![](/img/trans.png)
[英]How to copy a generated file from a GitHub Actions workflow to a Cloud Function?
[英]Giving container the same permissions with the workflow in GitHub actions
我正在使用工作負載身份聯合來為我的工作流提供一些權限。
這似乎工作正常
- name: authenticate to gcp
id: auth
uses: 'google-github-actions/auth@v0'
with:
token_format: 'access_token'
workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.SERVICE_ACCOUNT_EMAIL }}
- run: gcloud projects list
即gcloud projects list
命令成功。
但是,在下一步中,我將在容器中運行相同的命令
- name: run container
run: docker run my-image:latest
並且該過程失敗(我暫時無法訪問日志,但它肯定會失敗)
有沒有辦法讓創建的容器具有與工作流相同的身份驗證上下文?
我是否需要綁定掛載一些生成的令牌?
auth
操作提供的選項) - name: authenticate to gcp
id: auth
uses: 'google-github-actions/auth@v0'
with:
token_format: 'access_token'
workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.SERVICE_ACCOUNT_EMAIL }}
create_credentials_file: true
# needed in the docker volume creation so that it is read
# by the user with which the image runs (not root)
- name: change permissions of credentials file
shell: bash
run: chmod 775 $GOOGLE_GHA_CREDS_PATH
gcloud auth login
- name: docker run
run: |
docker run \
-v $GOOGLE_GHA_CREDS_PATH:${{ env.CREDENTIALS_MOUNT_PATH }} \
--entrypoint sh \
${{ env.CLUSTER_SCALING_IMAGE }} \
-c "gcloud auth login --cred-file=${{ env.CREDENTIALS_MOUNT_PATH }} && do whatever"
入口點當然可以相應地修改以支持上述情況
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.