Skip to content

Commit

Permalink
add gcloud auth setup to docker provider for pulumi/pulumi-docker#505 (
Browse files Browse the repository at this point in the history
  • Loading branch information
jazzyfresh authored Mar 1, 2023
1 parent 634866f commit 81138cd
Show file tree
Hide file tree
Showing 12 changed files with 152 additions and 0 deletions.
8 changes: 8 additions & 0 deletions provider-ci/providers/docker/config.yaml
Original file line number Diff line number Diff line change
@@ -1,13 +1,21 @@
provider: docker
major-version: 4
aws: true
gcp: true
env:
AWS_REGION: us-west-2
ARM_CLIENT_ID: "30e520fa-12b4-4e21-b473-9426c5ac2e1e"
ARM_SUBSCRIPTION_ID: "0282681f-7a9e-424b-80b2-96babd57a8a1"
ARM_TENANT_ID: "706143bc-e1d4-4593-aee2-c9dc60ab9be7"
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
AZURE_LOCATION: westus
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected]
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
PULUMI_GO_DEP_ROOT: /home/runner/work/pulumi-docker
upstream-provider-org: kreuzwerker
makeTemplate: bridged
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,13 @@ env:
6.0.x
3.1.301
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected]
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
GOVERSION: 1.19.x
JAVAVERSION: "11"
NODEVERSION: 16.x
Expand Down
21 changes: 21 additions & 0 deletions provider-ci/providers/docker/repo/.github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,13 @@ env:
6.0.x
3.1.301
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected]
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
GOVERSION: 1.19.x
JAVAVERSION: "11"
NODEVERSION: 16.x
Expand Down Expand Up @@ -565,6 +572,20 @@ jobs:
role-duration-seconds: 3600
role-session-name: ${{ env.PROVIDER }}@githubActions
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v0
with:
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@v0
with:
install_components: gke-gcloud-auth-plugin
- name: Login to Google Cloud Registry
run: gcloud --quiet auth configure-docker
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
Expand Down
21 changes: 21 additions & 0 deletions provider-ci/providers/docker/repo/.github/workflows/master.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,13 @@ env:
6.0.x
3.1.301
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected]
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
GOVERSION: 1.19.x
JAVAVERSION: "11"
NODEVERSION: 16.x
Expand Down Expand Up @@ -565,6 +572,20 @@ jobs:
role-duration-seconds: 3600
role-session-name: ${{ env.PROVIDER }}@githubActions
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v0
with:
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@v0
with:
install_components: gke-gcloud-auth-plugin
- name: Login to Google Cloud Registry
run: gcloud --quiet auth configure-docker
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
Expand Down
21 changes: 21 additions & 0 deletions provider-ci/providers/docker/repo/.github/workflows/prerelease.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,13 @@ env:
6.0.x
3.1.301
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected]
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
GOVERSION: 1.19.x
IS_PRERELEASE: true
JAVAVERSION: "11"
Expand Down Expand Up @@ -515,6 +522,20 @@ jobs:
role-duration-seconds: 3600
role-session-name: ${{ env.PROVIDER }}@githubActions
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v0
with:
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@v0
with:
install_components: gke-gcloud-auth-plugin
- name: Login to Google Cloud Registry
run: gcloud --quiet auth configure-docker
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,13 @@ env:
6.0.x
3.1.301
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected]
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
GOVERSION: 1.19.x
JAVAVERSION: "11"
NODEVERSION: 16.x
Expand Down
21 changes: 21 additions & 0 deletions provider-ci/providers/docker/repo/.github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,13 @@ env:
6.0.x
3.1.301
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected]
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
GOVERSION: 1.19.x
JAVAVERSION: "11"
NODEVERSION: 16.x
Expand Down Expand Up @@ -541,6 +548,20 @@ jobs:
role-duration-seconds: 3600
role-session-name: ${{ env.PROVIDER }}@githubActions
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v0
with:
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@v0
with:
install_components: gke-gcloud-auth-plugin
- name: Login to Google Cloud Registry
run: gcloud --quiet auth configure-docker
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,13 @@ env:
6.0.x
3.1.301
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected]
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
GOVERSION: 1.19.x
JAVAVERSION: "11"
NODEVERSION: 16.x
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,13 @@ env:
6.0.x
3.1.301
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected]
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
GOVERSION: 1.19.x
JAVAVERSION: "11"
NODEVERSION: 16.x
Expand Down Expand Up @@ -393,6 +400,20 @@ jobs:
role-duration-seconds: 3600
role-session-name: ${{ env.PROVIDER }}@githubActions
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v0
with:
service_account: ${{ env.GOOGLE_CI_SERVICE_ACCOUNT_EMAIL }}
workload_identity_provider: projects/${{ env.GOOGLE_PROJECT_NUMBER
}}/locations/global/workloadIdentityPools/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_POOL }}/providers/${{
env.GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER }}
- name: Setup gcloud auth
uses: google-github-actions/setup-gcloud@v0
with:
install_components: gke-gcloud-auth-plugin
- name: Login to Google Cloud Registry
run: gcloud --quiet auth configure-docker
- name: Install dependencies
run: make install_${{ matrix.language}}_sdk
- name: Install gotestfmt
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,13 @@ env:
6.0.x
3.1.301
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_CI_SERVICE_ACCOUNT_EMAIL: [email protected]
GOOGLE_CI_WORKLOAD_IDENTITY_POOL: pulumi-ci
GOOGLE_CI_WORKLOAD_IDENTITY_PROVIDER: pulumi-ci
GOOGLE_PROJECT: pulumi-ci-gcp-provider
GOOGLE_PROJECT_NUMBER: 895284651812
GOOGLE_REGION: us-central1
GOOGLE_ZONE: us-central1-a
GOVERSION: 1.19.x
JAVAVERSION: "11"
NODEVERSION: 16.x
Expand Down
10 changes: 10 additions & 0 deletions provider-ci/src/steps.ts
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,16 @@ export function GoogleAuth(requiresGcp?: boolean): Step {
return {};
}

export function LoginGCloudDocker(requiresGcp?: boolean, provider?: string): Step {
if (requiresGcp && provider == "docker") {
return {
name: "Login to Google Cloud Registry",
run: "gcloud --quiet auth configure-docker",
};
}
return {};
}

export function SetupGCloud(requiresGcp?: boolean): Step {
if (requiresGcp) {
return {
Expand Down
1 change: 1 addition & 0 deletions provider-ci/src/workflows.ts
Original file line number Diff line number Diff line change
Expand Up @@ -744,6 +744,7 @@ export class TestsJob implements NormalJob {
steps.ConfigureAwsCredentialsForTests(opts.aws),
steps.GoogleAuth(opts.gcp),
steps.SetupGCloud(opts.gcp),
steps.LoginGCloudDocker(opts.gcp, opts.provider),
steps.InstallSDKDeps(),
steps.SetupGotestfmt(),
steps.RunTests(),
Expand Down

0 comments on commit 81138cd

Please sign in to comment.