From 2b58df8ed3346144edb10d320c0fedda21404018 Mon Sep 17 00:00:00 2001 From: tnazarew Date: Tue, 25 Nov 2025 13:03:52 +0100 Subject: [PATCH 1/8] change auth method to provider Signed-off-by: tnazarew --- .github/workflows/consumer_dataplex.yml | 13 +++++++++++-- .github/workflows/main_pr.yml | 6 ++++++ .github/workflows/producer_hive_dataproc.yml | 12 +++++++++++- .github/workflows/producer_spark_dataproc.yml | 12 +++++++++++- 4 files changed, 39 insertions(+), 4 deletions(-) diff --git a/.github/workflows/consumer_dataplex.yml b/.github/workflows/consumer_dataplex.yml index 551a7604..92954db0 100644 --- a/.github/workflows/consumer_dataplex.yml +++ b/.github/workflows/consumer_dataplex.yml @@ -4,11 +4,19 @@ on: workflow_call: secrets: gcpKey: - required: true + required: false inputs: release: description: "release tag of OpenLineage to use" type: string + workload_identity_provider: + description: "GCP Workload Identity Provider (if not using credentials_json)" + type: string + required: false + service_account: + description: "GCP Service Account email (if not using credentials_json)" + type: string + required: false permissions: contents: read @@ -29,6 +37,8 @@ jobs: id: gcp-auth uses: 'google-github-actions/auth@v2' with: + workload_identity_provider: '${{ inputs.workload_identity_provider }}' + service_account: '${{ inputs.service_account }}' credentials_json: '${{ secrets.gcpKey }}' - name: Install dependencies run: | @@ -50,4 +60,3 @@ jobs: name: dataplex-report path: dataplex-report.json retention-days: 1 - diff --git a/.github/workflows/main_pr.yml b/.github/workflows/main_pr.yml index e52f36af..1bd6ff24 100644 --- a/.github/workflows/main_pr.yml +++ b/.github/workflows/main_pr.yml @@ -116,6 +116,8 @@ jobs: gcpKey: ${{ secrets.GCP_SA_KEY }} with: release: ${{ needs.initialize_workflow.outputs.ol_release }} + workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} spark_dataproc: needs: initialize_workflow @@ -131,6 +133,8 @@ jobs: ol_release: ${{ matrix.openlineage_versions }} spark_release: ${{ matrix.component_version }} get-latest-snapshots: 'false' + workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} hive_dataproc: needs: initialize_workflow @@ -144,6 +148,8 @@ jobs: ol_release: ${{ matrix.openlineage_versions }} component_release: ${{ matrix.component_version }} get-latest-snapshots: 'false' + workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} ######## COLLECTION OF REPORTS AND EXECUTE APPROPRIATE ACTIONS ######## diff --git a/.github/workflows/producer_hive_dataproc.yml b/.github/workflows/producer_hive_dataproc.yml index 85991364..5d63f7e0 100644 --- a/.github/workflows/producer_hive_dataproc.yml +++ b/.github/workflows/producer_hive_dataproc.yml @@ -4,7 +4,7 @@ on: workflow_call: secrets: gcpKey: - required: true + required: false inputs: component_release: description: "release of hive dataproc to use" @@ -15,6 +15,14 @@ on: get-latest-snapshots: description: "Should the artifact be downloaded from maven repo or circleci" type: string + workload_identity_provider: + description: "GCP Workload Identity Provider (if not using credentials_json)" + type: string + required: false + service_account: + description: "GCP Service Account email (if not using credentials_json)" + type: string + required: false jobs: run-hive-tests: @@ -47,6 +55,8 @@ jobs: if: ${{ steps.init.outputs.scenarios }} uses: 'google-github-actions/auth@v2' with: + workload_identity_provider: '${{ inputs.workload_identity_provider }}' + service_account: '${{ inputs.service_account }}' credentials_json: '${{ secrets.gcpKey }}' - name: Get OL artifacts diff --git a/.github/workflows/producer_spark_dataproc.yml b/.github/workflows/producer_spark_dataproc.yml index c399b3ab..1f362e30 100644 --- a/.github/workflows/producer_spark_dataproc.yml +++ b/.github/workflows/producer_spark_dataproc.yml @@ -4,7 +4,7 @@ on: workflow_call: secrets: gcpKey: - required: true + required: false postgresqlUser: required: true postgresqlPassword: @@ -19,6 +19,14 @@ on: get-latest-snapshots: description: "Should the artifact be downloaded from maven repo or circleci" type: string + workload_identity_provider: + description: "GCP Workload Identity Provider (if not using credentials_json)" + type: string + required: false + service_account: + description: "GCP Service Account email (if not using credentials_json)" + type: string + required: false jobs: run-spark-tests: @@ -59,6 +67,8 @@ jobs: if: ${{ steps.init.outputs.scenarios }} uses: 'google-github-actions/auth@v2' with: + workload_identity_provider: '${{ inputs.workload_identity_provider }}' + service_account: '${{ inputs.service_account }}' credentials_json: '${{ secrets.gcpKey }}' - name: Get OL artifacts From ec939519a9934ab5ccce395e7ae5eefb9ae178c5 Mon Sep 17 00:00:00 2001 From: tnazarew Date: Tue, 25 Nov 2025 13:58:39 +0100 Subject: [PATCH 2/8] temp change to trigger pr workflow Signed-off-by: tnazarew --- .../scenarios/hive/events_3.5.1/columnLineage_test.json | 1 + 1 file changed, 1 insertion(+) diff --git a/producer/spark_dataproc/scenarios/hive/events_3.5.1/columnLineage_test.json b/producer/spark_dataproc/scenarios/hive/events_3.5.1/columnLineage_test.json index 8c9dc823..b4fc38fd 100644 --- a/producer/spark_dataproc/scenarios/hive/events_3.5.1/columnLineage_test.json +++ b/producer/spark_dataproc/scenarios/hive/events_3.5.1/columnLineage_test.json @@ -50,4 +50,5 @@ } } ] + } \ No newline at end of file From 012773ea6dd855c3ed5bbd7889738ccade34966a Mon Sep 17 00:00:00 2001 From: tnazarew Date: Tue, 25 Nov 2025 14:02:18 +0100 Subject: [PATCH 3/8] temp change to trigger pr workflow Signed-off-by: tnazarew --- .github/workflows/producer_spark_dataproc.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/producer_spark_dataproc.yml b/.github/workflows/producer_spark_dataproc.yml index 1f362e30..5464be50 100644 --- a/.github/workflows/producer_spark_dataproc.yml +++ b/.github/workflows/producer_spark_dataproc.yml @@ -69,7 +69,6 @@ jobs: with: workload_identity_provider: '${{ inputs.workload_identity_provider }}' service_account: '${{ inputs.service_account }}' - credentials_json: '${{ secrets.gcpKey }}' - name: Get OL artifacts id: get-ol-artifacts From 22cb5cf1ec8c982c466f538e887d3d7250919a6b Mon Sep 17 00:00:00 2001 From: tnazarew Date: Tue, 25 Nov 2025 14:22:12 +0100 Subject: [PATCH 4/8] temp change to trigger pr workflow Signed-off-by: tnazarew --- .github/workflows/consumer_dataplex.yml | 20 ++++++++++++++-- .github/workflows/main_new_release.yml | 11 +++++---- .github/workflows/main_ol_spec_changes.yml | 7 +++--- .github/workflows/main_pr.yml | 5 ---- .github/workflows/producer_hive_dataproc.yml | 22 +++++++++++++++--- .github/workflows/producer_spark_dataproc.yml | 23 ++++++++++++++++--- 6 files changed, 67 insertions(+), 21 deletions(-) diff --git a/.github/workflows/consumer_dataplex.yml b/.github/workflows/consumer_dataplex.yml index 92954db0..4c27f26c 100644 --- a/.github/workflows/consumer_dataplex.yml +++ b/.github/workflows/consumer_dataplex.yml @@ -33,13 +33,29 @@ jobs: uses: actions/setup-python@v5 with: python-version: "3.11" - - name: GCP authorization - id: gcp-auth + - name: GCP authorization (Workload Identity) + id: gcp-auth-wif + if: ${{ inputs.workload_identity_provider != '' }} uses: 'google-github-actions/auth@v2' with: workload_identity_provider: '${{ inputs.workload_identity_provider }}' service_account: '${{ inputs.service_account }}' + + - name: GCP authorization (JSON Key) + id: gcp-auth-json + if: ${{ inputs.workload_identity_provider == '' }} + uses: 'google-github-actions/auth@v2' + with: credentials_json: '${{ secrets.gcpKey }}' + + - name: Set credentials file path + id: gcp-auth + run: | + if [ -n "${{ steps.gcp-auth-wif.outputs.credentials_file_path }}" ]; then + echo "credentials_file_path=${{ steps.gcp-auth-wif.outputs.credentials_file_path }}" >> $GITHUB_OUTPUT + else + echo "credentials_file_path=${{ steps.gcp-auth-json.outputs.credentials_file_path }}" >> $GITHUB_OUTPUT + fi - name: Install dependencies run: | python -m pip install --upgrade pip diff --git a/.github/workflows/main_new_release.yml b/.github/workflows/main_new_release.yml index 1958c959..24be6ad7 100644 --- a/.github/workflows/main_new_release.yml +++ b/.github/workflows/main_new_release.yml @@ -97,10 +97,10 @@ jobs: needs: initialize_workflow if: ${{ needs.initialize_workflow.outputs.run_dataplex == 'true' }} uses: ./.github/workflows/consumer_dataplex.yml - secrets: - gcpKey: ${{ secrets.GCP_SA_KEY }} with: release: ${{ needs.initialize_workflow.outputs.openlineage_release }} + workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} spark-dataproc: needs: initialize_workflow @@ -109,13 +109,14 @@ jobs: strategy: matrix: ${{ fromJson(needs.initialize_workflow.outputs.spark_matrix) }} secrets: - gcpKey: ${{ secrets.GCP_SA_KEY }} postgresqlUser: ${{ secrets.POSTGRESQL_USER }} postgresqlPassword: ${{ secrets.POSTGRESQL_PASSWORD }} with: ol_release: ${{ matrix.openlineage_versions }} spark_release: ${{ matrix.component_version }} get-latest-snapshots: 'false' + workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} hive-dataproc: needs: initialize_workflow @@ -123,12 +124,12 @@ jobs: uses: ./.github/workflows/producer_hive_dataproc.yml strategy: matrix: ${{ fromJson(needs.initialize_workflow.outputs.hive_matrix) }} - secrets: - gcpKey: ${{ secrets.GCP_SA_KEY }} with: ol_release: ${{ matrix.openlineage_versions }} component_release: ${{ matrix.component_version }} get-latest-snapshots: 'false' + workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} ######## COLLECTION OF REPORTS AND EXECUTE APPROPRIATE ACTIONS ######## diff --git a/.github/workflows/main_ol_spec_changes.yml b/.github/workflows/main_ol_spec_changes.yml index 69fab929..498f8d8c 100644 --- a/.github/workflows/main_ol_spec_changes.yml +++ b/.github/workflows/main_ol_spec_changes.yml @@ -132,13 +132,14 @@ jobs: strategy: matrix: ${{ fromJson(needs.initialize_workflow.outputs.spark_matrix) }} secrets: - gcpKey: ${{ secrets.GCP_SA_KEY }} postgresqlUser: ${{ secrets.POSTGRESQL_USER }} postgresqlPassword: ${{ secrets.POSTGRESQL_PASSWORD }} with: ol_release: ${{ matrix.openlineage_versions }} spark_release: ${{ matrix.component_version }} get-latest-snapshots: 'true' + workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} hive-dataproc: needs: @@ -147,12 +148,12 @@ jobs: uses: ./.github/workflows/producer_hive_dataproc.yml strategy: matrix: ${{ fromJson(needs.initialize_workflow.outputs.hive_matrix) }} - secrets: - gcpKey: ${{ secrets.GCP_SA_KEY }} with: ol_release: ${{ matrix.openlineage_versions }} component_release: ${{ matrix.component_version }} get-latest-snapshots: 'true' + workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} ######## COLLECTION OF REPORTS AND EXECUTE APPROPRIATE ACTIONS ######## diff --git a/.github/workflows/main_pr.yml b/.github/workflows/main_pr.yml index 1bd6ff24..7aa9efc8 100644 --- a/.github/workflows/main_pr.yml +++ b/.github/workflows/main_pr.yml @@ -112,8 +112,6 @@ jobs: - scenarios if: ${{ !failure() && needs.initialize_workflow.outputs.run_dataplex == 'true' }} uses: ./.github/workflows/consumer_dataplex.yml - secrets: - gcpKey: ${{ secrets.GCP_SA_KEY }} with: release: ${{ needs.initialize_workflow.outputs.ol_release }} workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} @@ -126,7 +124,6 @@ jobs: strategy: matrix: ${{ fromJson(needs.initialize_workflow.outputs.spark_matrix) }} secrets: - gcpKey: ${{ secrets.GCP_SA_KEY }} postgresqlUser: ${{ secrets.POSTGRESQL_USER }} postgresqlPassword: ${{ secrets.POSTGRESQL_PASSWORD }} with: @@ -142,8 +139,6 @@ jobs: uses: ./.github/workflows/producer_hive_dataproc.yml strategy: matrix: ${{ fromJson(needs.initialize_workflow.outputs.hive_matrix) }} - secrets: - gcpKey: ${{ secrets.GCP_SA_KEY }} with: ol_release: ${{ matrix.openlineage_versions }} component_release: ${{ matrix.component_version }} diff --git a/.github/workflows/producer_hive_dataproc.yml b/.github/workflows/producer_hive_dataproc.yml index 5d63f7e0..713f11cd 100644 --- a/.github/workflows/producer_hive_dataproc.yml +++ b/.github/workflows/producer_hive_dataproc.yml @@ -50,15 +50,31 @@ jobs: esac - - name: GCP authorization - id: gcp-auth - if: ${{ steps.init.outputs.scenarios }} + - name: GCP authorization (Workload Identity) + id: gcp-auth-wif + if: ${{ steps.init.outputs.scenarios && inputs.workload_identity_provider != '' }} uses: 'google-github-actions/auth@v2' with: workload_identity_provider: '${{ inputs.workload_identity_provider }}' service_account: '${{ inputs.service_account }}' + + - name: GCP authorization (JSON Key) + id: gcp-auth-json + if: ${{ steps.init.outputs.scenarios && inputs.workload_identity_provider == '' }} + uses: 'google-github-actions/auth@v2' + with: credentials_json: '${{ secrets.gcpKey }}' + - name: Set credentials file path + id: gcp-auth + if: ${{ steps.init.outputs.scenarios }} + run: | + if [ -n "${{ steps.gcp-auth-wif.outputs.credentials_file_path }}" ]; then + echo "credentials_file_path=${{ steps.gcp-auth-wif.outputs.credentials_file_path }}" >> $GITHUB_OUTPUT + else + echo "credentials_file_path=${{ steps.gcp-auth-json.outputs.credentials_file_path }}" >> $GITHUB_OUTPUT + fi + - name: Get OL artifacts id: get-ol-artifacts if: ${{ steps.init.outputs.scenarios }} diff --git a/.github/workflows/producer_spark_dataproc.yml b/.github/workflows/producer_spark_dataproc.yml index 5464be50..85c9a197 100644 --- a/.github/workflows/producer_spark_dataproc.yml +++ b/.github/workflows/producer_spark_dataproc.yml @@ -62,14 +62,31 @@ jobs: esac - - name: GCP authorization - id: gcp-auth - if: ${{ steps.init.outputs.scenarios }} + - name: GCP authorization (Workload Identity) + id: gcp-auth-wif + if: ${{ steps.init.outputs.scenarios && inputs.workload_identity_provider != '' }} uses: 'google-github-actions/auth@v2' with: workload_identity_provider: '${{ inputs.workload_identity_provider }}' service_account: '${{ inputs.service_account }}' + - name: GCP authorization (JSON Key) + id: gcp-auth-json + if: ${{ steps.init.outputs.scenarios && inputs.workload_identity_provider == '' }} + uses: 'google-github-actions/auth@v2' + with: + credentials_json: '${{ secrets.gcpKey }}' + + - name: Set credentials file path + id: gcp-auth + if: ${{ steps.init.outputs.scenarios }} + run: | + if [ -n "${{ steps.gcp-auth-wif.outputs.credentials_file_path }}" ]; then + echo "credentials_file_path=${{ steps.gcp-auth-wif.outputs.credentials_file_path }}" >> $GITHUB_OUTPUT + else + echo "credentials_file_path=${{ steps.gcp-auth-json.outputs.credentials_file_path }}" >> $GITHUB_OUTPUT + fi + - name: Get OL artifacts id: get-ol-artifacts if: ${{ steps.init.outputs.scenarios }} From a998c5005b6d51cb7a7b5b3a0584d127c2bc5811 Mon Sep 17 00:00:00 2001 From: tnazarew Date: Tue, 25 Nov 2025 14:28:55 +0100 Subject: [PATCH 5/8] temp change to trigger pr workflow Signed-off-by: tnazarew --- .github/workflows/producer_spark_dataproc.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/producer_spark_dataproc.yml b/.github/workflows/producer_spark_dataproc.yml index 85c9a197..1f74173f 100644 --- a/.github/workflows/producer_spark_dataproc.yml +++ b/.github/workflows/producer_spark_dataproc.yml @@ -68,14 +68,7 @@ jobs: uses: 'google-github-actions/auth@v2' with: workload_identity_provider: '${{ inputs.workload_identity_provider }}' - service_account: '${{ inputs.service_account }}' - - - name: GCP authorization (JSON Key) - id: gcp-auth-json - if: ${{ steps.init.outputs.scenarios && inputs.workload_identity_provider == '' }} - uses: 'google-github-actions/auth@v2' - with: - credentials_json: '${{ secrets.gcpKey }}' + project_id: 'gcp-open-lineage-testing' - name: Set credentials file path id: gcp-auth From 0b22f71d054cb1bc1167489e1a57295b60ffbbfd Mon Sep 17 00:00:00 2001 From: tnazarew Date: Tue, 25 Nov 2025 14:37:16 +0100 Subject: [PATCH 6/8] temp change to trigger pr workflow Signed-off-by: tnazarew --- .github/actions/upload_artifacts/action.yml | 3 ++- .github/workflows/producer_spark_dataproc.yml | 3 --- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/actions/upload_artifacts/action.yml b/.github/actions/upload_artifacts/action.yml index b93a193b..246cc068 100644 --- a/.github/actions/upload_artifacts/action.yml +++ b/.github/actions/upload_artifacts/action.yml @@ -10,6 +10,7 @@ inputs: required: true credentials: description: "GCP credentials" + required: false outputs: uploaded-file: value: ${{ steps.upload-artifact.outputs.uploaded_file }} @@ -29,7 +30,7 @@ runs: id: upload-artifact shell: bash run: | - python scripts/upload_file_to_gcs.py ${{ inputs.local-file-path }} ${{ inputs.gcs-path }} --credentials ${{ inputs.credentials }} + python scripts/upload_file_to_gcs.py ${{ inputs.local-file-path }} ${{ inputs.gcs-path }} exit_code=$? if [ $exit_code -ne 0 ]; then diff --git a/.github/workflows/producer_spark_dataproc.yml b/.github/workflows/producer_spark_dataproc.yml index 1f74173f..174807cd 100644 --- a/.github/workflows/producer_spark_dataproc.yml +++ b/.github/workflows/producer_spark_dataproc.yml @@ -205,7 +205,6 @@ jobs: --region us-west1 \ --dataproc-image-version ${{ steps.init.outputs.dataproc_version }} \ --cluster-name "dataproc-producer-test-${{steps.init.outputs.component_cluster_suffix}}-${{ steps.init.outputs.openlineage_cluster_suffix }}-${{ github.run_id }}" \ - --credentials-file ${{ steps.gcp-auth.outputs.credentials_file_path }} \ --metadata "$metadata" \ --initialization-actions="${{ steps.upload-initialization-actions.outputs.uploaded-file }},${{ steps.upload-cloud-sql-initialization-actions.outputs.uploaded-file }}" @@ -248,7 +247,6 @@ jobs: --jars "${{ steps.upload-gcs-transport.outputs.uploaded-file }}" \ --spark-properties "$properties" \ --output-directory "${{ steps.set-producer-output.outputs.event_dir }}/$scenario" \ - --credentials-file "${{ steps.gcp-auth.outputs.credentials_file_path }}" \ --dataproc-image-version ${{ steps.init.outputs.dataproc_version }} then echo "Error: Spark job failed for scenario: $scenario" @@ -269,7 +267,6 @@ jobs: --project-id gcp-open-lineage-testing \ --region us-west1 \ --cluster-name "dataproc-producer-test-${{steps.init.outputs.component_cluster_suffix}}-${{steps.init.outputs.openlineage_cluster_suffix}}-${{ github.run_id }}" \ - --credentials-file ${{ steps.gcp-auth.outputs.credentials_file_path }} else echo "Cluster does not exist" fi From c656d0c5158ff4c1e9024e60d0c60c7913492e24 Mon Sep 17 00:00:00 2001 From: tnazarew Date: Tue, 25 Nov 2025 15:02:22 +0100 Subject: [PATCH 7/8] temp change to trigger pr workflow Signed-off-by: tnazarew --- .github/workflows/producer_spark_dataproc.yml | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/.github/workflows/producer_spark_dataproc.yml b/.github/workflows/producer_spark_dataproc.yml index 174807cd..cf3baa8b 100644 --- a/.github/workflows/producer_spark_dataproc.yml +++ b/.github/workflows/producer_spark_dataproc.yml @@ -62,24 +62,13 @@ jobs: esac - - name: GCP authorization (Workload Identity) + - name: GCP authorization id: gcp-auth-wif - if: ${{ steps.init.outputs.scenarios && inputs.workload_identity_provider != '' }} uses: 'google-github-actions/auth@v2' with: workload_identity_provider: '${{ inputs.workload_identity_provider }}' project_id: 'gcp-open-lineage-testing' - - name: Set credentials file path - id: gcp-auth - if: ${{ steps.init.outputs.scenarios }} - run: | - if [ -n "${{ steps.gcp-auth-wif.outputs.credentials_file_path }}" ]; then - echo "credentials_file_path=${{ steps.gcp-auth-wif.outputs.credentials_file_path }}" >> $GITHUB_OUTPUT - else - echo "credentials_file_path=${{ steps.gcp-auth-json.outputs.credentials_file_path }}" >> $GITHUB_OUTPUT - fi - - name: Get OL artifacts id: get-ol-artifacts if: ${{ steps.init.outputs.scenarios }} From a3f80acf97718c40088446e8a46a1f8f7ce10545 Mon Sep 17 00:00:00 2001 From: tnazarew Date: Tue, 25 Nov 2025 15:09:47 +0100 Subject: [PATCH 8/8] temp change to trigger pr workflow Signed-off-by: tnazarew --- .github/workflows/main_pr.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main_pr.yml b/.github/workflows/main_pr.yml index 7aa9efc8..64cb1207 100644 --- a/.github/workflows/main_pr.yml +++ b/.github/workflows/main_pr.yml @@ -114,7 +114,7 @@ jobs: uses: ./.github/workflows/consumer_dataplex.yml with: release: ${{ needs.initialize_workflow.outputs.ol_release }} - workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + workload_identity_provider: 'projects/484892851355/locations/global/workloadIdentityPools/github-actions-pool/providers/github-oidc-provider' service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} spark_dataproc: @@ -130,7 +130,7 @@ jobs: ol_release: ${{ matrix.openlineage_versions }} spark_release: ${{ matrix.component_version }} get-latest-snapshots: 'false' - workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + workload_identity_provider: 'projects/484892851355/locations/global/workloadIdentityPools/github-actions-pool/providers/github-oidc-provider' service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} hive_dataproc: @@ -143,7 +143,7 @@ jobs: ol_release: ${{ matrix.openlineage_versions }} component_release: ${{ matrix.component_version }} get-latest-snapshots: 'false' - workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} + workload_identity_provider: 'projects/484892851355/locations/global/workloadIdentityPools/github-actions-pool/providers/github-oidc-provider' service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} ######## COLLECTION OF REPORTS AND EXECUTE APPROPRIATE ACTIONS ########