Settings for workload identity federation (gcs) (#346)

* settings for workload identity federation (gcs)

* settings for workload identity federation (gcs)

remove garbase from 'workload_identity_provider'

* settings for workload identity federation (gcs)

check if the gcs test bucket gs://pfn-pfio-test-bucket is available or not

* settings for workload identity federation (gcs)

* settings for workload identity federation (gcs)

* settings for workload identity federation (gcs)

* settings for workload identity federation (gcs)

* settings for workload identity federation (gcs)

* settings for workload identity federation (gcs)

try to use a service account

* settings for workload identity federation (gcs)

change a service account name

* settings for workload identity federation (gcs)

Author: kmizumar

.github/workflows/python-package.yml

@@ -9,6 +9,10 @@ on:
 
 jobs:
   build:
+    # Add "id-token" with the intended permissions.
+    permissions:
+      contents: 'read'
+      id-token: 'write'
 
     runs-on: ubuntu-latest
     strategy:
@@ -18,6 +22,18 @@ jobs:
 
     steps:
     - uses: actions/checkout@v4
+
+    - uses: 'google-github-actions/auth@v2'
+      with:
+        project_id: 'cluster-storage'
+        workload_identity_provider: 'projects/1097862457753/locations/global/workloadIdentityPools/github-actions-pfio-ci-tasks/providers/github'
+        service_account: '[email protected]'
+    - name: 'Set up Google Cloud SDK'
+      uses: 'google-github-actions/setup-gcloud@v2'
+    - name: 'Check Bucket accessibility'
+      run: |
+        gcloud storage ls gs://pfn-pfio-test-bucket/ --recursive
+
     - name: Set up Python ${{ matrix.python-version }}
       uses: actions/setup-python@v5
       with:

.gitignore

@@ -9,3 +9,6 @@ dist
 .tox
 
 *~
+
+# Ignore generated credentials from google-github-actions/auth
+gha-creds-*.json