search

gradle / gradle-build-action

Execute your Gradle build and trigger dependency submission
https://github.com/marketplace/actions/gradle-build-action
MIT License
671 stars 97 forks source link

GCP - Workload identity federation #917

Closed mminiri closed 11 months ago

mminiri commented 12 months ago

Our setup:

Looks like it doesn't see Google credentials from runner where it can access GCS.

Does this action support the Workload Identity Federation?

bigdaz commented 11 months ago

Thanks for the report. The gradle-build-action doesn't have any explicit support for Workload Identity Federation (and I'd never heard of it before).

If you use the recommended approach of using the action to Setup Gradle, then the gradle-build-action should have a minimal impact on your build execution. Are you invoking Gradle outside of the gradle-build-action step, and NOT using the arguments parameter?

If you are using the arguments parameter, can you please test using a separate "execute Gradle" step?

So instead of:

   # DON'T DO THIS
   - name: Setup Gradle and execute Gradle 'build' task
      uses: gradle/gradle-build-action@v2
      with:
        arguments: build

You will have: 

    - name: Setup Gradle
      uses: gradle/gradle-build-action@v2

    - name: Execute Gradle build
      run: ./gradlew build
mminiri commented 11 months ago

Hi, it is not working that way either.

Found a working solution when maven artifacts are stored in the Google Artifact Registry instead of GCS Busket.

Thank you.

bigdaz commented 11 months ago

@mminiri Thanks, and glad you got it working. I really don't understand how the Setup Gradle step would cause the build to fail, since it's just adding some init-scripts and enabling caching. I guess you're happy because you have things working, but it would be interesting to know the underlying cause is.

One thing you could try, if interested, is to disable caching in the "Setup Gradle" step.