test push

excute · Nov 13, 2023 · 0003b8f · 0003b8f
1 parent ba976ff
commit 0003b8f
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 30 deletions.
diff --git a/.github/workflows/cicd-branch-main.yml b/.github/workflows/cicd-branch-main.yml
@@ -47,10 +47,7 @@
 
 name: Build and Deploy to Cloud Run
 
-on:
-  push:
-    branches:
-      - $default-branch
+on: push
 
 env:
   PROJECT_ID: botchi
@@ -62,7 +59,7 @@ env:
   GOOGLE_SERVICE_ACCOUNT: ${{ secrets.GOOGLE_SERVICE_ACCOUNT }}
 
 jobs:
-  deploy:
+  build_and_push:
     # Add 'id-token' with the intended permissions for workload identity federation
     permissions:
       contents: "read"
@@ -81,6 +78,7 @@ jobs:
           workload_identity_provider: "${{ env.GOOGLE_WORKLOAD_IDENTITY_PROVIDER }}" # e.g. - projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider
           service_account: "${{ env.GOOGLE_SERVICE_ACCOUNT }}" # e.g. - [email protected]
 
+
       # NOTE: Alternative option - authentication via credentials json
       # - name: Google Auth
       #   id: auth
@@ -92,13 +90,13 @@ jobs:
       # BEGIN - Docker auth and build (NOTE: If you already have a container image, these Docker steps can be omitted)
 
       # Authenticate Docker to Google Cloud Artifact Registry
-      - name: Docker Auth
-        id: docker-auth
-        uses: "docker/login-action@v3"
-        with:
-          username: "oauth2accesstoken"
-          password: "${{ steps.auth.outputs.access_token }}"
-          registry: "${{ env.GAR_LOCATION }}-docker.pkg.dev"
+      # - name: Docker Auth
+      #   id: docker-auth
+      #   uses: "docker/login-action@v3"
+      #   with:
+      #     username: "oauth2accesstoken"
+      #     password: "${{ steps.auth.outputs.access_token }}"
+      #     registry: "${{ env.GAR_LOCATION }}-docker.pkg.dev"
 
       # NOTE: Alternative option - authentication via credentials json
       # - name: Docker Auth
@@ -109,26 +107,26 @@ jobs:
       #   username: _json_key
       #   password: ${{ secrets.GCP_CREDENTIALS }}
 
-      - name: Build and Push Container
-        run: |-
-          docker build -t "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE }}:${{ github.sha }}" ./
-          docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE }}:${{ github.sha }}"
+      # - name: Build and Push Container
+      #   run: |-
+      #     docker build -t "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE }}:${{ github.sha }}" ./
+      #     docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE }}:${{ github.sha }}"
 
       # END - Docker auth and build
 
-      - name: Deploy to Cloud Run
-        id: deploy
-        uses: google-github-actions/deploy-cloudrun@v0
-        with:
-          service: ${{ env.SERVICE }}
-          region: ${{ env.REGION }}
-          # NOTE: If using a pre-built image, update the image name here
-          image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE }}:${{ github.sha }}
-          # NOTE: You can also set env variables here:
-          #  env_vars: |
-          #  NODE_ENV=production
-          #  TOKEN_EXPIRE=6400
+      # - name: Deploy to Cloud Run
+      #   id: deploy
+      #   uses: google-github-actions/deploy-cloudrun@v0
+      #   with:
+      #     service: ${{ env.SERVICE }}
+      #     region: ${{ env.REGION }}
+      # NOTE: If using a pre-built image, update the image name here
+      # image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.SERVICE }}:${{ github.sha }}
+      # NOTE: You can also set env variables here:
+      #  env_vars: |
+      #  NODE_ENV=production
+      #  TOKEN_EXPIRE=6400
 
       # If required, use the Cloud Run url output in later steps
-      - name: Show Output
-        run: echo ${{ steps.deploy.outputs.url }}
+      # - name: Show Output
+      #   run: echo ${{ steps.deploy.outputs.url }}
diff --git a/.github/workflows/debug.yml b/.github/workflows/debug.yml
@@ -0,0 +1,21 @@
+on: push
+
+jobs:
+  oidc_debug_test:
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    name: A test of the oidc debugger
+    steps:
+      - name: Checkout actions-oidc-debugger
+        uses: actions/checkout@v3
+        with:
+          repository: github/actions-oidc-debugger
+          ref: main
+          token: ${{ secrets.GITHUB_TOKEN }}
+          path: ./.github/actions/actions-oidc-debugger
+      - name: Debug OIDC Claims
+        uses: ./.github/actions/actions-oidc-debugger
+        with:
+          audience: "https://github.com/github"
diff --git a/.github/workflows/get-oidc.yml b/.github/workflows/get-oidc.yml
@@ -0,0 +1,23 @@
+name: List services in GCP
+on: push
+
+jobs:
+  Get_OIDC_ID_token:
+    permissions:
+      contents: read
+      id-token: write
+
+    runs-on: ubuntu-latest
+    steps:
+      - id: "auth"
+        name: "Authenticate to GCP"
+        uses: "google-github-actions/auth@v1"
+        with:
+          create_credentials_file: "true"
+          workload_identity_provider: "${{ secrets.GOOGLE_WORKLOAD_IDENTITY_PROVIDER }}"
+          service_account: "${{ secrets.GOOGLE_SERVICE_ACCOUNT }}"
+      - id: "gcloud"
+        name: "gcloud"
+        run: |-
+          gcloud auth login --brief --cred-file="${{ steps.auth.outputs.credentials_file_path }}"
+          gcloud services list