# Github Action ###### author: Fred # CI 目標： GitHub Action --> Github Package(Docker Image) # CD 目標： Github Package(Docker Image) --> Cloud Build --> K8s  ## GCP 端 1. GCP執行者需要擁有 Workload Identity Pool Admin `(roles/iam.workloadIdentityPoolAdmin)` 和 Service Account Admin `(roles/iam.serviceAccountAdmin) ` 2. Workload Identity Pools 新增 Pool 3. [啟用 IAM, Resource Manager, Service Account Credentials, and Security Token Service (STS) API。](https://console.cloud.google.com/flows/enableapi?apiid=iam.googleapis.com,cloudresourcemanager.googleapis.com,iamcredentials.googleapis.com,sts.googleapis.com&redirect=https://console.cloud.google.com) 4. ### Workload Identity Pools  ## 解決方案 1. [Github Example: Push GCR > GKE RollUp Deploy](https://docs.github.com/en/actions/deployment/deploying-to-your-cloud-provider/deploying-to-google-kubernetes-engine) ## 參考文獻 1. [Enabling keyless authentication from GitHub Actions](https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions) ###### tags: `github` `gcp`