Allow workflow federation credential files

[steveoh]

TL;DR

I would like to use a federated credential file from the google-github-actions/auth workflow to authenticate this workflow

Design

Action YAML

- id: auth
   name: Authenticate to Google Cloud
   uses: google-github-actions/auth@v0.3.1
   with:
       create_credentials_file: true
       workload_identity_provider: ...
       service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}

- name: 🚀 Create cloud run revision
        uses: google-github-actions/deploy-cloudrun@main
        with:
          metadata: "./src/cloud-run-deployment.yml"
          credentials_file_path: ${{ steps.auth.output.credentials_file_path }}

[sethvargo]

Hi @steveoh

We're working to update the documentation, but this should just work today if you use the latest auth action from HEAD. The subsequent actions should automatically pick up the auth.

[steveoh]

Hi @steveoh

We're working to update the documentation, but this should just work today if you use the latest auth action from HEAD. The subsequent actions should automatically pick up the auth.

That didn't work for firebase or gcloud... I guess I assumed it wouldn't work here either. Do you have a successful workow demo I can see the results?

[bharathkkb]

For deploy-cloudrun something like

  deploycr:
   runs-on: 'ubuntu-latest'
   permissions:
      contents: 'read'
      id-token: 'write'
   steps:
    - id: 'auth'
      name: 'Authenticate to Google Cloud'
      uses: 'google-github-actions/auth@v0.4.0'
      with:
        workload_identity_provider: 'WIF_PROVIDER'
        service_account: 'SA_EMAIL'
    - name: Deploy to Cloud Run
      id: deploy
      uses: google-github-actions/deploy-cloudrun@main
      with:
        service: hello-cloud-run 
        image: gcr.io/cloudrun/hello

should work. I am not sure about firebase though.

[steveoh]

Yup, this definitely works. thanks!