auth icon indicating copy to clipboard operation
auth copied to clipboard
verified publisher icon google-github-actions

Workload identity with Service Account outdated

Open rotarur opened this issue 4 months ago • 4 comments

TL;DR

I followed all the steps to setup my workload identity for my GH action to authenticate on GCP but it was working. I checked the logs in my IDP but no logs there. I found out that the attribute-mapping is outdated or wrong. I've used the official documentation here and now my GH actions are able to authenticate. Might be better to just reference your documentation to this official rather than duplicate and have to keep it

Expected behavior

No response

Observed behavior

No response

Action YAML

NA

Log output

Additional information

No response

rotarur avatar Aug 29 '25 10:08 rotarur

Hi there @rotarur :wave:!

Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.

github-actions[bot] avatar Aug 29 '25 10:08 github-actions[bot]

What did you use before and what did you use after?

sethvargo avatar Aug 29 '25 14:08 sethvargo

What did you use before and what did you use after?

I used --attribute-condition="assertion.repository_owner == '${GITHUB_ORG}'" \

In the official documentation they recommend using like this --attribute-mapping="google.subject=assertion.sub,attribute.repository=assertion.repository"

rotarur avatar Nov 03 '25 20:11 rotarur