Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update readme with workload identity based authentication for GCR and GAR #112

Merged
merged 1 commit into from Feb 3, 2022
Merged

Update readme with workload identity based authentication for GCR and GAR #112

merged 1 commit into from Feb 3, 2022

Conversation

dineshba
Copy link
Contributor

@dineshba dineshba commented Dec 2, 2021

@dineshba dineshba requested a review from crazy-max as a code owner Dec 2, 2021
Copy link
Member

@crazy-max crazy-max left a comment

LGTM. PTAL @jonjohnsonjr

@dineshba
Copy link
Contributor Author

@dineshba dineshba commented Jan 28, 2022

@crazy-max @jonjohnsonjr Can we merge this PR ?

@jonjohnsonjr
Copy link

@jonjohnsonjr jonjohnsonjr commented Jan 28, 2022

Seems fine to me, @sethvargo does this look right?

@@ -167,8 +171,48 @@ jobs:
password: ${{ secrets.GCR_JSON_KEY }}
```

#### Workload identity federation based authentication

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I would prefer if WIF was first since it's the preferred method

Copy link
Contributor Author

@dineshba dineshba Feb 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated

README.md Outdated
steps:
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v0.4.1'

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
uses: 'google-github-actions/auth@v0.4.1'
uses: 'google-github-actions/auth@v0'

Copy link
Contributor Author

@dineshba dineshba Feb 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

README.md Outdated
runs-on: ubuntu-latest
steps:
- id: 'auth'
name: 'Authenticate to Google Cloud'

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this indentation is off by two spaces for this entire section

Copy link
Contributor Author

@dineshba dineshba Feb 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated

README.md Outdated Show resolved Hide resolved
README.md Outdated
steps:
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v0.4.1'

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
uses: 'google-github-actions/auth@v0.4.1'
uses: 'google-github-actions/auth@v0'

README.md Outdated
```
> Replace `<workload_identity_provider>` with configured workload identity provider

> Replace `<service_account>` with configured service account in workload identity provider which has access to push to GCR

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see this defined above

Copy link
Contributor Author

@dineshba dineshba Feb 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

README.md Outdated

on:
push:
branches: master

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prefer main over master

Copy link
Contributor Author

@dineshba dineshba Feb 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed in all the places

README.md Outdated

on:
push:
branches: master

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prefer main over master

Copy link
Contributor Author

@dineshba dineshba Feb 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed in all the places

password: ${{ steps.auth.outputs.access_token }}
```

> Replace `<workload_identity_provider>` with configured workload identity provider

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see this defined above

Copy link
Contributor Author

@dineshba dineshba Feb 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

README.md Show resolved Hide resolved
Copy link
Member

@crazy-max crazy-max left a comment

It appears your commits messages are missing a DCO sign-off, causing the DCO check to fail.

We require all commit messages to have a Signed-off-by line with your name and e-mail, which looks something like:

Signed-off-by: YourFirsName YourLastName <yourname@example.org>

There is no need to open a new pull request, but to fix this (and make CI pass), you need to amend the commit(s) in this pull request, and "force push" the amended commit.

Unfortunately, it's not possible to do so through GitHub's web UI, so this needs to be done through the git commandline.

You can find some instructions in the output of the DCO check (which can be found in the "checks" tab on this pull request), as well as in the Moby contributing guide.

Steps to do so "roughly" come down to:

  1. Set your name and e-mail in git's configuration:

    git config --global user.name "YourFirstName YourLastName"
    git config --global user.email "yourname@example.org"
    

    (Make sure to use your real name (not your GitHub username/handle) and e-mail)

  2. Clone your fork locally

  3. Check out the branch associated with this pull request

  4. Sign-off and amend the existing commit(s)

    git commit --amend --no-edit --signoff
    

    If your pull request contains multiple commits, either squash the commits (if needed) or sign-off each individual commit.

  5. Force push your branch to GitHub (using the --force or --force-with-lease flags) to update the pull request.

Sorry for the hassle (I wish GitHub would make this a bit easier to do), and let me know if you need help or more detailed instructions!

… GAR

Signed-off-by: Dinesh B <dineshudt17@gmail.com>
Signed-off-by: Dinesh <dineshb@thoughtworks.com>
@dineshba
Copy link
Contributor Author

@dineshba dineshba commented Feb 3, 2022

Hi @crazy-max Added the missing sign-off and squashed into one commit. Please review

Copy link
Member

@crazy-max crazy-max left a comment

LGTM thanks!

@crazy-max crazy-max merged commit 17f28ab into docker:master Feb 3, 2022
2 checks passed
@dineshba dineshba deleted the workload-identity-gcr-gar branch Feb 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants