Skip to content

Google Cloud Service account to modify the Eclipse Releng Calendar

Summary

For the Eclipse project we have the Eclipse (Platform, JDT, PDE and Equinox) Release Engineering Build Schedule Google calendar:
https://calendar.google.com/calendar/embed?src=prfk26fdmpru1mptlb06p0jh4s%40group.calendar.google.com

For a new release cycle the events are currently created manually, but since they follow a strict mechanical schema I want to automate their creation, just like most other parts of the preparation are automated.

But from the research I did so far it seems to be much more complex to authenticate and authorise changes to a Google calendar using a script, compared to e.g. the Github API.

The 'simplest' solution I found so far is having or creating a Google cloud project and creating a Service Account there, that again is permitted to modify the calender mentioned above.

If you don't have such a project already (or a schema for it), it could be named Eclipse RelEng Calendar with a service account named Eclipse Releng Bot that has access to the Google Calendar API.

The documentation on them is unfortunately not very clear to me: https://docs.cloud.google.com/iam/docs/service-account-overview

But the Gemini AI describes the steps as follows:

Use a Google Cloud Service Account.
1. Create a Service Account: Head to the GCP Console, navigate to "IAM & Admin > Service Accounts, and create a new service account.
  - Generate and download its credentials as a JSON key file.
  - In the Service account details go to "Keys", select "Create new key" and create a new JSON type key. The json file containing all details is downloaded automatically

2. Enable the API: Ensure the Google Calendar API is explicitly enabled in your GCP project.
3. Share the Calendar: Copy the unique email address of your new Service Account (e.g., eclipse-releng-bot@eclipse-releng-calendar.iam.gserviceaccount.com).
4. Open your Google Calendar web UI, open the settings of the calendar you want to target.
And under "Share with specific people or groups", add the Service Account email with "Make changes to events" permissions.

The downloaded Service account key JSON secret file then needs to be made available as credential in the RelEng Jenkins. We can then use it, e.g. via the gcloud tools (that's downloaded on demand) to create a temporary bearer token that we then use to eventually create the desired events through the calendar API:

Overall this unfortunately seems overly complex to me. So if you have suggestions and guidance how to do this simpler, I'd be more than happy to follow it.

Thanks in advance.

Priority

  • Urgent
  • High
  • Medium
  • Low

Severity

  • Blocker
  • Major
  • Normal
  • Low

Impact

On Friday we want to prepare the next development cycle of the Eclipse top-level projects and I would be great if we could use the new automation then already.

Copyright © Eclipse Foundation AISBL. All rights reserved.     Privacy Policy | Terms of Use | Copyright Agent