-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgenerate-credentials.sh
More file actions
39 lines (32 loc) · 1.29 KB
/
generate-credentials.sh
File metadata and controls
39 lines (32 loc) · 1.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/bin/bash
# Configuration
SERVICE_ACCOUNT_NAME="github-actions-deployer"
PROJECT_ID="music-research-483121" # Hardcoded based on user's existing deploy command, or could be passed as arg
KEY_FILE="key.json"
echo "Creating Service Account: ${SERVICE_ACCOUNT_NAME} in project ${PROJECT_ID}..."
# Create the service account
gcloud iam service-accounts create "${SERVICE_ACCOUNT_NAME}" \
--description="Service account for GitHub Actions deployment" \
--display-name="GitHub Actions Deployer" \
--project="${PROJECT_ID}"
# Grant necessary roles
ROLES=(
"roles/run.admin"
"roles/storage.admin"
"roles/cloudbuild.builds.editor"
"roles/iam.serviceAccountUser"
"roles/artifactregistry.admin"
"roles/serviceusage.serviceUsageConsumer"
)
for role in "${ROLES[@]}"; do
echo "Granting role: ${role}..."
gcloud projects add-iam-policy-binding "${PROJECT_ID}" \
--member="serviceAccount:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com" \
--role="${role}"
done
echo "Generating JSON key..."
gcloud iam service-accounts keys create "${KEY_FILE}" \
--iam-account="${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com" \
--project="${PROJECT_ID}"
echo "Done! The key is saved to ${KEY_FILE}."
echo "Please add the content of ${KEY_FILE} to your GitHub Secrets as GCP_SA_KEY."