

      - id: 'auth'
        uses: 'google-github-actions/auth@v0'
        with:
           credentials_json: '${{ secrets.FIREBASE_CAREAR_METROPLEX}}'    

      - id: 'upload-folder'
        uses: 'google-github-actions/upload-cloud-storage@v1'
        with:
          path: '.'
          destination: 'carear-metroplex-portal' 
          parent: false
          process_gcloudignore: true

Log output

No response

Additional information

No response

[sethvargo]

https://github.com/google-github-actions/auth/blob/main/docs/TROUBLESHOOTING.md#dirty-git-or-bundled-credentials

[harshitaXerox]

I tried with google-github-actions/auth@v1 but still the gha-creds file is getting pushed along with the artifact.

[sethvargo]

Is it in your .gcloudignore?

[harshitaXerox]

yes it is

[sethvargo]

Hmm - okay.

• Could you please show your .gcloudignore and .gitignore for this repo?

• Could you please show the entire repo structure (tree on Linux systems)

• Could you please provide the debug output for the complete GitHub Actions workflow run?

[harshitaXerox]

Hi Seth,

Here are all the details that you have asked for...

Thanks

logs_2047.zip

[sethvargo]

Hi @harshitaXerox - those are not the debug logs - there are no debug statements. You need to enable debug logging as shown here and re-run your workflow.

[harshitaXerox]

Hi @sethvargo here are the debug logs logs_2061.zip

[sethvargo]

Hi @harshitaXerox - those are still not debug logs. You must set ACTIONS_RUNNER_DEBUG to true andACTIONS_STEP_DEBUGtotrue` as secrets and then re-run the workflow.

[harshitaXerox]

Here are the logs after setting both ACTIONS_RUNNER_DEBUG to true and ACTIONS_STEP_DEBUG to true. logs_2063.zip

[sethvargo]

You aren't checking out the repository in the deploy step, so the .gcloudignore isn't present. Specifically, $GITHUB_WORKSPACE is not set, so the action does not know where to look for a gcloud ignore.