Skip to content

feat(jsp): use OIDC/IF to upload#622

Draft
srl295 wants to merge 3 commits into
mainfrom
srl295/issue46
Draft

feat(jsp): use OIDC/IF to upload#622
srl295 wants to merge 3 commits into
mainfrom
srl295/issue46

Conversation

@srl295

@srl295 srl295 commented Dec 8, 2023
edited
Loading

Copy link
Copy Markdown
Member

For #46

Note this is just the automated deployment, see #621 for an update to the documentation.

@srl295
feat(jsp): use OIDC/IF to upload
10af16d 
- per  https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions
- Won't work yet due to admin snags
- NOTE: temporarily pushes on every commit to this branch

For #46
@srl295 srl295 self-assigned this Dec 8, 2023
@srl295 srl295 requested review from macchiati and sffc December 8, 2023 18:41
@srl295

srl295 commented Dec 8, 2023

Copy link
Copy Markdown
Member Author

OK I think this is ready to go pending clearing admin hurdles.

Error: Action failed with error: Error: Failed to generate Google Cloud federated token for projects/goog-unicode-dev/locations/global/workloadIdentityPools/pool1/providers/unicode-dev-provider: {"error":"invalid_target","error_description":"The target service indicated by the \"audience\" parameters is invalid. This might either be because the pool or provider is disabled or deleted or because it doesn't exist."}

sffc
sffc reviewed Dec 8, 2023
View reviewed changes

@sffc sffc left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The OIDC stuff looks approximately right; we use it already in ICU4X to upload things to the project "dev-infra-273822". However, we can't yet create a provider for the project "goog-unicode-dev" as proposed in this PR.

https://github.com/unicode-org/icu4x/blob/e9316a33ced425dcd217bbf30d6cb31063a79600/.github/workflows/artifacts-build.yml#L69

@srl295

srl295 commented Dec 8, 2023

Copy link
Copy Markdown
Member Author

The OIDC stuff looks approximately right; we use it already in ICU4X to upload things to the project "dev-infra-273822". However, we can't yet create a provider for the project "goog-unicode-dev" as proposed in this PR.

https://github.com/unicode-org/icu4x/blob/e9316a33ced425dcd217bbf30d6cb31063a79600/.github/workflows/artifacts-build.yml#L69

is projects/… supposed to be a number?

Thanks… i tried to make it so it's ready to go once the auth stuff is cleared

@srl295 srl295 added the JSP UnicodeJsps label Dec 19, 2023
@markusicu

markusicu commented May 28, 2024

Copy link
Copy Markdown
Member

@srl295 PR from December, in draft state. Are you intending to continue work here and take it out of "draft", for review?

@srl295

srl295 commented May 28, 2024

Copy link
Copy Markdown
Member Author

@srl295 PR from December, in draft state. Are you intending to continue work here and take it out of "draft", for review?

It's blocked pending google implementation of the feature.

Any update @sffc ?

@sffc

sffc commented May 28, 2024

Copy link
Copy Markdown
Member

I pinged again for an update.

Google link: b/303659622

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sffc sffc sffc left review comments

@macchiati macchiati macchiati approved these changes

Assignees

@srl295 srl295

Labels

JSP UnicodeJsps

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@srl295 @markusicu @sffc @macchiati