Skip to content

Commit

Permalink
Updated troubleshooting to add permissions example (#262)
Browse files Browse the repository at this point in the history
<!--
Thank you for proposing a pull request! Please note that SOME TESTS WILL
LIKELY FAIL due to how GitHub exposes secrets in Pull Requests from
forks.
Someone from the team will review your Pull Request and respond.

Please describe your change and any implementation details below.
-->

Added another case that can cause `auth` to fail, helpful to users on
day one of using the tool and trying to understand what's happening.

Fixes
#260 (comment)
  • Loading branch information
bseib authored Feb 21, 2023
1 parent 1475a55 commit 483e21d
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion docs/TROUBLESHOOTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ further debug:
libraries. Please note that we do not have control over actions outside of
`google-github-actions`.

If your workflow _fails_ after adding the the step to generate an access token,
If your workflow _fails_ after adding the step to generate an access token,
it likely means there is a misconfiguration with Workload Identity. Here are
some common sources of errors:

Expand All @@ -55,6 +55,15 @@ some common sources of errors:
**number**. Workload Identity Federation does not accept Google Cloud
Project IDs.

1. Ensure that you have the correct `permissions:` for the job in your workflow, per
the [usage](../README.md#usage) docs, i.e.

```yaml
permissions:
contents: 'read'
id-token: 'write'
```

1. Ensure you have created an **Attribute Mapping** for any **Attribute
Conditions** or **Service Account Impersonation** principals. You cannot
create an Attribute Condition unless you map that value from the incoming
Expand Down

0 comments on commit 483e21d

Please sign in to comment.