URGENT: Github Actions failing to read SA_CREDENTIAL
Closed this issue · 2 comments
Hi Team,
Issue
When running the github actions workflow, it errors out at the pre-upload dry run phase.
When run locally the process works fine, our created rules are ingested into our chronicle rules editor, confirming we are using the correct Google API Key.
However, when we format our Google API key using the cat ~/malachite-abc-7ba40dd4f123.json | tr '\n' ' ' | sed -r 's/\"/\\"/g' (as instructed in https://github.com/GoogleCloudPlatform/security-analytics/blob/main/cicd/README.md) once we insert the resulting formatted key into the repository SA_CREDENTIAL the github action fails.
Screenshot(s)
HELP
Please let us know where we have gone wrong or if there is a bug in the process that's blocking us from creating the CICD.
We will continue working on our end to identify any mistakes we've made too.
Finally we had to pass the json into GH secret in a different way to get it worked. Instead of using the cred.json | tr '\n' ' ' | sed -r 's/\"/\\"/g' | method as mentioned in the readme, we used cred.json | base64 to generate the GH secret and used the below in the rules.py to decode into the json.
decodedBytes = base64.b64decode(service_account_info)
decodedStr = decodedBytes.decode("ascii")
Thanks for reporting! Also appreciate sharing the workaround. So we have removed the instruction around using tr and sed given potential cross-platform issues with these commands on different *nix distros. Closing this issue.