Comments (4)
Hi there @mering ๐!
Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.
from auth.
Hi @mering - thank you for opening an issue.
The auth
action exports the GOOGLE_APPLICATION_CREDENTIALS
environment variable, which all well-behaved Google Cloud client libraries respect.
As for why the credentials are stored in the workspace, it's the workspace is one of the only places that is reliably shared with Docker-based actions. We've explored environment variables and alternative file paths, but they all come with trade-offs, particularly around self-hosted runner threat models. Last time we tried to "fix" this, we accidentally broke all Docker-based actions.
For Service Account Key JSON, you could theoretically not use this entire action and just write the JSON file to disk and set $GOOGLE_APPLICATION_CREDENTIALS.
It would be nice if we could replace this step by using google-
github-actions/auth
action instead.
Have you tried? It looks like --google-default-credentials
should "just work".
See also: #109, #123, #134, #212, #264, #315, #316, #333
from auth.
Hi @sethvargo, thanks for your explanation.
As we do sometimes overwrite our workspace or publish packages via wildcards, extra care would need to be taken in our setup when the key is stored within the workspace.
While do currently do use only the SA JSON key, we plan to migrate towards WIF in the future so it might be a good intermediate step.
Maybe I will try to set credentials_file_path
to some location outside of the workspace and see if this just works.
from auth.
Hi @mering - credentials_file_path
is an output, not an input.
You could move the file somewhere else, but you'd need to update all the associated environment variables to the new path.
As we do sometimes overwrite our workspace or publish packages via wildcards, extra care would need to be taken in our setup when the key is stored within the workspace.
There are instructions in the TROUBLESHOOTING guide for excluding the credentials from a git push or docker build, for example.
from auth.
Related Issues (20)
- Add support for access tokens HOT 7
- Export GOOGLE_CREDENTIALS for Terraform HOT 2
- A request regarding inter-project authentication HOT 2
- Doc missing something? HOT 8
- google-github-actions/auth@v1 works but v2 doesn't HOT 6
- Disable warning ยจDid you forget to use "actions/checkout" before this step?ยจ HOT 7
- Google Cloud Service Account Key JSON not working HOT 2
- The mapped attribute 'google.subject' must be of type STRING. HOT 2
- WorkloadIDentityPoolProvider ID error message on create-oidc is dubious at best. HOT 2
- Circular dependency when loading GitHub app private keys from Google Secret Manager HOT 4
- Impersonation issues for Google Workspace HOT 20
- Retry options seem to be deprecated, but not according to the docs HOT 1
- "create_credentials_file" option HOT 3
- Java cannot find certification path HOT 5
- Local testing HOT 3
- GKE WLI to authenticate as another service account HOT 12
- gsutil isn't authenticated HOT 16
- cant use credentials_json after an hour and half HOT 3
- Typo in Readme HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth.