ikh*_*vjs 6 github github-actions
下面的例子是什么意思id-token,有什么用?
jobs:
job_id:
# Add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: 'auth'
uses: 'google-github-actions/auth@v0'
with:
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: 'my-service-account@my-project.iam.gserviceaccount.com'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v0'
- name: 'Use gcloud CLI'
run: 'gcloud info'
该示例来自setup-gcloud
我尝试查看doc1和doc2。但是,我找不到任何有用的信息。
你能给我一些提示/建议吗?
它与OpenID Connectid-token结合使用。
需要将权限设置write为 才能请求 OpenID Connect JWT 令牌(如文档中所述) 。
虽然您共享的示例来自 setup-gcloud,但工作流程中实际需要此的部分是操作google-github-actions/auth。在其中,您想要查看有关“工作负载身份联合”的部分。更多文档也可直接在 GCP 上获取:https://cloud.google.com/iam/docs/workload-identity-federation