slsa-github-generator icon indicating copy to clipboard operation
slsa-github-generator copied to clipboard

Published 20 hours ago verified publisher icon slsa-framework

[docs][container] Document using GCP workload identity

Open ianlewis opened this issue 2 years ago • 2 comments

Create a section in the README that outlines how to use GCP workload identity and gives pointers on how you need to set it up.

ianlewis avatar Mar 02 '23 22:03 ianlewis

Hey @ianlewis , I'd like to pick this ticket up if you think that's a good idea. What context are we trying to use GCP workload identity in and what are we trying to accomplish by using it?

chasen-bettinger avatar Apr 07 '23 14:04 chasen-bettinger

@chasen-bettinger Go for it!

What context are we trying to use GCP workload identity in and what are we trying to accomplish by using it?

It's for authentication with GCP when pushing to Artifact Registry from the container generator.

I would add a new section to the README. There you can show an example of using it.

Some links that may be helpful:

  • Setting up Workload Identity Federation: https://github.com/google-github-actions/auth#setting-up-workload-identity-federation
  • Configuring OpenID Connect in Google Cloud Platform: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform
  • Artifact Registry: Create a Docker repository: https://cloud.google.com/artifact-registry/docs/docker/store-docker-container-images#create

ianlewis avatar Apr 07 '23 22:04 ianlewis