Enable Terra Service Accounts to use Github Actions

Post author
Ava Hoffman

Hello Terra team!

I work with educators and outreach who develop automated publishing tools. Specifically, we've created the OTTR Project which automates the publication of Rmd notebooks to platforms like Leanpub and Coursera via GitHub Actions. We think Terra/AnVIL would make a fantastic addition to the collection of platforms, helping folks "Learn Terra on Terra".

In order to enable publishing to Terra/AnVIL with GitHub Actions, a Google Cloud Service Account needs Storage Object Admin permissions to write updated notebooks to the associated Workspace Bucket. Conveniently, Terra projects in GCP automatically create Service Accounts that could be used (image below). The GC Service Account is securely authenticated with Workload Identity Federation or a secret key. 

The request: Can we grant the Terra-created Google Service Accounts Storage Object Admin permissions? 

Thank you!

Comments

2 comments

  • Comment author
    Emily Barnes
    • Official comment

    Hi Ava,

    Thanks for writing in with this feature request! We are currently looking into what permissions these service accounts currently have. I'll update you as we learn more!

    Best,

    Emily

  • Comment author
    Candace Savonen

    This would be great! 

    0

Please sign in to leave a comment.