unicode-org
feat(jsp): use OIDC/IF to upload
- per https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions
- Won't work yet due to admin snags
- NOTE: temporarily pushes on every commit to this branch
For #46
Note this is just the automated deployment, see #621 for an update to the documentation.
OK I think this is ready to go pending clearing admin hurdles.
Error: Action failed with error: Error: Failed to generate Google Cloud federated token for projects/goog-unicode-dev/locations/global/workloadIdentityPools/pool1/providers/unicode-dev-provider: {"error":"invalid_target","error_description":"The target service indicated by the \"audience\" parameters is invalid. This might either be because the pool or provider is disabled or deleted or because it doesn't exist."}
The OIDC stuff looks approximately right; we use it already in ICU4X to upload things to the project "dev-infra-273822". However, we can't yet create a provider for the project "goog-unicode-dev" as proposed in this PR.
https://github.com/unicode-org/icu4x/blob/e9316a33ced425dcd217bbf30d6cb31063a79600/.github/workflows/artifacts-build.yml#L69
is projects/… supposed to be a number?
Thanks… i tried to make it so it's ready to go once the auth stuff is cleared
@srl295 PR from December, in draft state. Are you intending to continue work here and take it out of "draft", for review?
@srl295 PR from December, in draft state. Are you intending to continue work here and take it out of "draft", for review?
It's blocked pending google implementation of the feature.
Any update @sffc ?
