Skip to content

Instantly share code, notes, and snippets.

@grant

grant/setup_iam.sh

Created May 16, 2021
Embed
What would you like to do?
A script that sets up Workflows IAM for a GitHub Action
# Add secret for project
PROJECT=$(gcloud config get-value project)
gh secret set GCP_PROJECT_ID -b $PROJECT
# Create service account
SERVICE_ACCOUNT=my-wf-service-account
gcloud iam service-accounts create $SERVICE_ACCOUNT
gcloud projects add-iam-policy-binding $PROJECT \
--member "serviceAccount:$SERVICE_ACCOUNT@$PROJECT.iam.gserviceaccount.com" \
--role "roles/workflows.editor"
gcloud projects add-iam-policy-binding $PROJECT \
--member "serviceAccount:$SERVICE_ACCOUNT@$PROJECT.iam.gserviceaccount.com" \
--role "roles/iam.serviceAccountUser"
# Create service account key, upload it to GitHub, then delete it locally
gcloud iam service-accounts keys create sa.json \
--iam-account=$SERVICE_ACCOUNT@$PROJECT.iam.gserviceaccount.com
gh secret set GCP_SA_KEY < sa.json
rm sa.json
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment