Skip to content

Commit 939b716

Browse files
anth-volkanth-volk
committed
Use direct WIF auth in workflows
1 parent 7e82993 commit 939b716

2 files changed

Lines changed: 0 additions & 24 deletions

File tree

.github/workflows/pr.yml

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -63,16 +63,10 @@ jobs:
6363
with:
6464
python-version: "3.12"
6565
- name: Auth
66-
if: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER != '' && secrets.GCP_DEPLOY_SERVICE_ACCOUNT != '' }}
6766
uses: google-github-actions/auth@v2
6867
with:
6968
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
7069
service_account: ${{ secrets.GCP_DEPLOY_SERVICE_ACCOUNT }}
71-
- name: Auth (fallback)
72-
if: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER == '' || secrets.GCP_DEPLOY_SERVICE_ACCOUNT == '' }}
73-
uses: google-github-actions/auth@v2
74-
with:
75-
credentials_json: ${{ secrets.GCP_SA_KEY }}
7670
- name: Wait until policyengine_us version is available on PyPI
7771
run: .github/wait-for-pypi.sh
7872
- name: Install dependencies
@@ -102,16 +96,10 @@ jobs:
10296
- name: Start Redis
10397
run: sudo systemctl start redis-server
10498
- name: Auth
105-
if: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER != '' && secrets.GCP_DEPLOY_SERVICE_ACCOUNT != '' }}
10699
uses: google-github-actions/auth@v2
107100
with:
108101
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
109102
service_account: ${{ secrets.GCP_DEPLOY_SERVICE_ACCOUNT }}
110-
- name: Auth (fallback)
111-
if: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER == '' || secrets.GCP_DEPLOY_SERVICE_ACCOUNT == '' }}
112-
uses: google-github-actions/auth@v2
113-
with:
114-
credentials_json: ${{ secrets.GCP_SA_KEY }}
115103
- name: Set up Cloud SDK
116104
uses: google-github-actions/setup-gcloud@v2
117105
with:

.github/workflows/push.yml

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -133,16 +133,10 @@ jobs:
133133
run: |
134134
echo "version=staging-${GITHUB_RUN_NUMBER}-${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT"
135135
- name: GCP authentication
136-
if: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER != '' && secrets.GCP_DEPLOY_SERVICE_ACCOUNT != '' }}
137136
uses: "google-github-actions/auth@v2"
138137
with:
139138
workload_identity_provider: "${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}"
140139
service_account: "${{ secrets.GCP_DEPLOY_SERVICE_ACCOUNT }}"
141-
- name: GCP authentication (fallback)
142-
if: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER == '' || secrets.GCP_DEPLOY_SERVICE_ACCOUNT == '' }}
143-
uses: "google-github-actions/auth@v2"
144-
with:
145-
credentials_json: "${{ secrets.GCP_SA_KEY }}"
146140
- name: Set up GCloud
147141
uses: "google-github-actions/setup-gcloud@v2"
148142
- name: Validate App Engine deployment configuration
@@ -249,16 +243,10 @@ jobs:
249243
run: |
250244
echo "version=prod-${GITHUB_RUN_NUMBER}-${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT"
251245
- name: GCP authentication
252-
if: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER != '' && secrets.GCP_DEPLOY_SERVICE_ACCOUNT != '' }}
253246
uses: "google-github-actions/auth@v2"
254247
with:
255248
workload_identity_provider: "${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}"
256249
service_account: "${{ secrets.GCP_DEPLOY_SERVICE_ACCOUNT }}"
257-
- name: GCP authentication (fallback)
258-
if: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER == '' || secrets.GCP_DEPLOY_SERVICE_ACCOUNT == '' }}
259-
uses: "google-github-actions/auth@v2"
260-
with:
261-
credentials_json: "${{ secrets.GCP_SA_KEY }}"
262250
- name: Set up GCloud
263251
uses: "google-github-actions/setup-gcloud@v2"
264252
- name: Validate App Engine deployment configuration

0 commit comments

Comments
 (0)