feat!: updates for v1 (#300)

Remove creds input, remove SA tests and update related docs

.github/workflows/integration.yml

@@ -81,75 +81,6 @@ jobs:
       with:
         path: './test'
         destination: '${{ secrets.UPLOAD_CLOUD_STORAGE_TEST_BUCKET }}/testprefix'
-        credentials: '${{ secrets.UPLOAD_CLOUD_STORAGE_GCP_SA_KEY_JSON }}'
-
-    - name: 'Get output'
-      run: 'echo "${{ steps.upload.outputs.uploaded }}"'
-
-  # Deprecated
-  auth_setup_gcloud:
-    if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }}
-    name: 'auth_setup_gcloud'
-    runs-on: 'ubuntu-latest'
-    steps:
-    - uses: 'actions/checkout@v3'
-
-    - uses: 'actions/setup-node@v3'
-      with:
-        node-version: '16.x'
-
-    - name: 'npm build'
-      run: 'npm ci && npm run build'
-
-    - uses: 'google-github-actions/setup-gcloud@main'
-      with:
-        service_account_email: ${{ secrets.UPLOAD_CLOUD_STORAGE_GCP_SA_EMAIL }}
-        service_account_key: ${{ secrets.UPLOAD_CLOUD_STORAGE_GCP_SA_KEY_B64 }}
-        export_default_credentials: true
-
-    - name: 'Create files'
-      run: |-
-        mkdir -p test
-        touch test/test2.txt
-
-    - id: 'upload'
-      name: 'Upload files'
-      uses: './'
-      with:
-        path: './test/test2.txt'
-        destination: '${{ secrets.UPLOAD_CLOUD_STORAGE_TEST_BUCKET }}/testprefix'
-
-    - name: 'Get output'
-      run: 'echo "${{ steps.upload.outputs.uploaded }}"'
-
-  # Deprecated
-  auth_builtin_credentials:
-    if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }}
-    name: 'auth_builtin_credentials'
-    runs-on: 'ubuntu-latest'
-    steps:
-    - uses: 'actions/checkout@v3'
-
-    - uses: 'actions/setup-node@v3'
-      with:
-        node-version: '16.x'
-
-    - name: 'npm build'
-      run: 'npm ci && npm run build'
-
-    - name: 'Create files'
-      run: |-
-        mkdir -p test
-        touch test/test1.txt
-        touch test/test2.txt
-
-    - id: 'upload'
-      name: 'Upload files'
-      uses: './'
-      with:
-        path: './test'
-        destination: '${{ secrets.UPLOAD_CLOUD_STORAGE_TEST_BUCKET }}/testprefix'
-        credentials: '${{ secrets.UPLOAD_CLOUD_STORAGE_GCP_SA_KEY_JSON }}'
 
     - name: 'Get output'
       run: 'echo "${{ steps.upload.outputs.uploaded }}"'

README.md

@@ -45,13 +45,13 @@ jobs:
 
     steps:
     - id: 'auth'
-      uses: 'google-github-actions/auth@v0'
+      uses: 'google-github-actions/auth@v1'
       with:
         workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
         service_account: 'my-service-account@my-project.iam.gserviceaccount.com'
 
     - id: 'upload-file'
-      uses: 'google-github-actions/upload-cloud-storage@v0'
+      uses: 'google-github-actions/upload-cloud-storage@v1'
       with:
         path: '/path/to/file'
         destination: 'bucket-name/file'
@@ -76,13 +76,13 @@ jobs:
 
     steps:
     - id: 'auth'
-      uses: 'google-github-actions/auth@v0'
+      uses: 'google-github-actions/auth@v1'
       with:
         workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
         service_account: 'my-service-account@my-project.iam.gserviceaccount.com'
 
     - id: 'upload-folder'
-      uses: 'google-github-actions/upload-cloud-storage@v0'
+      uses: 'google-github-actions/upload-cloud-storage@v1'
       with:
         path: '/path/to/folder'
         destination: 'bucket-name'
@@ -112,7 +112,7 @@ With default configuration
 
 ```yaml
 - id: 'upload-files'
-  uses: 'google-github-actions/upload-cloud-storage@v0'
+  uses: 'google-github-actions/upload-cloud-storage@v1'
   with:
     path: 'myfolder'
     destination: 'bucket-name'
@@ -124,7 +124,7 @@ Optionally, you can also specify a prefix in destination.
 
 ```yaml
 - id: 'upload-files'
-  uses: 'google-github-actions/upload-cloud-storage@v0'
+  uses: 'google-github-actions/upload-cloud-storage@v1'
   with:
     path: 'myfolder'
     destination: 'bucket-name/myprefix'
@@ -139,7 +139,7 @@ Setting `parent` to false will omit `path` when uploading to bucket.
 
 ```yaml
 - id: 'upload-files'
-  uses: 'google-github-actions/upload-cloud-storage@v0'
+  uses: 'google-github-actions/upload-cloud-storage@v1'
   with:
     path: 'myfolder'
     destination: 'bucket-name'
@@ -154,7 +154,7 @@ Optionally, you can also specify a prefix in destination.
 
 ```yaml
 - id: 'upload-files'
-  uses: 'google-github-actions/upload-cloud-storage@v0'
+  uses: 'google-github-actions/upload-cloud-storage@v1'
   with:
     path: 'myfolder'
     destination: 'bucket-name/myprefix'
@@ -169,7 +169,7 @@ You can specify a glob pattern like
 
 ```yaml
 - id: 'upload-files'
-  uses: 'google-github-actions/upload-cloud-storage@v0'
+  uses: 'google-github-actions/upload-cloud-storage@v1'
   with:
     path: 'myfolder'
     destination: 'bucket-name'
@@ -302,13 +302,6 @@ If `parent` is set to `false`, it wil be uploaded to `gs://bucket-name/folder2/f
     project_id: 'my-project'
     ```
 
-- `credentials`:  (**Deprecated**) This input is deprecated. See [auth
-  section](#via-google-github-actionsauth) for more details. [Google Service
-  Account JSON][sa] credentials as JSON or base64 encoded string, typically
-  sourced from a [GitHub Secret][gh-secret]. If unspecified, other
-  authentication methods are attempted. See [Authorization](#Authorization)
-  below.
-
 ## Outputs
 
 List of successfully uploaded file(s).
@@ -317,7 +310,7 @@ For example:
 
 ```yaml
 - id: 'upload-file'
-  uses: 'google-github-actions/upload-cloud-storage@v0'
+  uses: 'google-github-actions/upload-cloud-storage@v1'
   with:
     path: '/path/to/file'
     destination: 'bucket-name/file'
@@ -354,12 +347,12 @@ jobs:
 
     steps:
     - id: 'auth'
-      uses: 'google-github-actions/auth@v0'
+      uses: 'google-github-actions/auth@v1'
       with:
         workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
         service_account: 'my-service-account@my-project.iam.gserviceaccount.com'
 
-    - uses: 'google-github-actions/upload-cloud-storage@v0'
+    - uses: 'google-github-actions/upload-cloud-storage@v1'
 ```
 
 #### Authenticating via Service Account Key JSON
@@ -369,11 +362,11 @@ jobs:
   job_id:
     steps:
     - id: 'auth'
-      uses: 'google-github-actions/auth@v0'
+      uses: 'google-github-actions/auth@v1'
       with:
         credentials_json: '${{ secrets.gcp_credentials }}'
 
-    - uses: 'google-github-actions/upload-cloud-storage@v0'
+    - uses: 'google-github-actions/upload-cloud-storage@v1'
 ```
 
 ### Via Application Default Credentials
@@ -388,15 +381,12 @@ jobs:
   job_id:
     steps:
     - id: 'upload-file'
-      uses: 'google-github-actions/upload-cloud-storage@v0'
+      uses: 'google-github-actions/upload-cloud-storage@v1'
 ```
 
 The action will automatically detect and use the Application Default
 Credentials.
 
 [gcs]: https://cloud.google.com/storage
 [wif]: https://cloud.google.com/iam/docs/workload-identity-federation
-[sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts
-[gh-runners]: https://help.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners
-[gh-secret]: https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
-[setup-gcloud]: ../setup-gcloud
+[sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts

action.yml

@@ -3,12 +3,6 @@ description: Upload files or folders to GCS buckets
 author: Google LLC
 
 inputs:
-  credentials:
-    description: |-
-      Optional service account key to use for authentication to GCS. This should be the JSON
-      formatted private key which can be exported from the Cloud Console. The
-      value can be raw or base64-encoded.
-    required: false
   project_id:
     description: |-
       Project ID to use for making requests. By default, this is extracted from

src/client.ts

@@ -18,7 +18,6 @@ import * as path from 'path';
 
 import { Storage, StorageOptions, PredefinedAcl } from '@google-cloud/storage';
 import {
-  parseCredential,
   randomFilepath,
   inParallel,
   toPlatformPath,
@@ -38,10 +37,9 @@ const userAgent = `google-github-actions:upload-cloud-storage/${appVersion}`;
 /**
  * Available options to create the client.
  *
- * @param credentials GCP JSON credentials (default uses ADC).
+ * @param projectID GCP Project ID.
  */
 export type ClientOptions = {
-  credentials?: string;
   projectID?: string;
 };
 
@@ -165,10 +163,6 @@ export class Client {
       userAgent: userAgent,
     };
 
-    if (opts?.credentials) {
-      options.credentials = parseCredential(opts.credentials);
-    }
-
     this.storage = new Storage(options);
   }
 

src/main.ts

@@ -67,18 +67,8 @@ export async function run(): Promise<void> {
     const headersInput = core.getInput('headers');
     const processGcloudIgnore = core.getBooleanInput('process_gcloudignore');
     const metadata = headersInput === '' ? {} : parseHeadersInput(headersInput);
-    const credentials = core.getInput('credentials');
     const projectID = core.getInput('project_id');
 
-    // Add warning if using credentials.
-    if (credentials) {
-      core.warning(
-        'The "credentials" input is deprecated. ' +
-          'Please switch to using google-github-actions/auth which supports both Workload Identity Federation and JSON Key authentication. ' +
-          'For more details, see https://github.com/google-github-actions/upload-cloud-storage#authorization',
-      );
-    }
-
     // Compute the absolute root and compute the glob.
     const [absoluteRoot, computedGlob, rootIsDir] = await absoluteRootAndComputedGlob(root, glob);
     core.debug(`Computed absoluteRoot from "${root}" to "${absoluteRoot}" (isDir: ${rootIsDir})`);
@@ -155,7 +145,6 @@ export async function run(): Promise<void> {
     // Create the client and upload files.
     core.startGroup('Upload files');
     const client = new Client({
-      credentials: credentials,
       projectID: projectID,
     });
     const uploadResponses = await client.upload({

tests/client.test.ts

@@ -29,13 +29,6 @@ describe('Client', () => {
   });
 
   describe('#new', () => {
-    it('initializes with JSON creds', function () {
-      const client = new Client({
-        credentials: `{"foo":"bar"}`,
-      });
-      expect(client.storage.authClient.jsonContent).eql({ foo: 'bar' });
-    });
-
     it('initializes with ADC', function () {
       const client = new Client();
       expect(client.storage.authClient.jsonContent).eql(null);