From 4820e2f5ab6f931999362d7145ee9101c168dcfd Mon Sep 17 00:00:00 2001 From: Pablo Ordorica Wiener Date: Tue, 17 Sep 2024 17:42:52 -0400 Subject: [PATCH] feat: pulumi up and docs for github and gcp auth --- .github/workflows/pulumi.yaml | 6 +++--- README.md | 9 +++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pulumi.yaml b/.github/workflows/pulumi.yaml index 3842f04..f34bcb9 100644 --- a/.github/workflows/pulumi.yaml +++ b/.github/workflows/pulumi.yaml @@ -6,11 +6,11 @@ on: workflow_dispatch: jobs: - preview: + pulumi: permissions: id-token: write contents: read - name: Preview + name: Update runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -31,7 +31,7 @@ jobs: - name: Deploy infra uses: pulumi/actions@v5 with: - command: preview + command: up stack-name: pablordoricaw/dev env: PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} diff --git a/README.md b/README.md index 387a22e..79d579f 100644 --- a/README.md +++ b/README.md @@ -81,4 +81,13 @@ After a few unsuccessful tries to fix the issue with Pulumi Deployments and GCP First thing, I stored a Pulumi Cloud access token in the secrets of the repo for GitHub actions to authenticate with Pulumi Cloud. This token expires on 12/20/204 +#### GitHub and GCP +I created a new service account called `github` and a new workload identity pool called `github-actions-pool` following the same instructions that I did to create the Pulumi ones. + +Then in the `pulumi.yaml` GitHub Actions workflow I used these to authenticate with GCP. The following + +- [GitHub docs](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform) +- [GCP docs](https://cloud.google.com/iam/docs/workload-identity-federation-with-deployment-pipelines#by-pool) + +were useful for this step.