Push to Airflow #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Push to Airflow | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| push_to_airflow: | |
| name: Run push_to_airflow.sh | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: 'read' # lets the workflow read our code | |
| id-token: 'write' # lets the workflow ask GitHub for a temporary token to log in to Google Cloud | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Authenticate to Google Cloud | |
| id: auth | |
| uses: google-github-actions/auth@v2 # takes the Github token and gets a Google token | |
| with: | |
| workload_identity_provider: 'projects/855475113448/locations/global/workloadIdentityPools/eto-github/providers/eto-github' | |
| service_account: 'eto-artifact-registry-github@gcp-cset-projects.iam.gserviceaccount.com' | |
| token_format: 'access_token' | |
| - name: Run push_to_airflow.sh | |
| env: | |
| GOOGLE_OAUTH_ACCESS_TOKEN: ${{ steps.auth.outputs.access_token }} # gsutil will use the Google token to authenticate | |
| run: | | |
| chmod +x ./push_to_airflow.sh | |
| ./push_to_airflow.sh |