asraa
commented
2 years ago Might be able to work around this with gcloud storage
Closed asraa closed 2 years ago
asraa
commented
2 years ago Might be able to work around this with gcloud storage
Description
The sync job (https://github.com/sigstore/root-signing/blob/main/.github/workflows/sync.yml) uses google-auth action to authenticate to GCP. However, the job's been failing requiring manual updates the GCS bucket (https://github.com/sigstore/root-signing/actions/runs/1642206727) due to
"ServiceException: 401 Anonymous caller does not have storage.objects.create access to the Google Cloud Storage object."
despite being given GCS bucket ownership.
This is currently due to https://github.com/google-github-actions/setup-gcloud#workload-identity-federation-preferred