diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 3cb5c692..d5d858cf 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -81,75 +81,6 @@ jobs: with: path: './test' destination: '${{ secrets.UPLOAD_CLOUD_STORAGE_TEST_BUCKET }}/testprefix' - credentials: '${{ secrets.UPLOAD_CLOUD_STORAGE_GCP_SA_KEY_JSON }}' - - - name: 'Get output' - run: 'echo "${{ steps.upload.outputs.uploaded }}"' - - # Deprecated - auth_setup_gcloud: - if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} - name: 'auth_setup_gcloud' - runs-on: 'ubuntu-latest' - steps: - - uses: 'actions/checkout@v3' - - - uses: 'actions/setup-node@v3' - with: - node-version: '16.x' - - - name: 'npm build' - run: 'npm ci && npm run build' - - - uses: 'google-github-actions/setup-gcloud@main' - with: - service_account_email: ${{ secrets.UPLOAD_CLOUD_STORAGE_GCP_SA_EMAIL }} - service_account_key: ${{ secrets.UPLOAD_CLOUD_STORAGE_GCP_SA_KEY_B64 }} - export_default_credentials: true - - - name: 'Create files' - run: |- - mkdir -p test - touch test/test2.txt - - - id: 'upload' - name: 'Upload files' - uses: './' - with: - path: './test/test2.txt' - destination: '${{ secrets.UPLOAD_CLOUD_STORAGE_TEST_BUCKET }}/testprefix' - - - name: 'Get output' - run: 'echo "${{ steps.upload.outputs.uploaded }}"' - - # Deprecated - auth_builtin_credentials: - if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }} - name: 'auth_builtin_credentials' - runs-on: 'ubuntu-latest' - steps: - - uses: 'actions/checkout@v3' - - - uses: 'actions/setup-node@v3' - with: - node-version: '16.x' - - - name: 'npm build' - run: 'npm ci && npm run build' - - - name: 'Create files' - run: |- - mkdir -p test - touch test/test1.txt - touch test/test2.txt - - - id: 'upload' - name: 'Upload files' - uses: './' - with: - path: './test' - destination: '${{ secrets.UPLOAD_CLOUD_STORAGE_TEST_BUCKET }}/testprefix' - credentials: '${{ secrets.UPLOAD_CLOUD_STORAGE_GCP_SA_KEY_JSON }}' - name: 'Get output' run: 'echo "${{ steps.upload.outputs.uploaded }}"' diff --git a/README.md b/README.md index 1d7b54ba..802ba6c3 100644 --- a/README.md +++ b/README.md @@ -45,13 +45,13 @@ jobs: steps: - id: 'auth' - uses: 'google-github-actions/auth@v0' + uses: 'google-github-actions/auth@v1' with: workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' service_account: 'my-service-account@my-project.iam.gserviceaccount.com' - id: 'upload-file' - uses: 'google-github-actions/upload-cloud-storage@v0' + uses: 'google-github-actions/upload-cloud-storage@v1' with: path: '/path/to/file' destination: 'bucket-name/file' @@ -76,13 +76,13 @@ jobs: steps: - id: 'auth' - uses: 'google-github-actions/auth@v0' + uses: 'google-github-actions/auth@v1' with: workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' service_account: 'my-service-account@my-project.iam.gserviceaccount.com' - id: 'upload-folder' - uses: 'google-github-actions/upload-cloud-storage@v0' + uses: 'google-github-actions/upload-cloud-storage@v1' with: path: '/path/to/folder' destination: 'bucket-name' @@ -112,7 +112,7 @@ With default configuration ```yaml - id: 'upload-files' - uses: 'google-github-actions/upload-cloud-storage@v0' + uses: 'google-github-actions/upload-cloud-storage@v1' with: path: 'myfolder' destination: 'bucket-name' @@ -124,7 +124,7 @@ Optionally, you can also specify a prefix in destination. ```yaml - id: 'upload-files' - uses: 'google-github-actions/upload-cloud-storage@v0' + uses: 'google-github-actions/upload-cloud-storage@v1' with: path: 'myfolder' destination: 'bucket-name/myprefix' @@ -139,7 +139,7 @@ Setting `parent` to false will omit `path` when uploading to bucket. ```yaml - id: 'upload-files' - uses: 'google-github-actions/upload-cloud-storage@v0' + uses: 'google-github-actions/upload-cloud-storage@v1' with: path: 'myfolder' destination: 'bucket-name' @@ -154,7 +154,7 @@ Optionally, you can also specify a prefix in destination. ```yaml - id: 'upload-files' - uses: 'google-github-actions/upload-cloud-storage@v0' + uses: 'google-github-actions/upload-cloud-storage@v1' with: path: 'myfolder' destination: 'bucket-name/myprefix' @@ -169,7 +169,7 @@ You can specify a glob pattern like ```yaml - id: 'upload-files' - uses: 'google-github-actions/upload-cloud-storage@v0' + uses: 'google-github-actions/upload-cloud-storage@v1' with: path: 'myfolder' destination: 'bucket-name' @@ -302,13 +302,6 @@ If `parent` is set to `false`, it wil be uploaded to `gs://bucket-name/folder2/f project_id: 'my-project' ``` -- `credentials`: (**Deprecated**) This input is deprecated. See [auth - section](#via-google-github-actionsauth) for more details. [Google Service - Account JSON][sa] credentials as JSON or base64 encoded string, typically - sourced from a [GitHub Secret][gh-secret]. If unspecified, other - authentication methods are attempted. See [Authorization](#Authorization) - below. - ## Outputs List of successfully uploaded file(s). @@ -317,7 +310,7 @@ For example: ```yaml - id: 'upload-file' - uses: 'google-github-actions/upload-cloud-storage@v0' + uses: 'google-github-actions/upload-cloud-storage@v1' with: path: '/path/to/file' destination: 'bucket-name/file' @@ -354,12 +347,12 @@ jobs: steps: - id: 'auth' - uses: 'google-github-actions/auth@v0' + uses: 'google-github-actions/auth@v1' with: workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' service_account: 'my-service-account@my-project.iam.gserviceaccount.com' - - uses: 'google-github-actions/upload-cloud-storage@v0' + - uses: 'google-github-actions/upload-cloud-storage@v1' ``` #### Authenticating via Service Account Key JSON @@ -369,11 +362,11 @@ jobs: job_id: steps: - id: 'auth' - uses: 'google-github-actions/auth@v0' + uses: 'google-github-actions/auth@v1' with: credentials_json: '${{ secrets.gcp_credentials }}' - - uses: 'google-github-actions/upload-cloud-storage@v0' + - uses: 'google-github-actions/upload-cloud-storage@v1' ``` ### Via Application Default Credentials @@ -388,7 +381,7 @@ jobs: job_id: steps: - id: 'upload-file' - uses: 'google-github-actions/upload-cloud-storage@v0' + uses: 'google-github-actions/upload-cloud-storage@v1' ``` The action will automatically detect and use the Application Default @@ -396,7 +389,4 @@ Credentials. [gcs]: https://cloud.google.com/storage [wif]: https://cloud.google.com/iam/docs/workload-identity-federation -[sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts -[gh-runners]: https://help.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners -[gh-secret]: https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets -[setup-gcloud]: ../setup-gcloud +[sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts \ No newline at end of file diff --git a/action.yml b/action.yml index 75e9fba0..4fe562be 100644 --- a/action.yml +++ b/action.yml @@ -3,12 +3,6 @@ description: Upload files or folders to GCS buckets author: Google LLC inputs: - credentials: - description: |- - Optional service account key to use for authentication to GCS. This should be the JSON - formatted private key which can be exported from the Cloud Console. The - value can be raw or base64-encoded. - required: false project_id: description: |- Project ID to use for making requests. By default, this is extracted from diff --git a/src/client.ts b/src/client.ts index d0818bca..0ad1482e 100644 --- a/src/client.ts +++ b/src/client.ts @@ -18,7 +18,6 @@ import * as path from 'path'; import { Storage, StorageOptions, PredefinedAcl } from '@google-cloud/storage'; import { - parseCredential, randomFilepath, inParallel, toPlatformPath, @@ -38,10 +37,9 @@ const userAgent = `google-github-actions:upload-cloud-storage/${appVersion}`; /** * Available options to create the client. * - * @param credentials GCP JSON credentials (default uses ADC). + * @param projectID GCP Project ID. */ export type ClientOptions = { - credentials?: string; projectID?: string; }; @@ -165,10 +163,6 @@ export class Client { userAgent: userAgent, }; - if (opts?.credentials) { - options.credentials = parseCredential(opts.credentials); - } - this.storage = new Storage(options); } diff --git a/src/main.ts b/src/main.ts index 108c8e0d..5fd6254c 100644 --- a/src/main.ts +++ b/src/main.ts @@ -67,18 +67,8 @@ export async function run(): Promise { const headersInput = core.getInput('headers'); const processGcloudIgnore = core.getBooleanInput('process_gcloudignore'); const metadata = headersInput === '' ? {} : parseHeadersInput(headersInput); - const credentials = core.getInput('credentials'); const projectID = core.getInput('project_id'); - // Add warning if using credentials. - if (credentials) { - core.warning( - 'The "credentials" input is deprecated. ' + - 'Please switch to using google-github-actions/auth which supports both Workload Identity Federation and JSON Key authentication. ' + - 'For more details, see https://github.com/google-github-actions/upload-cloud-storage#authorization', - ); - } - // Compute the absolute root and compute the glob. const [absoluteRoot, computedGlob, rootIsDir] = await absoluteRootAndComputedGlob(root, glob); core.debug(`Computed absoluteRoot from "${root}" to "${absoluteRoot}" (isDir: ${rootIsDir})`); @@ -155,7 +145,6 @@ export async function run(): Promise { // Create the client and upload files. core.startGroup('Upload files'); const client = new Client({ - credentials: credentials, projectID: projectID, }); const uploadResponses = await client.upload({ diff --git a/tests/client.test.ts b/tests/client.test.ts index 7837fda2..71de336d 100644 --- a/tests/client.test.ts +++ b/tests/client.test.ts @@ -29,13 +29,6 @@ describe('Client', () => { }); describe('#new', () => { - it('initializes with JSON creds', function () { - const client = new Client({ - credentials: `{"foo":"bar"}`, - }); - expect(client.storage.authClient.jsonContent).eql({ foo: 'bar' }); - }); - it('initializes with ADC', function () { const client = new Client(); expect(client.storage.authClient.jsonContent).eql(null);