Skip to content

The incoming JSON object does not contain a client_email field - github actions - google #290

Open
Open
The incoming JSON object does not contain a client_email field - github actions - google#290
@domanskijan

Description

@domanskijan
domanskijan
opened on Apr 20, 2022

Are you certain it's a bug?

  • Yes, it looks like a bug

Is the issue caused by a plugin?

  • It is not a plugin issue

Are you using the latest version?

  • Yes, I'm using the latest version

Is there an existing issue for this?

  • I have searched existing issues, it hasn't been reported yet

Issue description

Hi,

I'm trying to set integration with github actions (using Identity federation) to deploy cloud function to GCP but I have not idea why I'm getting error : The incoming JSON object does not contain a client_email field

I've set up roles for service account :

gcloud projects add-iam-policy-binding $PROJECT_ID
--member="serviceAccount:$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com"
--role="roles/cloudfunctions.developer"

gcloud projects add-iam-policy-binding $PROJECT_ID
--member="serviceAccount:$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com"
--role="roles/iam.serviceAccountUser"

My githubactions pipeline:

name: Build and Deploy fun
on:
  push:
    branches: 
    - master
    paths:
    - 'fun/**'

jobs:
    build-deploy:
      name: Build and Deploy to GCP
      runs-on: ubuntu-latest
      permissions:
        contents: "read"
        id-token: "write"
      strategy:
        matrix:
          node-version: [14.x]   
      steps:
      - name: Checkout
        uses: actions/checkout@v2
      
      - id: 'auth'
        name: 'Authenticate to Google Cloud'
        uses: 'google-github-actions/auth@v0'
        with:
          workload_identity_provider: 'projects/XYZ/locations/global/workloadIdentityPools/github-actions/providers/github'
          service_account: 'github-actions@XYZiam.gserviceaccount.com'

      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v1
        with:
          node-version: ${{ matrix.node-version }}

      - name: serverless install plugins
        uses: serverless/github-action@v3
        with:
          args: plugin install -n serverless-google-cloudfunctions
          
      - name: serverless deploy
        uses: serverless/github-action@v3
        with:
          args: -c "cd ./fun && serverless deploy"
          entrypoint: /bin/sh`

Service configuration (serverless.yml) content

service: cloud-functions

provider:
  name: google
  runtime: nodejs14
  region: us-central1
  project: XYZ

plugins:
  - serverless-google-cloudfunctions
package:
  exclude:
    - node_modules/**
    - .gitignore
    - .git/**

functions:
  test:
    handler: http
    events:
      - http: path

Command name and used flags

serverless deploy

Command output

Error:
Error: The incoming JSON object does not contain a client_email field
    at JWT.fromJSON (/github/workspace/node_modules/google-auth-library/build/src/auth/jwtclient.js:195:19)
    at GoogleAuth._cacheClientFromJSON (/github/workspace/node_modules/google-auth-library/build/src/auth/googleauth.js:301:16)
    at ReadStream.<anonymous> (/github/workspace/node_modules/google-auth-library/build/src/auth/googleauth.js:336:40)
    at ReadStream.emit (events.js:412:35)
    at ReadStream.emit (domain.js:475:12)
    at endReadableNT (internal/streams/readable.js:1334:12)
    at processTicksAndRejections (internal/process/task_queues.js:82:21)

1 deprecation found: run 'serverless doctor' for more details

Environment information

serverless/github-action@v3
Environment: linux, node 14.19.1, framework 3.14.0, plugin 6.2.2, SDK 4.3.2

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions