From f9896217facb4d59f3b6ae348418e4c3ed078b97 Mon Sep 17 00:00:00 2001
From: eeaton <ellioteaton@gmail.com>
Date: Thu, 4 Apr 2024 17:16:02 +0100
Subject: [PATCH] Fix ADC documentation, issue#685 (#686)

<!--
Thank you for proposing a pull request! Please note that SOME TESTS WILL
LIKELY FAIL due to how GitHub exposes secrets in Pull Requests from
forks.
Someone from the team will review your Pull Request and respond.

Please describe your change and any implementation details below.
-->
Fixes to readme for inaccurate guidance on setting Application Default
Credentials.
https://github.com/google-github-actions/setup-gcloud/issues/685

---------

Signed-off-by: eeaton <ellioteaton@gmail.com>
---
 README.md | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 8fdea0e39..b8c976293 100644
--- a/README.md
+++ b/README.md
@@ -114,9 +114,11 @@ jobs:
 
 ## Authorization
 
-This action installs the Cloud SDK (`gcloud`). To configure its authentication
-to Google Cloud, use the [google-github-actions/auth][auth] action. You can
-authenticate via:
+The `setup-gcloud` action installs the Cloud SDK (`gcloud`). To configure its authentication
+to Google Cloud, you must first use the [google-github-actions/auth][auth] action. The `auth`
+action sets [Application Default Credentials][adc], then the `setup-gcloud` action references
+these credentials to configure [gcloud credentials][gcloud-credentials] . You can
+authenticate via the following options:
 
 ### Workload Identity Federation (preferred)
 
@@ -163,10 +165,11 @@ jobs:
       run: 'gcloud info'
 ```
 
-### Application Default Credentials
+### Self-hosted runners on Google Cloud Platform
 
-If and only if you are using self-hosted runners that are hosted on Google Cloud Platform,
-the Cloud SDK will automatically authenticate using the machine credentials:
+If you are using self-hosted runners that are hosted on Google Cloud Platform, credentials
+are automatically obtained from the service account attached to the runner.
+In this scenario, you do not need to run the [google-github-actions/auth][auth] action.
 
 ```yaml
 jobs:
@@ -243,9 +246,10 @@ explicitly updating your version number. Note that we only publish `MAJOR` and
 
 [github-action]:https://help.github.com/en/categories/automating-your-workflow-with-github-actions
 [auth]: https://github.com/google-github-actions/auth
-[adc]: https://cloud.google.com/docs/authentication/production
+[adc]: https://cloud.google.com/docs/authentication/application-default-credentials
 [sdk]: https://cloud.google.com/sdk/
 [gcloud]: https://cloud.google.com/sdk/gcloud/
+[gcloud-credentials]: https://cloud.google.com/docs/authentication/gcloud#gcloud-credentials
 [gsutil]: https://cloud.google.com/storage/docs/gsutil
 [sa-iam-docs]: https://cloud.google.com/iam/docs/service-accounts
 [sa]: https://cloud.google.com/iam/docs/creating-managing-service-accounts