From 7013abc6e5b3263f96ff662f2cab37d796a2d08c Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik.i.sundell@gmail.com>
Date: Mon, 23 Jan 2023 21:37:29 +0100
Subject: [PATCH] deploy action/workflow: setup and opt-in to use gke auth
 plugin

---
 .github/actions/setup-deploy/action.yaml | 21 +++++++++++++++++++++
 .github/workflows/deploy-hubs.yaml       |  3 +++
 2 files changed, 24 insertions(+)

diff --git a/.github/actions/setup-deploy/action.yaml b/.github/actions/setup-deploy/action.yaml
index 966c734c8e..f78c7cad1f 100644
--- a/.github/actions/setup-deploy/action.yaml
+++ b/.github/actions/setup-deploy/action.yaml
@@ -88,6 +88,27 @@ runs:
       with:
         version: v3.7.2
 
+    # Install pre-requisite for "gcloud container clusters get-credentials"
+    # command with a modern k8s client.
+    #
+    # A manual install step has been needed as they opted to not provide it in
+    # the github-runner image. See
+    # https://github.com/actions/runner-images/issues/5925#issuecomment-1216417721.
+    #
+    # Snippet based on
+    # https://github.com/actions/runner-images/blob/9753e7301e19e29b89b0622b811bbb9b3891d02e/images/linux/scripts/installers/google-cloud-sdk.sh#L9-L13.
+    #
+    - name: Install gke-gcloud-auth-plugin
+      if: inputs.provider == 'gcp'
+      run: |
+        REPO_URL="https://packages.cloud.google.com/apt"
+        echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] $REPO_URL cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list >/dev/null
+        sudo wget -q https://packages.cloud.google.com/apt/doc/apt-key.gpg -O /usr/share/keyrings/cloud.google.gpg
+
+        sudo apt-get update -y
+        sudo apt-get install -y google-cloud-sdk-gke-gcloud-auth-plugin
+      shell: bash
+
     - name: Setup sops credentials to decrypt repo secrets
       uses: google-github-actions/auth@v1
       with:
diff --git a/.github/workflows/deploy-hubs.yaml b/.github/workflows/deploy-hubs.yaml
index 429b34d49e..f114cd7e04 100644
--- a/.github/workflows/deploy-hubs.yaml
+++ b/.github/workflows/deploy-hubs.yaml
@@ -36,6 +36,9 @@ concurrency: deploy
 # GitHug Actions logs for easy reading
 env:
   TERM: xterm
+  # This may not be required any more, and it may depend on the kubectl version
+  # we use etc as well. For now, we have it added to avoid issues.
+  USE_GKE_GCLOUD_AUTH_PLUGIN: "True"
 
 jobs:
   # This job runs in Pull Requests and on pushes to the default branch. It identifies