Created
May 16, 2021 16:40
-
-
Save grant/96c491caed6147b09ec4ceab59d37733 to your computer and use it in GitHub Desktop.
A script that sets up Workflows IAM for a GitHub Action
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add secret for project | |
| PROJECT=$(gcloud config get-value project) | |
| gh secret set GCP_PROJECT_ID -b $PROJECT | |
| # Create service account | |
| SERVICE_ACCOUNT=my-wf-service-account | |
| gcloud iam service-accounts create $SERVICE_ACCOUNT | |
| gcloud projects add-iam-policy-binding $PROJECT \ | |
| --member "serviceAccount:$SERVICE_ACCOUNT@$PROJECT.iam.gserviceaccount.com" \ | |
| --role "roles/workflows.editor" | |
| gcloud projects add-iam-policy-binding $PROJECT \ | |
| --member "serviceAccount:$SERVICE_ACCOUNT@$PROJECT.iam.gserviceaccount.com" \ | |
| --role "roles/iam.serviceAccountUser" | |
| # Create service account key, upload it to GitHub, then delete it locally | |
| gcloud iam service-accounts keys create sa.json \ | |
| --iam-account=$SERVICE_ACCOUNT@$PROJECT.iam.gserviceaccount.com | |
| gh secret set GCP_SA_KEY < sa.json | |
| rm sa.json |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment