A quickest way to setup the keyless authentication to Google Cloud from GitHub Action. We internally use the gcloud CLI to make this setup much easier. The detailed steps which our CLI is handling are found on this page: Setting up Workload Identity Federation.
Run the CLI by typing the following in the terminal:
npx @sws2apps/github-gcloud-cli setup
A browser window will now open, and asks you to authenticate to the Google Cloud SDK. Complete the authentication in that window, and the CLI window will use the authentication token it gets:
Provide the PROJECT_ID and the service account name to be created (if not provided, github-service-account will be used):
A set of commands will be executed in the terminal to complete the Workload Identity Federation setup:
Finally, add the two secrets generated at the end to corresponding GitHub repository:
DO NOT FORGET to add the necessary permissions to the service account created in the Google Cloud Console.