New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
diggerhq/tfrun@v0.1.6 SIGSEGV errors when testing with GCP #103
Comments
Hello! Thank you for filing the issue, I'm looking into it now |
I'm not so familiar with GCP identity federation so I need to dig deeper into how it works |
No worries, thanks @motatoes! |
@motatoes if that could help I could share with you a quick terraform config to setup Identity Federation. Or the generated configuration in https://console.cloud.google.com/iam-admin/workload-identity-pools/ |
hey @fleroux514 that would be really helpful, I'm setting up a demo repo to test it out with OICD |
Terraform config:
|
Hey @fleroux514 I managed to get it working after assigning custom role to the service account with these permissions for access to the bucket: Perhaps your missing the I had to increase the permissions specified in the actions.yml since it was lacking commenting permisisons. This is really helpful for us to document how OICD will work with digger so thank you for this filing! Let me know if this fixes it for you! |
Hey @motatoes , Yes that fixed it for me. I think the GCP demo should explicit the fact that Makes sense that Identity Federation should not have been related since its just another way of identifying. Closing this one. Thanks :) |
When I merged the workflow (above), Github actions first ran on the master branch and the digger GHA failed with
Than it ran on my feature branch and I see it deleted the lock successfully:
So I guess we don't really want to run the action on
|
hey @fleroux514 yes indeed! Digger supports other workflows such as merging and then performing apply that's why this event was there but if you only wish to support merging in this way then you can safely remove it from your pipeline |
I'm testing digger for my company but currently stumbling on a few issues and it might be easier to discuss on Slack instead of PR comments if possible. I saw https://diggertalk.slack.com/signup#/domain-signup but not sure how to "Contact the workspace administrator at Digger for an invitation.". Can you help? |
hey @fleroux514 please try https://join.slack.com/t/diggertalk/shared_invite/zt-yx6rua03-6z~g~_RF3y5LTAK2Bu_yOA sorry maybe the other link expired!! |
Currently testing the workflow proposed in https://github.com/diggerhq/digger-gcp-lock-demo.
One difference is that I have configured Workload identity federation to authenticate with Google using OIDC.
Also have made a change in the
Use gcloud CLI
by listing the content of the bucket to prove that service account hasstorage.buckets.get
permission on it.Workflow:
Output:
The text was updated successfully, but these errors were encountered: