Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Service Usage Consumer role to GitHub Actions service account #6895

Merged
merged 3 commits into from
Mar 26, 2024
Merged

Add Service Usage Consumer role to GitHub Actions service account #6895

merged 3 commits into from
Mar 26, 2024

Conversation

aalej
Copy link
Contributor

@aalej aalej commented Mar 20, 2024
edited
Loading

Description

Adresses #6828

Grant the Service Account the roles/serviceusage.serviceUsageConsumer role to grant permission to use enabled Google Cloud services on the quota project.

My guess is that the since we specified in #6819 to use the user project for the quota, the service account makes a request against the user project. Granting the service account the permission to use the quota project should allow it to make requests against the quota project.

Scenarios Tested

Test case used: https://github.com/aalej/issues-6828-attempt-1

Manual - Verify if adding the role lets the pull requests automatically add the hosting preview domain to the Auth domain

  1. Manually adding the roles/serviceusage.serviceUsageConsumer to the service account
  2. Created a PR Branch 0 changes aalej/issues-6828-attempt-1#1

Via firebase init - Verify if the changes made will automatically add the Service Usage Consumer role by default on setup

  1. Run firebase init hosting:github
    • Newly created service account should have the "Service Usage Consumer"(roles/serviceusage.serviceUsageConsumer) role
  2. Created a PR Rerun fb init hg aalej/issues-6828-attempt-1#4

Notes

This will not fix issues if the GitHub action service account was created using firebase-tools v13.4.0 onwards and prior to this. Users would need to manually add the roles/serviceusage.serviceUsageConsumer to the service Account

@codecov-commenter
Copy link

codecov-commenter commented Mar 20, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 54.52%. Comparing base (4c1bd42) to head (146333d).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #6895   +/-   ##
=======================================
  Coverage   54.52%   54.52%           
=======================================
  Files         353      353           
  Lines       24655    24655           
  Branches     5095     5095           
=======================================
  Hits        13442    13442           
  Misses       9994     9994           
  Partials     1219     1219

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@joehan joehan merged commit ccab9b7 into master Mar 26, 2024
35 checks passed
@joehan joehan deleted the aalej-gha-sa-role branch March 26, 2024 19:25
@Splaktar Splaktar mentioned this pull request May 1, 2024
Open
@rosera rosera mentioned this pull request May 22, 2024
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joehan joehan joehan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aalej @codecov-commenter @joehan