-
Notifications
You must be signed in to change notification settings - Fork 0
27 lines (24 loc) · 980 Bytes
/
wlif-test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
name: GitHub Actions
on: [push]
jobs:
Job-One:
runs-on: self-hosted
permissions:
id-token: write
steps:
- uses: 'actions/checkout@v3'
# Configure Workload Identity Federation and generate an access token.
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v1'
with:
token_format: 'access_token'
workload_identity_provider: '${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}'
service_account: '${{ secrets.GCP_SA_NAME }}'
audience: '${{ secrets.GCP_POOL_AUDIENCE }}'
access_token_lifetime: '3600s' # optional, default: '3600s' (1 hour)
- name: 'Access secret'
run: |-
curl https://secretmanager.googleapis.com/v1/projects/${{ secrets.GCP_PROJECT_ID }}/secrets/my-secret/versions/1:access \
--header "Authorization: Bearer ${{ steps.auth.outputs.access_token }}"
echo "Done!!!"