actions: Unable to login into GCP backend combined with WIF
What happened?
Unable to login into the GCP backend using the git actions combined with WIF.
Steps to reproduce
jobs:
builder:
runs-on: ubuntu-latest
permissions:
contents: "write"
pull-requests: "write"
id-token: "write"
steps:
- uses: "actions/checkout@v3"
with:
fetch-depth: 2
- name: Authenticate to Google using WIF
id: auth
uses: google-github-actions/auth@v0
with:
workload_identity_provider: ${{ secrets.CDO_WORKLOAD_IDENTITY_PROVIDER_GCP }}
service_account: "cicd-service-account@${{ env.PROJECT_ID }}.iam.gserviceaccount.com"
project_id: ${{ env.PROJECT_ID }}
token_format: "access_token"
- uses: google-github-actions/setup-gcloud@v0
with:
# service_account_key: ${{ secrets.GCP_KEY }}
project_id: ${{ env.PROJECT_ID }}
export_default_credentials: true
- uses: pulumi/actions@v3
with:
command: preview
stack-name: mgates
cloud-url: gs://repo
env:
GOOGLE_CREDENTIALS: ${{ steps.auth.outputs.access_token }}
Expected Behavior
Login into the gcp backend and execute preview
Actual Behavior
stderr: Command failed with exit code 255: pulumi stack select mgates --non-interactive
error: PULUMI_ACCESS_TOKEN must be set for login during non-interactive CLI sessions
err?: Error: Command failed with exit code 255: pulumi stack select mgates --non-interactive
error: PULUMI_ACCESS_TOKEN must be set for login during non-interactive CLI sessions
Output of pulumi about
No response
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you’ve opened one already).
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 16 (3 by maintainers)
@cobraz it works with master. I was able to see the logs and set PULUMI_CONFIG_PASSPHRASE as env var.
yes when I install the cli and does pulumi login, it works totally fine.