Skip to content

Commit

Permalink
Add in needed GHA token permissions
Browse files Browse the repository at this point in the history 
Run-GHA: true
Signed-off-by: Margaret Lawson <[email protected]>
  • Loading branch information
@mlawsonca
mlawsonca committed Dec 5, 2024
1 parent 6c9950f commit 4aa9ffb
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions .github/workflows/gcp-rpm-build-and-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,10 @@ jobs:
# instead we assume success at the beginning and then let any axis that fails remove the
# lastSuccessfulBuild link if it fails
name: Create lastBuild and lastSuccessfulBuild symlinks
permissions:
statuses: write
contents: read
id-token: write
runs-on: [self-hosted, gcp]
steps:
- name: Authenticate to GCP
Expand All @@ -62,9 +66,11 @@ jobs:
with:
project_id: ${{ env.PROJECT_ID }}
workload_identity_provider: ${{ env.WIP_PROVIDER }}
- name: "Set up Cloud SDK"
uses: "google-github-actions/setup-gcloud@v2"
- name: Set up GCSFUSE
run: |
fusermount -u ${GCS_BUCKET_MOUNT_PT} || true
sudo fusermount -u ${GCS_BUCKET_MOUNT_PT} && sudo rm -fr /tmp/gcp_artifacts || true
mkdir -p "${GCS_BUCKET_MOUNT_PT}"
gcsfuse --implicit-dirs "${GCS_BUCKET}" "${GCS_BUCKET_MOUNT_PT}"
- name: Create lastBuild and lastSuccessfulBuild symlinks
Expand Down Expand Up @@ -104,6 +110,8 @@ jobs:
name: Build RPM
permissions:
statuses: write
contents: read
id-token: write
runs-on: [self-hosted, gcp]
needs: [Create-symlinks, Calc-rpm-build-matrix]
if: needs.Create-symlinks.result == 'success' &&
Expand Down Expand Up @@ -233,9 +241,11 @@ jobs:
with:
project_id: ${{ env.PROJECT_ID }}
workload_identity_provider: ${{ env.WIP_PROVIDER }}
- name: "Set up Cloud SDK"
uses: "google-github-actions/setup-gcloud@v2"
- name: Set up GCSFUSE
run: |
fusermount -u ${GCS_BUCKET_MOUNT_PT} || true
sudo fusermount -u ${GCS_BUCKET_MOUNT_PT} && sudo rm -fr /tmp/gcp_artifacts || true
mkdir -p "${GCS_BUCKET_MOUNT_PT}"
gcsfuse --implicit-dirs "${GCS_BUCKET}" "${GCS_BUCKET_MOUNT_PT}"
- name: Remove lastSuccessfulBuild link and exit failure
Expand Down

0 comments on commit 4aa9ffb

Please sign in to comment.