feat: pulumi up and docs for github and gcp auth

pablordoricaw · Sep 17, 2024 · 4820e2f · 4820e2f
1 parent a06a725
commit 4820e2f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/.github/workflows/pulumi.yaml b/.github/workflows/pulumi.yaml
@@ -6,11 +6,11 @@ on:
   workflow_dispatch:
 
 jobs:
-  preview:
+  pulumi:
     permissions:
       id-token: write
       contents: read
-    name: Preview
+    name: Update
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -31,7 +31,7 @@ jobs:
       - name: Deploy infra
         uses: pulumi/actions@v5
         with:
-          command: preview
+          command: up
           stack-name: pablordoricaw/dev
         env:
           PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
diff --git a/README.md b/README.md
@@ -81,4 +81,13 @@ After a few unsuccessful tries to fix the issue with Pulumi Deployments and GCP
 
 First thing, I stored a Pulumi Cloud access token in the secrets of the repo for GitHub actions to authenticate with Pulumi Cloud. This token expires on 12/20/204
 
+#### GitHub and GCP
 
+I created a new service account called `github` and a new workload identity pool called `github-actions-pool` following the same instructions that I did to create the Pulumi ones.
+
+Then in the `pulumi.yaml` GitHub Actions workflow I used these to authenticate with GCP. The following 
+
+- [GitHub docs](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform) 
+- [GCP docs](https://cloud.google.com/iam/docs/workload-identity-federation-with-deployment-pipelines#by-pool)
+
+were useful for this step.