Enable Terra Service Accounts to use Github Actions

Post author
Ava Hoffman

Hello Terra team!

I work with educators and outreach who develop automated publishing tools. Specifically, we've created the OTTR Project which automates the publication of Rmd notebooks to platforms like Leanpub and Coursera via GitHub Actions. We think Terra/AnVIL would make a fantastic addition to the collection of platforms, helping folks "Learn Terra on Terra".

In order to enable publishing to Terra/AnVIL with GitHub Actions, a Google Cloud Service Account needs Storage Object Admin permissions to write updated notebooks to the associated Workspace Bucket. Conveniently, Terra projects in GCP automatically create Service Accounts that could be used (image below). The GC Service Account is securely authenticated with Workload Identity Federation or a secret key. 

The request: Can we grant the Terra-created Google Service Accounts Storage Object Admin permissions? 

Thank you!

Comments

3 comments

Please sign in to leave a comment.