The video about Workload Identity Federation has been published. Search UA-cam for "How to use Github Actions with Google's Workload Identity Federation" and you will find it. Hope you find it useful.
How can we run tests on container before deploying the same on cloud run ? I am facing issue with passing the credential to container using github action, and my container needs access to gcp resources so I am getting error which says "unable to load default credentials"
Good question! I do this by running the GitHub Action "google-github-actions/auth". It pulls in the JSON key for a service account that I have stored as a secret in GitHub.
@@TheMomander I am having trouble understanding where to get the service name and the "service account key" is there a resource that can show me where that is? I am having a similar auth problem: Error: google-github-actions/auth failed with: retry function failed after 1 attempt: failed to parse service account key JSON credentials: unexpected token 緷 in JSON at position 0 Thanks!
@@JorgeSolis-jd6fr To export your service account key: go to Google Cloud Console, click the hamburger menu, click "IAM & Admin", click "Service Accounts", click the three dots to the right for the service account you want, click "Manage keys", click "Add key", "Create new key" and pick JSON. To store the key as a GitHub secret: open the JSON file in a text editor, select and copy the contents of the JSON file, click to create a new secret in GitHub, paste in the key file contents you copied. Hope this helps!
Great I really loved it Thank You, will you please give me an idea how to deploy the github project into Apigee X as a proxy using cloud run with maven plugin, your help will be appreciated.
Hey@@TheMomander, thanks for the reply... I need to know to how to deploy github project into gcp, with workload identity federation authentication in the .yml file, will you please help on that.
@@rajeshkumarj9623 You're in luck; we recently published a video about this. Search UA-cam for "How to use Github Actions with Google's Workload Identity Federation" and you will find it. Best of luck with your project!
Nothing worked, it should be simple (why doesn't a connection work out the box) Why do we need to fight a multitude of permission errors after connecting cloud run to github. This has turned into a nightmare - Connected cloud run to github repo and boom only errors can't find a solution - Here's the output of the error Step #1 - "Push": denied: Permission "artifactregistry.repositories.uploadArtifacts" denied on resource "projects/********/locations/europe-west2/repositories/cloud-run-source-deploy" (or it may not exist)
GitHub Actions are great if you want to customize your CI/CD pipeline. If you want something simpler that works "out of the box", this may work better for you: 1. Go to Cloud Run in the Google Cloud Console. 2. Click "Create service". 3. Click "Continuously deploy from a repository".
You have to add the permissions. I will explian but cant link stuff cus youtube spam rules. go to the repo named "google-github-actions". Search this: "As needed, allow authentications from the Workload Identity Pool to Google Cloud resources. These can be any Google Cloud resources that support federated ID tokens, and it can be done after the GitHub Action is configured. The following ...". This shows you the command you need to add to add the necessary permissions for the identity you created.
🔩 Subscribe for more Google Cloud tips and tricks → goo.gle/GoogleCloudTech
Great info Martin! Looking forward to seeing how to secure the deployment process using the workload identity federation
Thank you, Carlos! We are working on that video right now 🙂
The video about Workload Identity Federation has been published. Search UA-cam for "How to use Github Actions with Google's Workload Identity Federation" and you will find it. Hope you find it useful.
Thanks Martin. Looking forward to next video of WIF .
Excellent, very useful video. Thank you.
Love the mention of WIF!
How can we run tests on container before deploying the same on cloud run ? I am facing issue with passing the credential to container using github action, and my container needs access to gcp resources so I am getting error which says "unable to load default credentials"
Good question! I do this by running the GitHub Action "google-github-actions/auth". It pulls in the JSON key for a service account that I have stored as a secret in GitHub.
@@TheMomander I am having trouble understanding where to get the service name and the "service account key" is there a resource that can show me where that is? I am having a similar auth problem: Error: google-github-actions/auth failed with: retry function failed after 1 attempt: failed to parse service account key JSON credentials: unexpected token 緷 in JSON at position 0
Thanks!
@@JorgeSolis-jd6fr To export your service account key: go to Google Cloud Console, click the hamburger menu, click "IAM & Admin", click "Service Accounts", click the three dots to the right for the service account you want, click "Manage keys", click "Add key", "Create new key" and pick JSON.
To store the key as a GitHub secret: open the JSON file in a text editor, select and copy the contents of the JSON file, click to create a new secret in GitHub, paste in the key file contents you copied.
Hope this helps!
Esta orma ya no funciona, actualizen el video
Great video. Is there a video on uisng WIF instead?
Yes, we are working on a video about WIF. It's been scheduled for publishing on June 15, but that may change.
Could you share your repo please?
Great I really loved it Thank You, will you please give me an idea how to deploy the github project into Apigee X as a proxy using cloud run with maven plugin, your help will be appreciated.
Sorry, I don't have much experience with Apigee X.
Hey@@TheMomander, thanks for the reply... I need to know to how to deploy github project into gcp, with workload identity federation authentication in the .yml file, will you please help on that.
@@rajeshkumarj9623 You're in luck; we recently published a video about this. Search UA-cam for "How to use Github Actions with Google's Workload Identity Federation" and you will find it. Best of luck with your project!
Nothing worked, it should be simple (why doesn't a connection work out the box) Why do we need to fight a multitude of permission errors after connecting cloud run to github. This has turned into a nightmare - Connected cloud run to github repo and boom only errors can't find a solution - Here's the output of the error Step #1 - "Push": denied: Permission "artifactregistry.repositories.uploadArtifacts" denied on resource "projects/********/locations/europe-west2/repositories/cloud-run-source-deploy" (or it may not exist)
GitHub Actions are great if you want to customize your CI/CD pipeline. If you want something simpler that works "out of the box", this may work better for you:
1. Go to Cloud Run in the Google Cloud Console.
2. Click "Create service".
3. Click "Continuously deploy from a repository".
The run from source seems to be outdated. Is there going to be an update for it?
You have to add the permissions. I will explian but cant link stuff cus youtube spam rules. go to the repo named "google-github-actions". Search this:
"As needed, allow authentications from the Workload Identity Pool to Google Cloud resources. These can be any Google Cloud resources that support federated ID tokens, and it can be done after the GitHub Action is configured. The following ...".
This shows you the command you need to add to add the necessary permissions for the identity you created.