The publish-to-pypi workflow uses the google-github-actions/auth GitHub action to authenticate with Google Cloud (see the snippet below).
The Earth Engine smoke tests authenticate using workload identity federation.
See
this guide to
create a workload identity provider and populate the resulting service_account
and workload_identity_provider in your GitHub repository's Secrets and
Variables settings.
jobs:
smoke-test:
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: 3.11
- name: Authenticate with Google Cloud
uses: 'google-github-actions/auth@v2'
with:
service_account: ${{ secrets.SERVICE_ACCOUNT }}
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}The path to the credentials is stored in the
GOOGLE_APPLICATION_CREDENTIALS
environment variable. To authenticate and initialize Earth Engine using the
credentials, see the snippet below.
import json
import os
from google.auth import identity_pool
scopes = [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/earthengine",
]
path = os.environ["GOOGLE_APPLICATION_CREDENTIALS"]
info = json.load(open(path))
credentials = identity_pool.Credentials.from_info(info).with_scopes(scopes)
ee.Initialize(credentials, project=credentials.project_number)