GHA fix: GCP User Roles (#36429)

ksobrenat32 · web-flow · commit f9feffcaec7b · 2025-10-07T14:50:41.000-07:00
* Change user roles for testing

* Add size check for Terraform plan in PR comments
diff --git a/.github/workflows/beam_Infrastructure_UsersPermissions.yml b/.github/workflows/beam_Infrastructure_UsersPermissions.yml
@@ -73,10 +73,16 @@ jobs:
       - name: Create comment body
         if: github.event_name == 'pull_request_target'
         run: |
-          echo "### Terraform Plan for User Roles Changes" > comment_body.txt
-          echo '```' >> comment_body.txt
-          cat ./infra/iam/tfplan.txt >> comment_body.txt
-          echo '```' >> comment_body.txt
+          PLAN_SIZE=$(wc -c < ./infra/iam/tfplan.txt)
+          if [ "$PLAN_SIZE" -gt 60000 ]; then
+            echo "### Terraform Plan for User Roles Changes" > comment_body.txt
+            echo "Plan is too big, review in Github Action Logs" >> comment_body.txt
+          else
+            echo "### Terraform Plan for User Roles Changes" > comment_body.txt
+            echo '```' >> comment_body.txt
+            cat ./infra/iam/tfplan.txt >> comment_body.txt
+            echo '```' >> comment_body.txt
+          fi
 
       - name: Upload plan as a comment to PR
         if: github.event_name == 'pull_request_target'
diff --git a/infra/iam/users.yml b/infra/iam/users.yml
@@ -367,7 +367,7 @@
 - username: enriquecaol04
   email: enriquecaol04@gmail.com
   permissions:
-  - role: projects/apache-beam-testing/roles/beam_viewer
+  - role: roles/viewer
 - username: eventarc-workflow-sa
   email: eventarc-workflow-sa@apache-beam-testing.iam.gserviceaccount.com
   permissions:
