Use WIF instead of service account key

ocadotechnology · Jun 26, 2024 · 090124f · 090124f
1 parent 44b3c89
commit 090124f
Show file tree

Hide file tree

Showing 5 changed files with 3 additions and 16 deletions.
diff --git a/.github/actions/gcloud/deploy-app/action.yaml b/.github/actions/gcloud/deploy-app/action.yaml
@@ -1,9 +1,6 @@
 name: "Code for Life - GCloud - Deploy App"
 description: "Deploy an app to Google Cloud."
 inputs:
-  gcp-credentials:
-    description: "The JSON credentials used to access GCP."
-    required: true
   deploy-args:
     description: "Arguments to pass to `gcloud app deploy`."
     required: false
@@ -13,7 +10,9 @@ runs:
     - name: 🗝 Authenticate with GCloud
       uses: google-github-actions/auth@v2
       with:
-        credentials_json: ${{ inputs.gcp-credentials }}
+        project_id: 'decent-digit-629'
+        workload_identity_provider: 'projects/354656325390/locations/global/workloadIdentityPools/cfl-pool/providers/cfl-provider'
+        service_account: '[email protected]'
 
     - name: 🤖 Set up GCloud SDK
       uses: google-github-actions/setup-gcloud@v2

diff --git a/.github/workflows/backend.yaml b/.github/workflows/backend.yaml
@@ -12,9 +12,6 @@ on:
       CODECOV_TOKEN:
         description: "The token used to gain access to Codecov."
         required: false
-      GCP_CREDENTIALS:
-        description: "The JSON credentials used to access GCP."
-        required: false
 
 jobs:
   validate-pr-refs:
@@ -82,5 +79,3 @@ jobs:
 
       - name: 🚀 Deploy App on GCloud
         uses: ocadotechnology/codeforlife-workspace/.github/actions/gcloud/deploy-app@main
-        with:
-          gcp-credentials: ${{ secrets.GCP_CREDENTIALS }}
diff --git a/.github/workflows/cron.yaml b/.github/workflows/cron.yaml
@@ -18,5 +18,4 @@ jobs:
       - name: 🚀 Deploy Cron Jobs on GCloud
         uses: ocadotechnology/codeforlife-workspace/.github/actions/gcloud/deploy-app@main
         with:
-          gcp-credentials: ${{ secrets.GCP_CREDENTIALS }}
           deploy-args: cron.yaml
diff --git a/.github/workflows/dispatch.yaml b/.github/workflows/dispatch.yaml
@@ -18,5 +18,4 @@ jobs:
       - name: 🚀 Deploy Routing Rules on GCloud
         uses: ocadotechnology/codeforlife-workspace/.github/actions/gcloud/deploy-app@main
         with:
-          gcp-credentials: ${{ secrets.GCP_CREDENTIALS }}
           deploy-args: dispatch.yaml
diff --git a/.github/workflows/frontend.yaml b/.github/workflows/frontend.yaml
@@ -12,9 +12,6 @@ on:
       CODECOV_TOKEN:
         description: "The token used to gain access to Codecov."
         required: false
-      GCP_CREDENTIALS:
-        description: "The JSON credentials used to access GCP."
-        required: false
 
 jobs:
   validate-pr-refs:
@@ -70,5 +67,3 @@ jobs:
 
       - name: 🚀 Deploy App on GCloud
         uses: ocadotechnology/codeforlife-workspace/.github/actions/gcloud/deploy-app@main
-        with:
-          gcp-credentials: ${{ secrets.GCP_CREDENTIALS }}