fix: explicitly pass service account key

2026-05-05 15:46:27 +02:00 · 2026-05-05 15:46:27 +02:00 · 76e16568c4
commit 76e16568c4
parent c3dc64c747
1 changed files with 25 additions and 2 deletions
--- a/action.yml
+++ b/action.yml
@ -13,6 +13,14 @@ inputs:
  cluster-name:
    description: "Name of SKE cluster."
    required: true
+  service-account-key:
+    description: "JSON representation of STACKIT service account key."
+    required: false
+    default: ""
+  service-account-key-path:
+    description: "Path to STACKIT service account key file."
+    required: false
+    default: ""
  timeout-seconds:
    description: "Time in seconds after which target state check fails."
    required: false
@ -39,6 +47,8 @@ runs:
        INPUT_TIMEOUT_SECS: ${{ inputs.timeout-seconds }}
        INPUT_INTERVAL_SECS: ${{ inputs.interval-seconds }}
        INPUT_WAIT: ${{ inputs.wait }}
+        INPUT_SERVICE_ACCOUNT_KEY: ${{ inputs.service-account-key }}
+        INPUT_SERVICE_ACCOUNT_KEY_PATH: ${{ inputs.service-account-key-path }}
      run: |
        set -e

@ -58,6 +68,11 @@ runs:
          fi
        done

+        if [ -z "$INPUT_SERVICE_ACCOUNT_KEY" ] && [ -z "$INPUT_SERVICE_ACCOUNT_KEY_PATH" ]; then
+          echo "::error:: You must provide either 'service-account-key' or 'service-account-key-path'."
+          exit 1
+        fi
+
        TIMEOUT_SECS="${INPUT_TIMEOUT_SECS:-900}"
        INTERVAL_SECS="${INPUT_INTERVAL_SECS:-5}"
        WAIT="${INPUT_WAIT:-true}"
@ -91,8 +106,16 @@ runs:

        echo "::group::Authenticating with service account and triggering operation"

-        STACKIT_ACCESS_TOKEN="$(stackit auth activate-service-account --only-print-access-token)"
-        export STACKIT_ACCESS_TOKEN
+        if [ -n "$INPUT_SERVICE_ACCOUNT_KEY_PATH" ]; then
+          STACKIT_SERVICE_ACCOUNT_KEY_PATH="$INPUT_SERVICE_ACCOUNT_KEY_PATH"
+        else
+          STACKIT_SERVICE_ACCOUNT_KEY_PATH="$(mktemp)"
+
+          echo "Writing STACKIT service account key to $STACKIT_SERVICE_ACCOUNT_KEY_PATH"
+          echo "$INPUT_SERVICE_ACCOUNT_KEY" > "$STACKIT_SERVICE_ACCOUNT_KEY_PATH"
+        fi
+
+        export STACKIT_SERVICE_ACCOUNT_KEY_PATH

        STACKIT_PROJECT_ID="$INPUT_PROJECT_ID"
        export STACKIT_PROJECT_ID