Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated troubleshooting to add permissions example #262

Merged
merged 2 commits into from Feb 21, 2023
Merged

Updated troubleshooting to add permissions example #262

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f782e27
Add another possible auth error cause to the list
bseib Feb 6, 2023
727e311
Use concrete terms for workflow permissions
bseib Feb 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
11 changes: 10 additions & 1 deletion docs/TROUBLESHOOTING.md
View file
Open in desktop
Expand Up @@ -35,7 +35,7 @@ further debug:
libraries. Please note that we do not have control over actions outside of
`google-github-actions`.

If your workflow _fails_ after adding the the step to generate an access token,
If your workflow _fails_ after adding the step to generate an access token,
it likely means there is a misconfiguration with Workload Identity. Here are
some common sources of errors:

Expand All @@ -55,6 +55,15 @@ some common sources of errors:
**number**. Workload Identity Federation does not accept Google Cloud
Project IDs.

1. Ensure that you have the correct `permissions:` for the job in your workflow, per
the [usage](../README.md#usage) docs, i.e.

```yaml
permissions:
contents: 'read'
id-token: 'write'
```

1. Ensure you have created an **Attribute Mapping** for any **Attribute
Conditions** or **Service Account Impersonation** principals. You cannot
create an Attribute Condition unless you map that value from the incoming
Expand Down