Skip to content

Instantly share code, notes, and snippets.

View sushilbaid's full-sized avatar

Sushil Baid sushilbaid

1 follower · 0 following
View GitHub Profile
@sushilbaid
sushilbaid / build-publish-image-to-google-artifact-repository.md
Created August 3, 2023 05:22
Github action to build and publish docker image to google artifact repository

github action to build an image and publish to google artifact repository

authentication with google cloud

exchanging github token for google cloud oauth access token is key to publishing image to google artifict repository and there after deploy to GKE.

At high level, it means:

  1. A service account is created in google cloud (gc) and its access token is returned by the github action.
  2. The service account is assigned expected roles by adding role bindings. e.g. roles/artifactregistry.writer to publish to artifact repository
  3. Provide mapping of attributes in the github token to gc access token. these mappings are added to gc using workload pool identity pool and provider.
  4. workload identity based principal set is assigned role ('roles/workloadIdentityUser') to allow it to impersonate created in steps earlier.