Configure gcloud auth id-token permissions for nested workflow (#1331)

Fixes pulumi/pulumi-gcp#2919. It looks like when you nest Workflows, you also need to state elevated permissions at the parent Workflow level. - **Ensure correct id-token permission for GCP auth action** - **Generate correct GCP auth for docker test provider**
pulumi · Jan 29, 2025 · 85f223e · 85f223e
1 parent d301e5b
commit 85f223e
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/publish.yml b/provider-ci/internal/pkg/templates/bridged-provider/.github/workflows/publish.yml
@@ -206,6 +206,10 @@ jobs:
   verify_release:
     name: verify_release
     needs: publish_sdk
+    #{{- if .Config.GCP }}#
+    permissions:
+      id-token: write
+    #{{- end }}#
     uses: ./.github/workflows/verify-release.yml
     secrets: inherit
     with:

diff --git a/provider-ci/test-providers/docker/.github/workflows/publish.yml b/provider-ci/test-providers/docker/.github/workflows/publish.yml
@@ -220,6 +220,8 @@ jobs:
   verify_release:
     name: verify_release
     needs: publish_sdk
+    permissions:
+      id-token: write
     uses: ./.github/workflows/verify-release.yml
     secrets: inherit
     with: