Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: set up OIDC in the release workflow #1540

Merged
merged 7 commits into from
Sep 18, 2024
Merged

ci: set up OIDC in the release workflow #1540

merged 7 commits into from
Sep 18, 2024

Conversation

reakaleek
Copy link
Member

@reakaleek reakaleek commented Sep 13, 2024
edited
Loading

This sets up keyless authentication to GCP with OIDC.

I have a successful dry-run here: https://github.com/elastic/apm-agent-rum-js/actions/runs/10850931893, which is deploying to a test bucket in the elastic-observability-ci GCP project

@reakaleek reakaleek requested a review from a team September 16, 2024 07:53
@reakaleek reakaleek self-assigned this Sep 16, 2024
v1v
v1v previously approved these changes Sep 16, 2024
View reviewed changes
.github/workflows/release.yml Outdated
Comment on lines 19 to 20
ELASTIC_CDN_PROJECT_ID: ${{ inputs.dry-run == false && 'elastic-cdn-4ae000ab' || 'elastic-observability-ci' }}
ELASTIC_CDN_PROJECT_NUMBER: ${{ inputs.dry-run == false && '382950469386' || '911195782929' }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no way to use one or the other but both?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the hint.

Seems like in existing cases we are only using the project-number.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

4f8a3f5

The dry-run of that commit was successful here: https://github.com/elastic/apm-agent-rum-js/actions/runs/10879975420

@reakaleek reakaleek requested a review from v1v September 16, 2024 08:22
v1v
v1v previously approved these changes Sep 16, 2024
View reviewed changes
@reakaleek
Copy link
Member Author

reakaleek commented Sep 17, 2024
edited
Loading

⚠️ This setup worked in the "dry-run", where we uploaded the objects to a test bucket in the elastic-observability-ci account. (See https://github.com/elastic/apm-agent-rum-js/actions/runs/10879975420)

However, we will only determine if it works on the release day.

cc @elastic/observablt-ci, @elastic/apm-agent-rum

@reakaleek reakaleek requested a review from a team September 17, 2024 11:33
@reakaleek reakaleek requested a review from v1v September 17, 2024 11:44
@reakaleek reakaleek merged commit 3371a40 into main Sep 18, 2024
17 of 22 checks passed
@reakaleek reakaleek deleted the feature/release-oidc-setup branch September 18, 2024 09:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vigneshshanmugam vigneshshanmugam vigneshshanmugam approved these changes

@v1v v1v v1v approved these changes

Assignees

@reakaleek reakaleek

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@reakaleek @v1v @vigneshshanmugam