Skip to content

Latest commit

 

History

History
87 lines (76 loc) · 2.56 KB

README.md

File metadata and controls

87 lines (76 loc) · 2.56 KB

gcpcc

CodeQL

Simple tool to print out the current number of compute instances on GCP

Created to to prefrom GitHub Actions powered automatic checks.

Did someone leave a compute instance on that shouldn't be?

Config

Currently none, authentication credentials are read from the environment.

Authentication to GCP

There are 3 recomended approaches:

  1. Pass GCP credentials JSON directly via GOOGLE_APPLICATION_CREDENTIALS_DATA
  2. The "typical" approach of GOOGLE_APPLICATION_CREDENTIALS (path to JSON file)
  3. Using GitHub Actions OIDC with GCP see here

Method 1

# ...
steps:
  - uses: dacbd/gcpcc@v1
    env:
      GOOGLE_APPLICATION_CREDENTIALS_DATA: ${{ secrets.GCP_SA_KEY_JSON }}

Method 2

# ...
steps:
  - uses: google-github-actions/auth@v0
    with:
      credentials_json: ${{ secrets.gcp_sa_key_json }}
  - uses: dacbd/gcpcc@v1

Method 3

# ...
# Add "id-token" with the intended permissions.
permissions:
  contents: 'read'
  id-token: 'write'
steps:
  - uses: google-github-actions/auth@v0
    with:
      workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
      service_account: '[email protected]'
  - uses: dacbd/gcpcc@v1

Outputs

outputs value
total int - total number of compute instance

Usage

Basic example:

name: Check ML Training instances
on:
  schedule:
    cron:
     - ''
jobs:
  check:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3 # not technically required
    - uses: google-github-actions/auth@v0
      with:
        credentials_json: ${{ secrets.GCP_SA_KEY_JSON }}
    - uses: dacbd/gcpcc@v1
      id: gcpcc
    - uses: dacbd/create-issue-action@v1
      if: steps.gcpcc.outputs.total != 0
      with:
        token: ${{ github.token }}
        title: Instance left on in `${{ env.GCP_PROJECT }}`
        assignees: dacbd,some_github_username
        body: |
          Automatic check found `${{ steps.gcpcc.outputs.total }}` instance\s left on.

Permissions

TODO