search

kyma-project / test-infra

Test infrastructure for the Kyma project.
https://status.build.kyma-project.io/
Apache License 2.0
38 stars 181 forks source link

Get access to the GCP kyma-project to migrate release-template-operator-assets from the Neighbors Prow #9925

Closed nesmabadr closed 2 weeks ago

nesmabadr commented 6 months ago

Description

As a part of the prow jobs migration from the Neighbors's Prow, we wanted to migrate the release-template-operator-assets to a Github Action in the Template Operator repo. But for this we need to get access to the kyma-project since we are using the Github action, so we need to have a service account name, a workload identity provider and to give our repo some access to the GCP project.

specifically: Assign principalset://iam.googleapis.com/projects/718973091829/locations/global/workloadIdentityPools/github-action/attribute.repository/kyma-project/template-operator as Service Account Token Creator as well as Workload Identity User

Reasons

To allow the job to work correctly with GitHub Actions

Acceptance Criteria

This is blocking https://github.com/kyma-project/test-infra/issues/9495 Attachments

TorstenD-SAP commented 5 months ago

Only pipelines/jobs/actions/... controlled by the Neighbors are allowed to upload images to our registry, especially the productive one. We can think about providing some kind of dev registry to cache images for testing purposes (if this makes sense?). The images from this dev registry must not reach the productive registry!

Sawthis commented 2 weeks ago

https://github.com/kyma-project/test-infra/issues/9925#issuecomment-2049282177