From 5617c648fef36eeb42987d86baa30eca3afbca23 Mon Sep 17 00:00:00 2001
From: Mikhail Shirkov <shirkevich@gmail.com>
Date: Wed, 20 Nov 2024 17:15:00 +0400
Subject: [PATCH] Google cloud oidc integration

---
 action.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/action.yml b/action.yml
index 83ba0b4..644deba 100644
--- a/action.yml
+++ b/action.yml
@@ -123,6 +123,9 @@ runs:
         echo "sort-by=$(atmos describe config -f json | jq -r '.integrations.github.gitops.matrix["sort-by"]')" >> $GITHUB_OUTPUT
         echo "aws-region=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].region')" >> $GITHUB_OUTPUT
         echo "terraform-plan-role=$(atmos describe config -f json | jq -r '.integrations.github.gitops.role.plan')" >> $GITHUB_OUTPUT
+        echo "google-workload-identity-provider=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"]."google-workload-identity-provider"')" >> $GITHUB_OUTPUT
+        echo "google-service-account=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"]."google-service-account"')" >> $GITHUB_OUTPUT
+        echo "backend=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].backend')" >> $GITHUB_OUTPUT
 
     - name: Install Terraform
       if: ${{ steps.config.outputs.terraform-version != '' && steps.config.outputs.terraform-version != 'null' }}
@@ -157,6 +160,7 @@ runs:
     - name: Configure Plan AWS Credentials
       if: ${{ steps.config.outputs.aws-region != '' && 
               steps.config.outputs.aws-region != 'null' && 
+              steps.config.outputs.backend == 'aws' &&
               steps.config.outputs.terraform-plan-role != '' && 
               steps.config.outputs.terraform-plan-role != 'null' }}
       uses: aws-actions/configure-aws-credentials@v4.0.2
@@ -166,6 +170,13 @@ runs:
         role-session-name: "atmos-terraform-plan-gitops"
         mask-aws-account-id: "no"
 
+    - name: Configure Google Credentials
+      if: ${{ steps.config.outputs.backend == 'google' }}
+      uses: google-github-actions/auth@v2
+      with:
+        workload_identity_provider: ${{ steps.config.outputs.google-workload-identity-provider }}
+        service_account: ${{ steps.config.outputs.google-service-account }}
+
     - name: atmos affected stacks for atmos pro
       id: affected-pro
       if: ${{ inputs.atmos-pro-upload == 'true' }}