From aaadca973c6fb472a1f41f3347a14b2222c10394 Mon Sep 17 00:00:00 2001 From: Elliot Date: Thu, 4 Apr 2024 12:30:20 +0000 Subject: [PATCH 1/3] Readme fixes for issue#685 --- README.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 8fdea0e39..266ec0baa 100644 --- a/README.md +++ b/README.md @@ -114,8 +114,9 @@ jobs: ## Authorization -This action installs the Cloud SDK (`gcloud`). To configure its authentication -to Google Cloud, use the [google-github-actions/auth][auth] action. You can +This action installs the Cloud SDK (`gcloud`) and credentials. To configure its authentication +to Google Cloud, use the [google-github-actions/auth][auth] action. This action sets both +[gcloud credentials][gcloud-credentials] and [Application Default Credentials][adc]. You can authenticate via: ### Workload Identity Federation (preferred) @@ -163,10 +164,11 @@ jobs: run: 'gcloud info' ``` -### Application Default Credentials +### Self-hosted runners on Google Cloud Platform -If and only if you are using self-hosted runners that are hosted on Google Cloud Platform, -the Cloud SDK will automatically authenticate using the machine credentials: +If you are using self-hosted runners that are hosted on Google Cloud Platform, credentials +are automatically obtained from the service account attached to the runner. +In this scenario, you do not need to run the [google-github-actions/auth][auth] action. ```yaml jobs: @@ -243,9 +245,10 @@ explicitly updating your version number. Note that we only publish `MAJOR` and [github-action]:https://help.github.com/en/categories/automating-your-workflow-with-github-actions [auth]: https://github.com/google-github-actions/auth -[adc]: https://cloud.google.com/docs/authentication/production +[adc]: https://cloud.google.com/docs/authentication/application-default-credentials [sdk]: https://cloud.google.com/sdk/ [gcloud]: https://cloud.google.com/sdk/gcloud/ +[gcloud-credentials]: https://cloud.google.com/docs/authentication/gcloud#gcloud-credentials [gsutil]: https://cloud.google.com/storage/docs/gsutil [sa-iam-docs]: https://cloud.google.com/iam/docs/service-accounts [sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts From d7844cdd86c5ed25cda72518b231b47e78865919 Mon Sep 17 00:00:00 2001 From: eeaton Date: Thu, 4 Apr 2024 13:37:26 +0100 Subject: [PATCH 2/3] fix typo Signed-off-by: eeaton --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 266ec0baa..72175561f 100644 --- a/README.md +++ b/README.md @@ -114,7 +114,7 @@ jobs: ## Authorization -This action installs the Cloud SDK (`gcloud`) and credentials. To configure its authentication +This action installs the Cloud SDK (`gcloud`). To configure its authentication to Google Cloud, use the [google-github-actions/auth][auth] action. This action sets both [gcloud credentials][gcloud-credentials] and [Application Default Credentials][adc]. You can authenticate via: From 46511f8464bbc5beeb7e890d9295da60cf885d7e Mon Sep 17 00:00:00 2001 From: Elliot Date: Thu, 4 Apr 2024 14:17:58 +0000 Subject: [PATCH 3/3] disambiguate "this action" to be clear which parts refer to `setup-gcloud` and which parts refer to `auth` --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 72175561f..b8c976293 100644 --- a/README.md +++ b/README.md @@ -114,10 +114,11 @@ jobs: ## Authorization -This action installs the Cloud SDK (`gcloud`). To configure its authentication -to Google Cloud, use the [google-github-actions/auth][auth] action. This action sets both -[gcloud credentials][gcloud-credentials] and [Application Default Credentials][adc]. You can -authenticate via: +The `setup-gcloud` action installs the Cloud SDK (`gcloud`). To configure its authentication +to Google Cloud, you must first use the [google-github-actions/auth][auth] action. The `auth` +action sets [Application Default Credentials][adc], then the `setup-gcloud` action references +these credentials to configure [gcloud credentials][gcloud-credentials] . You can +authenticate via the following options: ### Workload Identity Federation (preferred)