Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deploy deploy-cloud-functions ignores service account #448

Open
ngreven-allegro opened this issue Nov 21, 2024 · 1 comment
Open

Deploy deploy-cloud-functions ignores service account #448

ngreven-allegro opened this issue Nov 21, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@ngreven-allegro
Copy link

TL;DR

When trying to use the deploy step in deploy-cloud-functions, it ignores the service_account_email setting.

We've created a new service account (SA) for our project in GCP. We've been trying to deploy it, but no matter what we do it will not deploy using the SA specified. It will always revert to the default SA (called 'Compute Engine default service account' on Google Cloud). The service_account_email seems to be ignored.

Expected behavior

Setting the service_account_email in deploy-cloud-functions should use the specified SA instead of the standard one.

I've tried using v3 of deploy-cloud-functions as well, replacing service_account_email with service_account instead. Unfortunately it gives me the exact same behaviour as described.

Both workload_identity_provider and service_account in the 'auth' step are defined, but I changed them in this bug report for security reasons.

Observed behavior

The default service account is used, service_account_email is ignored.

Action YAML

name: CI

on:
  push:
    branches: [ "master" ]

jobs:
  deploy:
    name: Deploy to GCP
    runs-on: [ self-hosted, ubuntu-latest ]
    container:
      image: artifactory-url/ubuntu:20.04
    permissions:
      contents: 'read'
      id-token: 'write'

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ github.head_ref }}

      - id: 'auth'
        uses: 'google-github-actions/auth@v2'
        with:
          workload_identity_provider: 'xxx'
          service_account: 'yyy'

      - id: 'deploy'
        uses: 'google-github-actions/deploy-cloud-functions@v2'
        with:
          name: 'qqq'
          runtime: go122
          project_id: zzz
          region: europe-central2
          service_account_email: 'fff'

Log output

No response

Additional information

No response
@ngreven-allegro ngreven-allegro added the bug Something isn't working label Nov 21, 2024
@sethvargo
Copy link
Member

Hi there - could you please provide the debug output for the complete GitHub Actions workflow run for v3?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sethvargo @ngreven-allegro