Commit 92ae53a1 authored by Clement Bois's avatar Clement Bois
Browse files

Merge branch 'fix/gcp-variant' into 'master' 

fix(gcp): reduce scope of GCP App Default Creds script to template

Closes #102

See merge request to-be-continuous/python!139
parents 58c404ed 829bfcef

templates/gitlab-ci-python-gcp.yml

+22 −25
Original line number Diff line number Diff line
@@ -19,8 +19,7 @@ variables: 
  GCP_OIDC_ACCOUNT: $[[ inputs.gcp-oidc-account ]]

  GCP_OIDC_PROVIDER: $[[ inputs.gcp-oidc-provider ]]



.gcp-provider-auth:

  before_script:

.python-gcp-adc:

  - set -e

  - echo -e "[\\e[1;94mINFO\\e[0m] Installing GCP authentication with env GOOGLE_APPLICATION_CREDENTIALS file"

  - echo $GCP_JWT > "$CI_BUILDS_DIR/.auth_token.jwt"
@@ -39,21 +38,19 @@ variables: 
    EOF

  - export GOOGLE_APPLICATION_CREDENTIALS="$CI_BUILDS_DIR/google_application_credentials.json"





.python-base:

  image: $PYTHON_IMAGE

  services:

    - name: "$TBC_TRACKING_IMAGE"

      command: ["--service", "python", "7.8.1"]

  id_tokens:

    GCP_JWT:

      aud: "$GCP_OIDC_AUD"

  variables:

    GCP_JWT: $GCP_JWT

  before_script:

    - !reference [.gcp-provider-auth, before_script]

    - !reference [.python-scripts]

    - !reference [.python-gcp-adc]

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - cd ${PYTHON_PROJECT_DIR}

    - guess_build_system
 


  id_tokens:

    GCP_JWT:

      aud: "$GCP_OIDC_AUD"