Fix GHA env vars passing

.github/workflows/api-image.yml

@@ -3,6 +3,10 @@ name: API image
 on:
   workflow_call:
     secrets:
+      service_account_email:
+        required: true
+      workload_identity_provider:
+        required: true
       gce_project:
         required: true
 
@@ -20,8 +24,8 @@ jobs:
       - name: Setup Service Account
         uses: google-github-actions/auth@v1
         with:
-          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
-          service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
+          workload_identity_provider: ${{ secrets.workload_identity_provider }}
+          service_account: ${{ secrets.service_account_email }}
 
       - name: Configure Docker
         run: gcloud --quiet auth configure-docker us-central1-docker.pkg.dev

.github/workflows/cluster-disk-image.yml

@@ -2,6 +2,11 @@ name: Cluster disk image
 
 on:
   workflow_call:
+    secrets:
+      service_account_email:
+        required: true
+      workload_identity_provider:
+        required: true
 
 jobs:
   publish:
@@ -15,8 +20,8 @@ jobs:
       #   uses: google-github-actions/auth@v1
       #   with:
       #     create_credentials_file: true
-      #     workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
-      #     service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
+      #     workload_identity_provider: ${{ secrets.workload_identity_provider }}
+      #     service_account: ${{ secrets.service_account_email }}
 
       # - name: Setup Packer
       #   uses: hashicorp-contrib/setup-packer@v2

.github/workflows/env-build-task-driver.yml

@@ -2,6 +2,11 @@ name: Env build task driver
 
 on:
   workflow_call:
+    secrets:
+      service_account_email:
+        required: true
+      workload_identity_provider:
+        required: true
 
 jobs:
   publish:
@@ -29,8 +34,8 @@ jobs:
       - name: Setup Service Account
         uses: google-github-actions/auth@v1
         with:
-          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
-          service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
+          workload_identity_provider: ${{ secrets.workload_identity_provider }}
+          service_account: ${{ secrets.service_account_email }}
 
       - name: List files
         run: ls -la ./packages/env-build-task-driver/bin

.github/workflows/env-instance-task-driver.yml

@@ -2,6 +2,11 @@ name: Env instance task driver
 
 on:
   workflow_call:
+    secrets:
+      service_account_email:
+        required: true
+      workload_identity_provider:
+        required: true
 
 jobs:
   publish:
@@ -29,8 +34,8 @@ jobs:
       - name: Setup Service Account
         uses: google-github-actions/auth@v1
         with:
-          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
-          service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
+          workload_identity_provider: ${{ secrets.workload_identity_provider }}
+          service_account: ${{ secrets.service_account_email }}
 
       - name: Upload firecracker task driver
         uses: "google-github-actions/upload-cloud-storage@v1"

.github/workflows/envd.yml

@@ -3,6 +3,10 @@ name: Envd
 on:
   workflow_call:
     secrets:
+      service_account_email:
+        required: true
+      workload_identity_provider:
+        required: true
       version:
         required: true
 
@@ -34,8 +38,8 @@ jobs:
       - name: Setup Service Account
         uses: google-github-actions/auth@v1
         with:
-          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
-          service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
+          workload_identity_provider: ${{ secrets.workload_identity_provider }}
+          service_account: ${{ secrets.service_account_email }}
 
       - name: Upload envd
         uses: "google-github-actions/upload-cloud-storage@v1"

.github/workflows/release.yml

@@ -76,6 +76,9 @@ jobs:
       needs.changes.outputs.version == 'true' &&
       needs.changes.outputs.env-instance-task-driver == 'true'
     uses: ./.github/workflows/env-instance-task-driver.yml
+    secrets:
+      workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
+      service_account_email: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
 
   env-build-task-driver:
     name: Env build task driver
@@ -85,6 +88,9 @@ jobs:
       needs.changes.outputs.version == 'true' &&
       needs.changes.outputs.env-build-task-driver == 'true'
     uses: ./.github/workflows/env-build-task-driver.yml
+    secrets:
+      workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
+      service_account_email: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
 
   cluster-disk-image:
     name: Cluster disk image
@@ -94,6 +100,9 @@ jobs:
       needs.changes.outputs.version == 'true' &&
       needs.changes.outputs.cluster-disk-image == 'true'
     uses: ./.github/workflows/cluster-disk-image.yml
+    secrets:
+      workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
+      service_account_email: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
 
   envd:
     name: Env Daemon
@@ -104,6 +113,8 @@ jobs:
       needs.changes.outputs.envd == 'true'
     uses: ./.github/workflows/envd.yml
     secrets:
+      workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
+      service_account_email: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
       version: ${{ needs.changes.outputs.get-version }}
 
   api-image:
@@ -115,6 +126,8 @@ jobs:
       needs.changes.outputs.api-image == 'true'
     uses: ./.github/workflows/api-image.yml
     secrets:
+      workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
+      service_account_email: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
       gce_project: ${{ secrets.GCE_PROJECT }}
 
   terraform:
@@ -138,6 +151,13 @@ jobs:
       (needs.env-build-task-driver.result == 'success' || needs.env-build-task-driver.result == 'skipped') &&
       (needs.api-image.result == 'success' || needs.api-image.result == 'skipped')
     uses: ./.github/workflows/terraform.yml
+    secrets:
+      workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
+      service_account_email: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
+      client_machine_type: ${{ secrets.CLIENT_MACHINE_TYPE }}
+      client_cluster_size: ${{ secrets.CLIENT_CLUSTER_SIZE }}
+      server_machine_type: ${{ secrets.SERVER_MACHINE_TYPE }}
+      server_cluster_size: ${{ secrets.SERVER_CLUSTER_SIZE }}
 
   # The last successful release is used for determining which changed and what should be deployed in this release.
   release:

.github/workflows/terraform.yml

@@ -2,6 +2,19 @@ name: Terraform
 
 on:
   workflow_call:
+    secrets:
+      service_account_email:
+        required: true
+      workload_identity_provider:
+        required: true
+      server_cluster_size:
+        required: true
+      server_machine_type:
+        required: true
+      client_cluster_size:
+        required: true
+      client_machine_type:
+        required: true
 
 jobs:
   deploy:
@@ -15,8 +28,8 @@ jobs:
         uses: google-github-actions/auth@v1
         with:
           create_credentials_file: true
-          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
-          service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
+          workload_identity_provider: ${{ secrets.workload_identity_provider }}
+          service_account: ${{ secrets.service_account_email }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v2
@@ -44,7 +57,7 @@ jobs:
         run: make apply
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          tf_var_client_machine_type: ${{ secrets.CLIENT_MACHINE_TYPE }}
-          tf_var_client_cluster_size: ${{ secrets.CLIENT_CLUSTER_SIZE }}
-          tf_var_server_machine_type: ${{ secrets.SERVER_MACHINE_TYPE }}
-          tf_var_server_cluster_size: ${{ secrets.SERVER_CLUSTER_SIZE }}
+          tf_var_client_machine_type: ${{ secrets.client_machine_type }}
+          tf_var_client_cluster_size: ${{ secrets.client_cluster_size }}
+          tf_var_server_machine_type: ${{ secrets.server_machine_type }}
+          tf_var_server_cluster_size: ${{ secrets.server_cluster_size }}