Skip to content

Airflow workflow to run push_to_airflow.sh #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
shrutiag161 merged 7 commits into from
Oct 29, 2025
Merged

Airflow workflow to run push_to_airflow.sh #21

shrutiag161 merged 7 commits into from
Oct 29, 2025

Conversation

@shrutiag161
Copy link
Contributor

@shrutiag161 shrutiag161 commented Oct 28, 2025

  1. In push_to_airflow.sh: I switched gsutil to gcloud storage because gcloud storage is configured to use the temporary access token returned by GCP. gsutil doesn't accept these tokens (so using a temp auth token wouldn't work and we would need to pass in the actual json key file) and is deprecated by Google Cloud.

  2. In an effort to keep permissions separate, I used the github-actions service account which is tied to the github Workload Identity Pool. This service account has "Storage Object Admin" permissions in the necessary GCS buckets accessed by push_to_airflow.sh.

@github-actions
Copy link

github-actions bot commented Oct 28, 2025
edited
Loading

No need for rebasing 👍
behind_count is 0
ahead_count is 7

rggelles
rggelles approved these changes Oct 29, 2025
View reviewed changes
Copy link
Member

@rggelles rggelles left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Did you switch service accounts because you wanted to give the new one specific permissions for this?

@shrutiag161
Copy link
Contributor Author

shrutiag161 commented Oct 29, 2025

LGTM! Did you switch service accounts because you wanted to give the new one specific permissions for this?

Yeah, the highest level the service account for gsutil/google cloud storage commands needs is Storage Object Admin so I didn't want to use a service account with Storage Admin permissions if I didn't have to. Also just to keep the use cases separate

@shrutiag161 shrutiag161 changed the title Airflow workflow for real Airflow workflow to run push_to_airflow.sh Oct 29, 2025
@shrutiag161 shrutiag161 merged commit 334599b into main Oct 29, 2025
3 checks passed
@shrutiag161 shrutiag161 deleted the airflow-workflow-for-real branch October 29, 2025 17:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rggelles rggelles rggelles approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@shrutiag161 @rggelles