ci: fix test-token-without-serviceaccount-succeeds rules (c259a8c6) · Commits · to be continuous... / tools / gcp-auth-provider

.gitlab-ci.yml

+5 −7

Original line number	Diff line number	Diff line
		@@ -185,16 +185,14 @@ test-token-without-serviceaccount-succeeds:
		variables:
		CI_JOB_JWT_V2: $CI_JOB_JWT_V2
		FF_NETWORK_PER_BUILD: 1
		GCP_PROJECT: $GCP_PROJECT_WO_SA
		GCP_PROJECT_NUMBER: $GCP_PROJECT_NUMBER_WO_SA
		id_tokens:
		CI_JOB_JWT_V2:
		aud: https://iam.googleapis.com/projects/${GCP_PROJECT_NUMBER}/locations/global/workloadIdentityPools/gitlab/providers/gitlab
		aud: https://iam.googleapis.com/projects/${GCP_PROJECT_NUMBER_WO_SA}/locations/global/workloadIdentityPools/gitlab/providers/gitlab
		services:
		- name: "$DOCKER_SNAPSHOT_IMAGE"
		alias: "gcp-auth-provider"
		variables:
		GCP_OIDC_PROVIDER: projects/${GCP_PROJECT_NUMBER}/locations/global/workloadIdentityPools/gitlab/providers/gitlab
		GCP_OIDC_PROVIDER: projects/${GCP_PROJECT_NUMBER_WO_SA}/locations/global/workloadIdentityPools/gitlab/providers/gitlab
		GCP_OIDC_ACCOUNT: ""
		script:
		- \|
		@@ -202,9 +200,9 @@ test-token-without-serviceaccount-succeeds:
		assert_eq "200" $response_status "$(cat resp.txt)"
		token=$(cat resp.txt)

		response_status=$(curl -s -o resp.txt -w "%{http_code}" -H "Authorization: Bearer $token" "https://cloudresourcemanager.googleapis.com/v1/projects/$GCP_PROJECT")
		response_status=$(curl -s -o resp.txt -w "%{http_code}" -H "Authorization: Bearer $token" "https://cloudresourcemanager.googleapis.com/v1/projects/$GCP_PROJECT_WO_SA")
		assert_eq "200" $response_status
		project_id_result=$(cat resp.txt \| jq -r .projectId)
		assert_eq "$GCP_PROJECT" $project_id_result
		assert_eq "$GCP_PROJECT_WO_SA" $project_id_result
		rules:
		- if: '"$GCP_PROJECT" && "$GCP_PROJECT_NUMBER"'
		- if: '$GCP_PROJECT_WO_SA && $GCP_PROJECT_NUMBER_WO_SA'