lotp icon indicating copy to clipboard operation
lotp copied to clipboard

Published 20 hours ago verified publisher icon boostsecurityio

[LOTP] Add gcloud

Open fproulx-boostsecurity opened this issue 1 year ago • 0 comments

Description of the LOTP tool

gcloud is Google Cloud management tool which has a lot of plugins and dozens (if not hundreds) of commands.

Configuration files

gcloud builds submit will submit cloudbuild.yaml by default (which often can be overriden)

Real-world example

name: prod release
on:
  workflow_run:
    workflows: ["Unit Tests"]
    types:
      - completed
    branches:
      - master

permissions:
  id-token: write

jobs:
  docker:
    runs-on: ubuntu-latest
    if: ${{ github.event.workflow_run.conclusion == 'success' }}
    steps:
      - name: checkout
        uses: actions/checkout@v3
        with:
          ref: ${{ github.event.workflow_run.head_branch }}

      - name: authenticate to google cloud
        id: "auth"
        uses: google-github-actions/auth@v0
        with:
          workload_identity_provider: "${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}"
          service_account: "${{ secrets.RUN_SA_EMAIL }}"

      - name: "setup gcloud sdk"
        uses: google-github-actions/setup-gcloud@v0

      - name: Build and push images
        run: |-
          gcloud builds submit --quiet --substitutions="COMMIT_SHA=${{ github.event.workflow_run.head_sha }},_CUSTOM_BRANCH_TAG=gcloud-prod"

fproulx-boostsecurity avatar Feb 28 '24 19:02 fproulx-boostsecurity