Does this skill support Vertex AI deployments?

Yes, it includes specific templates, deployment validation checks, and IAM guidance tailored for deploying agents and resources to Vertex AI.

Can this skill help me fix 'Permission Denied' errors in CI/CD?

Yes, it reviews your IAM roles and deployment logs to suggest the minimum required permissions (such as aiplatform.user or run.admin) needed for successful execution.

What permissions are required for the OIDC token in GitHub?

To successfully authenticate with Google Cloud via OIDC, your GitHub Action workflow must explicitly include the 'id-token: write' permission.

Why should I use Workload Identity Federation (WIF) instead of service account keys?

WIF eliminates the need for long-lived, downloadable JSON keys, significantly reducing the risk of credential leakage and unauthorized access to your Google Cloud environment.

How does the skill handle secret detection?

It can automatically inject security jobs using tools like TruffleHog and Trivy into your YAML workflows to scan for secrets and vulnerabilities during every pull request.

GitHub Actions Validator for GCP

Name: GitHub Actions Validator for GCP
Author: jeremylongshore

byjeremylongshore

•

883

배포 및 DevOps

Automates the security hardening and validation of GitHub Actions workflows for Google Cloud and Vertex AI deployments using Workload Identity Federation.

소개

This skill provides automated assistance for auditing and securing CI/CD pipelines targeting Google Cloud Platform. It specializes in migrating workflows from insecure, long-lived service account keys to modern Workload Identity Federation (OIDC) protocols. By enforcing least-privilege IAM roles, validating OIDC permissions, and integrating security scans like secret detection and vulnerability scanning, it ensures that deployments to Vertex AI and other GCP services are both robust and compliant with industry security standards.

주요 기능

Generates one-time gcloud CLI commands for WIF infrastructure setup
Integrates secret detection and vulnerability scanning into GitHub workflows
Migrates legacy JSON service account keys to Workload Identity Federation (WIF)
Validates OIDC permissions and mandatory id-token:write settings
Enforces least-privilege IAM roles for automated CI/CD pipelines
883 GitHub stars

사용 사례

Auditing existing GitHub Actions for security vulnerabilities and credential leaks
Setting up secure deployment pipelines for Vertex AI agents and models
Implementing guardrail jobs to prevent service account keys from entering the codebase

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills gh-actions-validator

For use in Claude.ai and ChatGPT

Download Skill

GitHub

소개