Job failure without any useful messages
This issue has been tracked since 2021-12-15.
TL;DR
Hello.
I am trying to setup this action with the new Workload Identity Federation for the first time. So most probably I have multiple things incorrectly configured in my GC project but the setup action fails without any clear indication what might be the problem so I am clueless at this point about what to do.
Error: google-github-actions/setup-gcloud failed with: The process '/opt/hostedtoolcache/gcloud/367.0.0/x64/bin/gcloud' failed with exit code 1
This is the only message I have. Is there a way to make the action log more things or do you have any idea why I only have this message in the logs and nothing else?
Expected behavior
Useful message about what went wrong and the setup action fails.
Observed behavior
No response
Action YAML
gcloud-storage-auth:
name: gcloud storage auth
runs-on: ubuntu-20.04
permissions:
id-token: write
contents: read
steps:
- name: Set up Cloud Auth
uses: google-github-actions/[email protected]
with:
workload_identity_provider: 'projects/***********/locations/global/workloadIdentityPools/***********/providers/************'
service_account: '***************'
- name: Set up Cloud SDK
uses: google-github-actions/[email protected]
- run: gcloud infoAdditional information
No response
sethvargo wrote this answer on
2021-12-15
Hi @mortargrind - thank you for opening an issue. I just tried to run your workflow and it worked without error:
2021-12-15T15:59:57.8949392Z Found online and idle hosted runner in the current repository's organization account that matches the required labels: 'ubuntu-20.04'
2021-12-15T15:59:57.9989357Z Waiting for a Hosted runner in the 'organization' to pick this job...
2021-12-15T15:59:58.4829141Z Job is waiting for a hosted runner to come online.
2021-12-15T16:00:03.4333783Z Job is about to start running on the hosted runner: Hosted Agent (hosted)
2021-12-15T16:00:08.8990216Z Current runner version: '2.285.1'
2021-12-15T16:00:08.9019824Z ##[group]Operating System
2021-12-15T16:00:08.9020836Z Ubuntu
2021-12-15T16:00:08.9021257Z 20.04.3
2021-12-15T16:00:08.9021767Z LTS
2021-12-15T16:00:08.9022203Z ##[endgroup]
2021-12-15T16:00:08.9022775Z ##[group]Virtual Environment
2021-12-15T16:00:08.9023830Z Environment: ubuntu-20.04
2021-12-15T16:00:08.9024401Z Version: 20211214.2
2021-12-15T16:00:08.9025516Z Included Software: https://github.com/actions/virtual-environments/blob/ubuntu20/20211214.2/images/linux/Ubuntu2004-README.md
2021-12-15T16:00:08.9031187Z Image Release: https://github.com/actions/virtual-environments/releases/tag/ubuntu20%2F20211214.2
2021-12-15T16:00:08.9033337Z ##[endgroup]
2021-12-15T16:00:08.9034079Z ##[group]Virtual Environment Provisioner
2021-12-15T16:00:08.9035048Z 1.0.0.0-main-20211208-1
2021-12-15T16:00:08.9035636Z ##[endgroup]
2021-12-15T16:00:08.9036959Z ##[group]GITHUB_TOKEN Permissions
2021-12-15T16:00:08.9038223Z Contents: read
2021-12-15T16:00:08.9038851Z Metadata: read
2021-12-15T16:00:08.9039589Z ##[endgroup]
2021-12-15T16:00:08.9042600Z Secret source: Actions
2021-12-15T16:00:08.9043617Z Prepare workflow directory
2021-12-15T16:00:08.9703171Z Prepare all required actions
2021-12-15T16:00:08.9714034Z Getting action download info
2021-12-15T16:00:09.3076077Z Download action repository 'google-github-actions/[email protected]' (SHA:d03480e8adf23ba8516d4c7ab68bc68999d5f0ae)
2021-12-15T16:00:10.9711101Z Download action repository 'google-github-actions/[email protected]' (SHA:a45a0825993ace67ae6e11cf3011b3e7d6795f82)
2021-12-15T16:00:11.5759240Z ##[group]Run google-github-actions/[email protected]
2021-12-15T16:00:11.5759982Z with:
2021-12-15T16:00:11.5760365Z token_format: access_token
2021-12-15T16:00:11.5761181Z workload_identity_provider: projects/934383380446/locations/global/workloadIdentityPools/my-pool/providers/my-provider
2021-12-15T16:00:11.5762556Z service_account: [email protected]
2021-12-15T16:00:11.5763424Z create_credentials_file: true
2021-12-15T16:00:11.5763958Z cleanup_credentials: true
2021-12-15T16:00:11.5764546Z access_token_lifetime: 3600s
2021-12-15T16:00:11.5765246Z access_token_scopes: https://www.googleapis.com/auth/cloud-platform
2021-12-15T16:00:11.5765958Z id_token_include_email: false
2021-12-15T16:00:11.5766348Z ##[endgroup]
2021-12-15T16:00:11.9200076Z
2021-12-15T16:00:11.9235995Z
2021-12-15T16:00:12.1544068Z
2021-12-15T16:00:12.1545679Z
2021-12-15T16:00:12.1686297Z ##[group]Run google-github-actions/[email protected]
2021-12-15T16:00:12.1686897Z with:
2021-12-15T16:00:12.1687255Z version: latest
2021-12-15T16:00:12.1687719Z export_default_credentials: false
2021-12-15T16:00:12.1688216Z cleanup_credentials: true
2021-12-15T16:00:12.1688612Z env:
2021-12-15T16:00:12.1689428Z CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/gh-actions-testing/gh-actions-testing/d6851bbdd83c3cf795e3794f
2021-12-15T16:00:12.1690694Z GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/gh-actions-testing/gh-actions-testing/d6851bbdd83c3cf795e3794f
2021-12-15T16:00:12.1691896Z GOOGLE_GHA_CREDS_PATH: /home/runner/work/gh-actions-testing/gh-actions-testing/d6851bbdd83c3cf795e3794f
2021-12-15T16:00:12.1692723Z CLOUDSDK_PROJECT: sv-wif-test2
2021-12-15T16:00:12.1693255Z CLOUDSDK_CORE_PROJECT: sv-wif-test2
2021-12-15T16:00:12.1693759Z GCP_PROJECT: sv-wif-test2
2021-12-15T16:00:12.1694228Z GCLOUD_PROJECT: sv-wif-test2
2021-12-15T16:00:12.1694762Z GOOGLE_CLOUD_PROJECT: sv-wif-test2
2021-12-15T16:00:12.1695198Z ##[endgroup]
2021-12-15T16:00:13.2906622Z [command]/usr/bin/tar xz --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/a39a7935-931a-4fae-9dc2-b98bda84cec6 -f /home/runner/work/_temp/2804ad41-7bee-4325-bd13-02dc516810db
2021-12-15T16:00:25.5237825Z ##[group]Run gcloud info
2021-12-15T16:00:25.5238613Z �[36;1mgcloud info�[0m
2021-12-15T16:00:25.5285792Z shell: /usr/bin/bash -e {0}
2021-12-15T16:00:25.5286321Z env:
2021-12-15T16:00:25.5287158Z CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/gh-actions-testing/gh-actions-testing/d6851bbdd83c3cf795e3794f
2021-12-15T16:00:25.5288744Z GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/gh-actions-testing/gh-actions-testing/d6851bbdd83c3cf795e3794f
2021-12-15T16:00:25.5290062Z GOOGLE_GHA_CREDS_PATH: /home/runner/work/gh-actions-testing/gh-actions-testing/d6851bbdd83c3cf795e3794f
2021-12-15T16:00:25.5290966Z CLOUDSDK_PROJECT: sv-wif-test2
2021-12-15T16:00:25.5291511Z CLOUDSDK_CORE_PROJECT: sv-wif-test2
2021-12-15T16:00:25.5292084Z GCP_PROJECT: sv-wif-test2
2021-12-15T16:00:25.5292659Z GCLOUD_PROJECT: sv-wif-test2
2021-12-15T16:00:25.5293243Z GOOGLE_CLOUD_PROJECT: sv-wif-test2
2021-12-15T16:00:25.5294092Z CLOUDSDK_METRICS_ENVIRONMENT: github-actions-setup-gcloud
2021-12-15T16:00:25.5294794Z ##[endgroup]
2021-12-15T16:00:26.0750221Z Google Cloud SDK [367.0.0]
2021-12-15T16:00:26.0751730Z
2021-12-15T16:00:26.0754458Z Platform: [Linux, x86_64] uname_result(system='Linux', node='fv-az210-748', release='5.11.0-1022-azure', version='#23~20.04.1-Ubuntu SMP Fri Nov 19 10:20:52 UTC 2021', machine='x86_64', processor='x86_64')
2021-12-15T16:00:26.0756675Z Locale: ('en_US', 'UTF-8')
2021-12-15T16:00:26.0758098Z Python Version: [3.8.10 (default, Sep 28 2021, 16:10:42) [GCC 9.3.0]]
2021-12-15T16:00:26.0762332Z Python Location: [/usr/bin/python3]
2021-12-15T16:00:26.0763078Z OpenSSL: [OpenSSL 1.1.1f 31 Mar 2020]
2021-12-15T16:00:26.0763659Z Requests Version: [2.22.0]
2021-12-15T16:00:26.0764398Z urllib3 Version: [1.25.9]
2021-12-15T16:00:26.0765031Z Site Packages: [Disabled]
2021-12-15T16:00:26.0765389Z
2021-12-15T16:00:26.0765997Z Installation Root: [/opt/hostedtoolcache/gcloud/367.0.0/x64]
2021-12-15T16:00:26.0766676Z Installed Components:
2021-12-15T16:00:26.0767232Z bq: [2.0.72]
2021-12-15T16:00:26.0767705Z core: [2021.12.10]
2021-12-15T16:00:26.0768148Z gsutil: [5.5]
2021-12-15T16:00:26.0769756Z System PATH: [/opt/hostedtoolcache/gcloud/367.0.0/x64/bin:/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin:/home/runner/.local/bin:/opt/pipx_bin:/home/runner/.cargo/bin:/home/runner/.config/composer/vendor/bin:/usr/local/.ghcup/bin:/home/runner/.dotnet/tools:/snap/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin]
2021-12-15T16:00:26.0772472Z Python PATH: [/opt/hostedtoolcache/gcloud/367.0.0/x64/lib/third_party:/opt/hostedtoolcache/gcloud/367.0.0/x64/lib:/usr/lib/python38.zip:/usr/lib/python3.8:/usr/lib/python3.8/lib-dynload]
2021-12-15T16:00:26.0773650Z Cloud SDK on PATH: [True]
2021-12-15T16:00:26.0774247Z Kubectl on PATH: [/usr/local/bin/kubectl]
2021-12-15T16:00:26.0774633Z
2021-12-15T16:00:26.0775306Z WARNING: There are other instances of the Google Cloud Platform tools on your system PATH.
2021-12-15T16:00:26.0776559Z /usr/lib/google-cloud-sdk/bin/docker-credential-gcloud
2021-12-15T16:00:26.0777803Z /usr/lib/google-cloud-sdk/bin/git-credential-gcloud.sh
2021-12-15T16:00:26.0778811Z /usr/lib/google-cloud-sdk/bin/bq
2021-12-15T16:00:26.0779625Z /usr/lib/google-cloud-sdk/bin/gsutil
2021-12-15T16:00:26.0780519Z /usr/lib/google-cloud-sdk/bin/anthoscli
2021-12-15T16:00:26.0781390Z /usr/lib/google-cloud-sdk/bin/gcloud
2021-12-15T16:00:26.0781831Z
2021-12-15T16:00:26.0784914Z Installation Properties: [/opt/hostedtoolcache/gcloud/367.0.0/x64/properties]
2021-12-15T16:00:26.0786008Z User Config Directory: [/home/runner/.config/gcloud]
2021-12-15T16:00:26.0786721Z Active Configuration Name: [default]
2021-12-15T16:00:26.0787559Z Active Configuration Path: [/home/runner/.config/gcloud/configurations/config_default]
2021-12-15T16:00:26.0788322Z
2021-12-15T16:00:26.0790945Z Account: [[email protected]]
2021-12-15T16:00:26.0794202Z Project: [sv-wif-test2]
2021-12-15T16:00:26.0794844Z
2021-12-15T16:00:26.0795340Z Current Properties:
2021-12-15T16:00:26.0795821Z [auth]
2021-12-15T16:00:26.0797170Z credential_file_override: [/home/runner/work/gh-actions-testing/gh-actions-testing/d6851bbdd83c3cf795e3794f]
2021-12-15T16:00:26.0798253Z [core]
2021-12-15T16:00:26.0799396Z account: [[email protected]]
2021-12-15T16:00:26.0800394Z disable_usage_reporting: [True]
2021-12-15T16:00:26.0801234Z project: [sv-wif-test2]
2021-12-15T16:00:26.0801720Z [metrics]
2021-12-15T16:00:26.0802623Z environment: [github-actions-setup-gcloud]
2021-12-15T16:00:26.0803184Z
2021-12-15T16:00:26.0803742Z Logs Directory: [/home/runner/.config/gcloud/logs]
2021-12-15T16:00:26.0804441Z Last Log File: [/home/runner/.config/gcloud/logs/2021.12.15/16.00.24.794533.log]
2021-12-15T16:00:26.0804938Z
2021-12-15T16:00:26.0805386Z git: [git version 2.34.1]
2021-12-15T16:00:26.0806316Z ssh: [OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f 31 Mar 2020]
2021-12-15T16:00:26.0806760Z
2021-12-15T16:00:26.0807026Z
2021-12-15T16:00:26.1733527Z Post job cleanup.
2021-12-15T16:00:26.2347336Z Removed exported credentials at /home/runner/work/gh-actions-testing/gh-actions-testing/d6851bbdd83c3cf795e3794f
2021-12-15T16:00:26.2563952Z Post job cleanup.
2021-12-15T16:00:26.3058698Z No exported credentials found
2021-12-15T16:00:26.31091
80Z Cleaning up orphan processes
If you click on the "settings" icon in the top of the page, you can "view raw logs" which will show more output:
mortargrind wrote this answer on
2021-12-15
Thank you for your quick response.
Yeah I've checked that already (with and without debugging secret set true)
Here's what I have:
2021-12-15T17:42:57.0589191Z Found online and idle hosted runner in the current repository's enterprise account that matches the required labels: 'ubuntu-20.04'
2021-12-15T17:42:57.1225807Z Waiting for a Hosted runner in the 'enterprise' to pick this job...
2021-12-15T17:42:57.6322704Z Job is waiting for a hosted runner to come online.
2021-12-15T17:43:02.7371294Z Job is about to start running on the hosted runner: GitHub Actions 4 (hosted)
2021-12-15T17:43:07.7984030Z Current runner version: '2.285.1'
2021-12-15T17:43:07.8017707Z ##[group]Operating System
2021-12-15T17:43:07.8018695Z Ubuntu
2021-12-15T17:43:07.8019106Z 20.04.3
2021-12-15T17:43:07.8019615Z LTS
2021-12-15T17:43:07.8020095Z ##[endgroup]
2021-12-15T17:43:07.8020609Z ##[group]Virtual Environment
2021-12-15T17:43:07.8021295Z Environment: ubuntu-20.04
2021-12-15T17:43:07.8021854Z Version: 20211209.3
2021-12-15T17:43:07.8022824Z Included Software: https://github.com/actions/virtual-environments/blob/ubuntu20/20211209.3/images/linux/Ubuntu2004-README.md
2021-12-15T17:43:07.8024169Z Image Release: https://github.com/actions/virtual-environments/releases/tag/ubuntu20%2F20211209.3
2021-12-15T17:43:07.8025063Z ##[endgroup]
2021-12-15T17:43:07.8025632Z ##[group]Virtual Environment Provisioner
2021-12-15T17:43:07.8026259Z 1.0.0.0-main-20211208-1
2021-12-15T17:43:07.8026803Z ##[endgroup]
2021-12-15T17:43:07.8028069Z ##[group]GITHUB_TOKEN Permissions
2021-12-15T17:43:07.8029325Z Contents: read
2021-12-15T17:43:07.8029944Z Metadata: read
2021-12-15T17:43:07.8030896Z ##[endgroup]
2021-12-15T17:43:07.8033975Z Secret source: Actions
2021-12-15T17:43:07.8035542Z Prepare workflow directory
2021-12-15T17:43:07.9142866Z Prepare all required actions
2021-12-15T17:43:07.9154576Z Getting action download info
2021-12-15T17:43:08.2027200Z Download action repository 'google-github-actions/[email protected]' (SHA:d03480e8adf23ba8516d4c7ab68bc68999d5f0ae)
2021-12-15T17:43:10.0938325Z Download action repository 'google-github-actions/[email protected]' (SHA:a45a0825993ace67ae6e11cf3011b3e7d6795f82)
2021-12-15T17:43:10.5749685Z ##[group]Run google-github-actions/[email protected]
2021-12-15T17:43:10.5750924Z with:
2021-12-15T17:43:10.5752150Z workload_identity_provider: projects/********************/locations/global/workloadIdentityPools/********************/providers/********************
2021-12-15T17:43:10.5754370Z service_account: ********************
2021-12-15T17:43:10.5755640Z create_credentials_file: true
2021-12-15T17:43:10.5756237Z cleanup_credentials: true
2021-12-15T17:43:10.5756632Z access_token_lifetime: 3600s
2021-12-15T17:43:10.5757268Z access_token_scopes: https://www.googleapis.com/auth/cloud-platform
2021-12-15T17:43:10.5760799Z id_token_include_email: false
2021-12-15T17:43:10.5761263Z env:
2021-12-15T17:43:10.5762120Z DATAFRIDGE_URL: ********************
2021-12-15T17:43:10.5771101Z DATAFRIDGE_API_KEY: ***
2021-12-15T17:43:10.5771498Z K8S_HPA_MIN_REPLICAS: 2
2021-12-15T17:43:10.5772076Z K8S_HPA_MAX_REPLICAS: 10
2021-12-15T17:43:10.5772779Z ##[endgroup]
2021-12-15T17:43:10.9136543Z
2021-12-15T17:43:10.9144871Z
2021-12-15T17:43:10.9279749Z ##[group]Run google-github-actions/[email protected]
2021-12-15T17:43:10.9280499Z with:
2021-12-15T17:43:10.9280990Z version: latest
2021-12-15T17:43:10.9281433Z export_default_credentials: false
2021-12-15T17:43:10.9281920Z cleanup_credentials: true
2021-12-15T17:43:10.9282284Z env:
2021-12-15T17:43:10.9284081Z DATAFRIDGE_URL: ********************
2021-12-15T17:43:10.9294006Z DATAFRIDGE_API_KEY: ***
2021-12-15T17:43:10.9294586Z K8S_HPA_MIN_REPLICAS: 2
2021-12-15T17:43:10.9295069Z K8S_HPA_MAX_REPLICAS: 10
2021-12-15T17:43:10.9297002Z CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/dh-helpcenter-web-client/dh-helpcenter-web-client/********************
2021-12-15T17:43:10.9298528Z GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/dh-helpcenter-web-client/dh-helpcenter-web-client/********************
2021-12-15T17:43:10.9300224Z GOOGLE_GHA_CREDS_PATH: /home/runner/work/dh-helpcenter-web-client/dh-helpcenter-web-client/********************
2021-12-15T17:43:10.9301430Z CLOUDSDK_PROJECT: dh-helpcenter-staging
2021-12-15T17:43:10.9302103Z CLOUDSDK_CORE_PROJECT: dh-helpcenter-staging
2021-12-15T17:43:10.9302733Z GCP_PROJECT: dh-helpcenter-staging
2021-12-15T17:43:10.9303373Z GCLOUD_PROJECT: dh-helpcenter-staging
2021-12-15T17:43:10.9304277Z GOOGLE_CLOUD_PROJECT: dh-helpcenter-staging
2021-12-15T17:43:10.9305033Z ##[endgroup]
2021-12-15T17:43:12.2655423Z [command]/usr/bin/tar xz --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/288275c0-4617-4016-9818-26c635d5110a -f /home/runner/work/_temp/c9c4e856-d3db-4179-acbb-cfa2a45add29
2021-12-15T17:43:24.6874982Z ##[error]google-github-actions/setup-gcloud failed with: The process '/opt/hostedtoolcache/gcloud/367.0.0/x64/bin/gcloud' failed with exit code 1
2021-12-15T17:43:24.7076470Z Post job cleanup.
2021-12-15T17:43:24.7550583Z Removed exported credentials at /home/runner/work/dh-helpcenter-web-client/dh-helpcenter-web-client/********************
2021-12-15T17:43:24.7693889Z Post job cleanup.
2021-12-15T17:43:24.8173317Z No exported credentials found
2021-12-15T17:43:24.8228181Z Cleaning up orphan processes
As you can see, only error is this:
2021-12-15T17:43:24.6874982Z ##[error]google-github-actions/setup-gcloud failed with: The process '/opt/hostedtoolcache/gcloud/367.0.0/x64/bin/gcloud' failed with exit code 1
sethvargo wrote this answer on
2021-12-15
mortargrind wrote this answer on
2021-12-15
You can find the exact job below. I have other jobs also in the same workflow YAML but this job is not depending on anything else:
gcloud-storage-auth:
name: gcloud storage auth
runs-on: ubuntu-20.04
permissions:
id-token: write
contents: read
steps:
# - run: python --version
# - run: python3 --version
# - uses: actions/[email protected]
- name: Set up Cloud Auth
uses: google-github-actions/[email protected]
with:
workload_identity_provider: 'projects/********/locations/global/workloadIdentityPools/************/providers/**********'
service_account: '************'
- name: Set up Cloud SDK
uses: google-github-actions/[email protected]
- run: gcloud info
sethvargo wrote this answer on
2021-12-15
Hi @mortargrind
Please share your complete action.yml file, not just the job section.
I copy-pasted your job at https://github.com/sethvargo/actions-test and you can see it runs without error.
mortargrind wrote this answer on
2021-12-15
I've moved it into it's own workflow file, I still got the same result:
workflow:
name: GCloud & Setup
on:
push:
branches: [main, development]
pull_request:
branches: [development]
env:
DATAFRIDGE_URL: https://ingester.api.thedatafridge.com
DATAFRIDGE_API_KEY: ${{ secrets.DATAFRIDGE_API_KEY }}
K8S_HPA_MIN_REPLICAS: 2
K8S_HPA_MAX_REPLICAS: 10
jobs:
gcloud-storage-auth:
name: gcloud storage auth
runs-on: ubuntu-20.04
permissions:
id-token: write
contents: read
steps:
- name: Set up Cloud Auth
uses: google-github-actions/[email protected]
with:
workload_identity_provider: 'projects/************/locations/global/workloadIdentityPools/************/providers/************'
service_account: '************'
- name: Set up Cloud SDK
uses: google-github-actions/[email protected]
- run: gcloud info
Raw logs:
2021-12-15T21:15:37.4530218Z Found online and idle hosted runner in the current repository's enterprise account that matches the required labels: 'ubuntu-20.04'
2021-12-15T21:15:37.5169746Z Waiting for a Hosted runner in the 'enterprise' to pick this job...
2021-12-15T21:15:38.1379262Z Job is waiting for a hosted runner to come online.
2021-12-15T21:15:42.0281327Z Job is about to start running on the hosted runner: GitHub Actions 7 (hosted)
2021-12-15T21:15:47.1770922Z Current runner version: '2.285.1'
2021-12-15T21:15:47.1798594Z ##[group]Operating System
2021-12-15T21:15:47.1799466Z Ubuntu
2021-12-15T21:15:47.1799886Z 20.04.3
2021-12-15T21:15:47.1800246Z LTS
2021-12-15T21:15:47.1800744Z ##[endgroup]
2021-12-15T21:15:47.1801231Z ##[group]Virtual Environment
2021-12-15T21:15:47.1801846Z Environment: ubuntu-20.04
2021-12-15T21:15:47.1802364Z Version: 20211209.3
2021-12-15T21:15:47.1803235Z Included Software: https://github.com/actions/virtual-environments/blob/ubuntu20/20211209.3/images/linux/Ubuntu2004-README.md
2021-12-15T21:15:47.1804501Z Image Release: https://github.com/actions/virtual-environments/releases/tag/ubuntu20%2F20211209.3
2021-12-15T21:15:47.1805323Z ##[endgroup]
2021-12-15T21:15:47.1805895Z ##[group]Virtual Environment Provisioner
2021-12-15T21:15:47.1806430Z 1.0.0.0-main-20211208-1
2021-12-15T21:15:47.1806924Z ##[endgroup]
2021-12-15T21:15:47.1808048Z ##[group]GITHUB_TOKEN Permissions
2021-12-15T21:15:47.1809068Z Contents: read
2021-12-15T21:15:47.1809626Z Metadata: read
2021-12-15T21:15:47.1810246Z ##[endgroup]
2021-12-15T21:15:47.1812921Z Secret source: Actions
2021-12-15T21:15:47.1813823Z Prepare workflow directory
2021-12-15T21:15:47.2641101Z Prepare all required actions
2021-12-15T21:15:47.2649837Z Getting action download info
2021-12-15T21:15:47.5317134Z Download action repository 'google-github-actions/[email protected]' (SHA:d03480e8adf23ba8516d4c7ab68bc68999d5f0ae)
2021-12-15T21:15:49.1757548Z Download action repository 'google-github-actions/[email protected]' (SHA:a45a0825993ace67ae6e11cf3011b3e7d6795f82)
2021-12-15T21:15:49.8077325Z ##[group]Run google-github-actions/[email protected]
2021-12-15T21:15:49.8077942Z with:
2021-12-15T21:15:49.8078901Z workload_identity_provider: projects/************/locations/global/workloadIdentityPools/************/providers/************
2021-12-15T21:15:49.8080539Z service_account: ************
2021-12-15T21:15:49.8081585Z create_credentials_file: true
2021-12-15T21:15:49.8082050Z cleanup_credentials: true
2021-12-15T21:15:49.8082472Z access_token_lifetime: 3600s
2021-12-15T21:15:49.8083114Z access_token_scopes: https://www.googleapis.com/auth/cloud-platform
2021-12-15T21:15:49.8083765Z id_token_include_email: false
2021-12-15T21:15:49.8084113Z env:
2021-12-15T21:15:49.8084760Z DATAFRIDGE_URL: https://ingester.api.thedatafridge.com
2021-12-15T21:15:49.8091069Z DATAFRIDGE_API_KEY: ***
2021-12-15T21:15:49.8091462Z K8S_HPA_MIN_REPLICAS: 2
2021-12-15T21:15:49.8091872Z K8S_HPA_MAX_REPLICAS: 10
2021-12-15T21:15:49.8092229Z ##[endgroup]
2021-12-15T21:15:50.1138133Z
2021-12-15T21:15:50.1157775Z
2021-12-15T21:15:50.1238161Z ##[group]Run google-github-actions/[email protected]
2021-12-15T21:15:50.1238662Z with:
2021-12-15T21:15:50.1238986Z version: latest
2021-12-15T21:15:50.1239407Z export_default_credentials: false
2021-12-15T21:15:50.1239855Z cleanup_credentials: true
2021-12-15T21:15:50.1240217Z env:
2021-12-15T21:15:50.1240893Z DATAFRIDGE_URL: https://ingester.api.thedatafridge.com
2021-12-15T21:15:50.1247096Z DATAFRIDGE_API_KEY: ***
2021-12-15T21:15:50.1247476Z K8S_HPA_MIN_REPLICAS: 2
2021-12-15T21:15:50.1247857Z K8S_HPA_MAX_REPLICAS: 10
2021-12-15T21:15:50.1248708Z CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/dh-helpcenter-web-client/dh-helpcenter-web-client/3692395344363cdd4d94ff06
2021-12-15T21:15:50.1249995Z GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/dh-helpcenter-web-client/dh-helpcenter-web-client/************
2021-12-15T21:15:50.1251231Z GOOGLE_GHA_CREDS_PATH: /home/runner/work/dh-helpcenter-web-client/dh-helpcenter-web-client/************
2021-12-15T21:15:50.1252125Z CLOUDSDK_PROJECT: dh-helpcenter-staging
2021-12-15T21:15:50.1252735Z CLOUDSDK_CORE_PROJECT: dh-helpcenter-staging
2021-12-15T21:15:50.1253334Z GCP_PROJECT: dh-helpcenter-staging
2021-12-15T21:15:50.1253912Z GCLOUD_PROJECT: dh-helpcenter-staging
2021-12-15T21:15:50.1254503Z GOOGLE_CLOUD_PROJECT: dh-helpcenter-staging
2021-12-15T21:15:50.1255126Z ##[endgroup]
2021-12-15T21:15:51.0008841Z [command]/usr/bin/tar xz --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/cf74551a-6d81-4ce4-a31a-81785a1019e9 -f /home/runner/work/_temp/8228a471-8734-4875-8ec1-902d130619e7
2021-12-15T21:16:00.9573376Z ##[error]google-github-actions/setup-gcloud failed with: The process '/opt/hostedtoolcache/gcloud/367.0.0/x64/bin/gcloud' failed with exit code 1
2021-12-15T21:16:00.9792847Z Post job cleanup.
2021-12-15T21:16:01.0178908Z Removed exported credentials at /home/runner/work/dh-helpcenter-web-client/dh-helpcenter-web-client/************
2021-12-15T21:16:01.0320825Z Post job cleanup.
2021-12-15T21:16:01.0927898Z No exported credentials found
2021-12-15T21:16:01.0976039Z Cleaning up orphan processes
I think I most probably misconfigured some things with my workload identity provider on the Google Cloud console side, which is not a surprising thing for me
I've censored the service account & workload identity provider values here but if you need them to reproduce I can share.
sethvargo wrote this answer on
2021-12-15
You can check if you misconfigured WIF by forcing the auth action to generate a token (token_format: 'access_token'). If that succeeds, it means WIF is configured correctly.
I'm guessing the error is coming from https://github.com/google-github-actions/setup-cloud-sdk/blob/04fbc2623a9f633602980db975dae02c58a9cafa/src/index.ts#L199-L221, but I would have expected a different error message if that was the case.
This error appears to be coming from actions/toolcache, which I'm not sure how to best debug. /cc @bharathkkb
jketcham wrote this answer on
2021-12-16
I was just running into this myself, and your tip @sethvargo for forcing the auth action to generate a token helped show I had WIF configured incorrectly at first; in my IAM policy that gave the provider access to a service account, I left out the owner when defining my git repo (it should be formatted owner/repo in the IAM policy member (covered in step 8 in the Setting up Workload Identity Federation section).
In case it's helpful to anyone, the error the auth action surfaced looked like:
Error: google-github-actions/auth failed with: Error: Failed to generate Google Cloud access token for [email protected]: {
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
Once I fixed that problem with the IAM policy, auth and setup-gcloud were both able to complete successfully.
However, in my case I need to set export_default_credentials to true in order for some terraform commands to work in later steps, but it seems that isn't working with WIF. I get this error:
Run google-github-actions/[email protected]
/usr/bin/tar xz --warning=no-unknown-keyword --overwrite -C /runner/_work/_temp/770a7dc8-3fa6-49d4-9bb6-374c6a067202 -f /runner/_work/_temp/4c51f23e-cdbf-453f-9d69-d3b2dc5d2485
Successfully set default project
Error: google-github-actions/setup-gcloud failed with: Error parsing credentials: Unexpected end of JSON input
Ensure your credentials are base64 encoded or validate JSON format:
{
"type": "service_account",
"project_id": "project-id",
"private_key_id": "key-id",
"private_key": "-----BEGIN PRIVATE KEY-----\nprivate-key\n-----END PRIVATE KEY-----\n",
"client_email": "service-account-email",
"client_id": "client-id",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
}
Are there plans to make exporting default credentials possible when using WIF? Or will that functionality continue to be available only when using service account key JSON to authenticate? If it's the later, it'd be nice if the docs could state that explicitly.
sethvargo wrote this answer on
2021-12-16
However, in my case I need to set
export_default_credentialstotrue
For google-github-actions/auth, that is the default value. You shouldn't need to set it to true.
Make sure you're using the latest version of google-github-actions/setup-gcloud. You can pin to @v0 to float the latest version without breaking changes.
If you don't need gcloud, you can also skip setup-gcloud and use Terraform directly. Terraform will pick up the credentials file exported by auth. You only need setup-gcloud if you plan to run gcloud commands.
jketcham wrote this answer on
2021-12-16
Ah ok that makes sens @sethvargo , I went ahead and remove the setup-gcloud action from my workflow, but now I'm getting this error from terraform:
Error: storage.NewClient() failed: dialing: google: error getting credentials using GOOGLE_APPLICATION_CREDENTIALS environment variable: unknown credential type: "external_account"
And my auth step looks like:
- uses: google-github-actions/[email protected]
with:
workload_identity_provider: 'projects/xxx/locations/global/workloadIdentityPools/pool-ci-cd/providers/github-actions'
service_account: '[email protected]'
Would you know what might cause that? I saw a similar error mentioned here googleapis/repo-automation-bots#2752 but their fix wasn't clear.
I can open a new issue on the auth side too if that'd be better.
sethvargo wrote this answer on
2021-12-16
mbyrne00 wrote this answer on
2021-12-22
However, in my case I need to set
export_default_credentialstotrueFor
google-github-actions/auth, that is the default value. You shouldn't need to set it to true.Make sure you're using the latest version of
google-github-actions/setup-gcloud. You can pin to@v0to float the latest version without breaking changes.If you don't need gcloud, you can also skip
setup-gcloudand use Terraform directly. Terraform will pick up the credentials file exported byauth. You only needsetup-gcloudif you plan to rungcloudcommands.
Hi @sethvargo - the doco on this for the input options should mark export_default_credentials as Deprecated and make mention that the auth plugin exports it by default. It's not immediately obvious in the docs and when migrating from previous config to updated split config.
More Details About Repo
| Owner Name | google-github-actions |
| Repo Name | setup-gcloud |
| Full Name | google-github-actions/setup-gcloud |
| Language | TypeScript |
| Created Date | 2019-11-05 |
| Updated Date | 2023-03-23 |
| Star Count | 1505 |
| Watcher Count | 65 |
| Fork Count | 548 |
| Issue Count | 11 |
YOU MAY BE INTERESTED
| Issue Title | Created Date | Updated Date |
|---|