feat: skip GCP ADC authent when GCP_JWT is not present (b1703a70) · Commits · to be continuous... / dbt

templates/gitlab-ci-dbt-gcp.yml

+38 −34

Original line number	Diff line number	Diff line
		@@ -51,9 +51,11 @@ variables:
		GCP_PROD_OIDC_PROVIDER: $[[ inputs.gcp-prod-oidc-provider ]]

		.dbt-gcp-adc:
		- echo "Installing GCP authentication with env GOOGLE_APPLICATION_CREDENTIALS file"
		- echo $GCP_JWT > "$CI_BUILDS_DIR/.auth_token.jwt"
		- \|-
		- \|
		if [[ "$GCP_JWT" ]]
		then
		echo "Installing GCP authentication with env GOOGLE_APPLICATION_CREDENTIALS file"
		echo $GCP_JWT > "$CI_BUILDS_DIR/.auth_token.jwt"
		if [[ "$ENV_TYPE" ]]
		then
		case "$ENV_TYPE" in
		@@ -73,7 +75,6 @@ variables:
		fi
		oidc_provider="${env_oidc_provider:-$GCP_OIDC_PROVIDER}"
		oidc_account="${env_oidc_account:-$GCP_OIDC_ACCOUNT}"
		- \|-
		cat << EOF > "$CI_BUILDS_DIR/google_application_credentials.json"
		{
		"type": "external_account",
		@@ -86,7 +87,10 @@ variables:
		"service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${oidc_account}:generateAccessToken"
		}
		EOF
		- export GOOGLE_APPLICATION_CREDENTIALS="$CI_BUILDS_DIR/google_application_credentials.json"
		export GOOGLE_APPLICATION_CREDENTIALS="$CI_BUILDS_DIR/google_application_credentials.json"
		else
		echo '[WARN] $GCP_JWT is not set: cannot setup Application Default Credentials (ADC) authentication'
		fi

		.dbt-build:
		extends: .dbt-base