Why should I use WIF instead of JSON service account keys?

Workload Identity Federation (WIF) eliminates the need for long-lived secrets, reducing the risk of credential leaks by using short-lived OIDC tokens for authentication.

Does this skill help with Vertex AI deployments?

Yes, it includes specific templates and validation checks for deploying, monitoring, and health-checking Vertex AI agents via GitHub Actions.

What permissions does the validator look for in my YAML files?

It specifically checks for 'id-token: write' permissions, which are mandatory for OIDC-based authentication between GitHub and Google Cloud.

Can it detect existing security flaws in my repository?

Yes, the skill can scan your .github/workflows/ directory for hardcoded secrets, insecure IAM roles, and the presence of JSON credential files.

GitHub Actions GCP Validator

Name: GitHub Actions GCP Validator
Author: BbgnsurfTech

byBbgnsurfTech

•

Deployment & DevOps

Validates and secures GitHub Actions workflows for Google Cloud and Vertex AI deployments using Workload Identity Federation.

This skill streamlines the creation and auditing of CI/CD pipelines between GitHub and Google Cloud Platform (GCP). It enforces modern security best practices by migrating workflows away from insecure JSON service account keys toward Workload Identity Federation (WIF) and OIDC-based authentication. The validator automatically scans workflow files for vulnerabilities, ensures least-privilege IAM configurations, and provides ready-to-use templates for deploying Vertex AI agents, helping developers build robust, compliant, and automated deployment pipelines.

Key Features

013 GitHub stars

02Validates OIDC permissions and id-token: write settings in workflow files

03Generates secure deployment templates for Vertex AI and Google Cloud services

04Enforces Workload Identity Federation (WIF) to eliminate static service account keys

05Automates security scans for secrets and vulnerabilities using TruffleHog and Trivy

06Verifies least-privilege IAM roles to prevent unauthorized GCP access

Use Cases

01Setting up a secure OIDC-based connection between GitHub and Google Cloud Platform

02Auditing existing GitHub Actions for security vulnerabilities and hardcoded secrets

03Automating the deployment of Vertex AI models and agents with built-in health checks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bbgnsurftech/claude-skills-collection gh-actions-validator

For use in Claude.ai and ChatGPT

Download Skill