auth VS github-workflows-kt

This workflow will authenticate with Google Cloud using the Google Cloud auth GitHub Action and use Docker to authenticate and push to the registry. To make this workflow work (or flow?) we need to set up some Google Cloud resources and add in those values for our environment variables. Make sure to add in the value for PROJECT_ID where you have permission to create resources. The value for IMAGE_NAME can be anything — it’ll be created the first time this workflow runs:

The issue of integration with other tools is also quite strange. Of course, this is not directly related to github actions. For example, what needs to be done to use cloud run https://github.com/google-github-actions/auth#setting-up-wor...

While it is commonly associated with AWS, and their AWS IAM service, IAM is not limited to their platform. All cloud providers, such as Google Cloud and Azure DevOps, offer IAM solutions that allow users to access resources and systems. If you are looking for specific AWS IAM best practices, look no further than our AWS IAM Security Best Practices article:\ For the rest of this article, we will look at the generic best practices that have evolved over the last decade around each part of the basic question we started with, "who can access what?":

I found this but I don't quite get how it works. I haven't done all the steps yet but I get how to set it up. I just don't understand how this just magically authenticates future steps since my code still needs a token. Should I use this to authenticate the script? If so, how do I do it and what would I need in my code? If not what should I use instead?

Cloud Identity and Access Management: This service provides fine-grained control over who has access to what resources within an organization's Google Cloud environment. It can be used to quickly revoke access to compromised accounts or limit access to sensitive resources. https://cloud.google.com/iam

I use google-github-actions/auth in the first step in my job to authenticate to GCP. At this point, I have 6 different GitHub secrets to test out the concept. Each branch has two secrets with the format BRANCH_WIP and BRANCH_SA.

There are 2 core parts authentication to GCP and App Engine deployment. Authentication is performed using auth, while a deployment uses deploy-appengine.

You should have a look at using workload identity federation and OIDC tokens. There’s a guide on https://github.com/google-github-actions/auth It means you no longer need to hardcode service account credentials in GitHub secrets anymore.

Yes, there is a deploy-appengine action that automates the whole App Engine deployment process. Indeed, it uses gcloud commands underneath too. Either way, both approaches need an auth action to authenticate to GCP before any task can be performed.

We use Kotlin to generate the yaml for our github actions: https://github.com/typesafegithub/github-workflows-kt

Nothing like a good old type safe compiled language to cut down on the verbosity, copy paste usage, silly syntax errors, weird undocumented you just have to know the magical incantations, etc. Kotlin or similar languages are the way to go. Much safer, more compact, easier to cut down on the copy paste reuse (which is just miserable drudgery), easy to introduce some sane abstractions where that makes sense. You get auto completion. And if it compiles, it's likely to just work.

People keep on moving around the deck chairs on the proverbial Titanic when it comes to configuration languages. Substituting yaml for json or toml just moves the problems. And substituting those with XML just introduces other issues and only marginally improves things. Well formed xml is nice. But so is well formed json. Schemas help, if the urls don't 404 and you have tools that can actually do something with them. Which, as it turns out is mostly not a thing in practice. And without that, it's just repetitive bloat. XML with schemas becomes very hard to read quickly.

There's a reason, people started ignoring XML once json became popular: json does most of the essential stuff well enough that XML just isn't worth the effort. And if you have something where you'd actually need the complexity of XML, it's likely to be some really ugly bloated kind of thing where the last thing you'd want to do is edit it manually.

I've dealt with cloudformation in XML form at some point in my life. It sucks. Not just a little bit. It's an absolute piss poor format for a thing like that. Since such a thing was lacking at the time, we ended up actually building our own little tools to generate that xml. Hand editing it was just too painful. One mistake could corrupt your entire stack. And it takes ages to find out if you actually got it right. In Json form it's hardly any better. It's just one of those convoluted over-engineered things. Anyway, Json support for cloudformation was not there at the time and the difference is like asking whether you'd preferred to be shot or stabbed. It's going to suck either way.

github-workflows-kt is a tool for creating GitHub Actions workflows in a type-safe script, helping you to build robust workflows for your GitHub projects without mistakes, with pleasure, in Kotlin.

The github-workflows-kt project uses Kotlin scripting, and it recommends doing everything using main.kts, because it's easier.

I use matrix tests with github actions to test my kt-search client with different versions of elastisearch and opensearch. Pretty easy to set up: https://github.com/jillesvangurp/kt-search/blob/master/.gith...

Basically it fires up elasticsearch using docker-compose and then the integration tests run against that. You could use a similar strategy to test different feature flag combinations.

For some of our private projects, we use kts to generate the github action yaml files using this: https://github.com/krzema12/github-workflows-kt

Well worth checking out if you have more complex workflows. Yaml is just horrible in terms of copy paste reuse. Also nice to get some compile time safety and auto complete with our action files.

One of my team members, Nikky, got annoyed with the verbosity and insane amount of copy-paste reuse needed to drive Github Actions. And true to her nature, promptly fixed it by using and contributing to GitHub Actions Kotlin DSL

GitHub: https://github.com/krzema12/github-actions-kotlin-dsl