Command is not executed in the context requested user

[leonid-deriv]

TL;DR

Not sure this is a but.
When I set user
uses: 'google-github-actions/ssh-compute@v1'
with:
instance_name: '${{vars.VM_INSTANCE}}'
zone: '${{ vars.VM_ZONE }}'
user: '${{ vars.VM_USER }}'

I have the following message in the workflow
Using OS Login user [sa_XXXXX] instead of requested user [YYYYY]

Expected behavior

The command should be executed in the context of the requested user.

Observed behavior

The command is executed in the context of the Service Account user.

Action YAML

name: CI

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]
  pull_request_target:
      branches: [ master ]

jobs:
  build-and-test:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v4
    - name: Use Node.js
      uses: actions/setup-node@v3
      with:
        node-version: '20.x'

    # Build and run the containers
    - name: Run Docker Compose
      env:
        DD_API_KEY: ${{ secrets.DD_API_KEY }}
        DD_COMMIT_SHA: ${{ github.sha }}
        DD_COMMIT_MESSAGE: ${{ github.event.head_commit.message }}  
      run: docker-compose -f docker-compose.ci.yaml up -d

    - name: Wait for Elasticsearch crude way :( )
      run: |
        until curl -s http://localhost:9200/ > /dev/null; do
            echo "Waiting for Elasticsearch..."
            sleep 5
        done
        echo "Elasticsearch is up and running"
    
      # Execute your tests or other commands
    - name: Run Tests
      run: |
        docker-compose exec -T dora-metrics-service npm run test:ci

    - name: Get container name
      run: echo "CONTAINER_NAME=$(docker-compose ps -q dora-metrics-service)" >> $GITHUB_ENV

    - name: Copy test results from container
      run: docker cp $CONTAINER_NAME:/usr/src/app/test-results.json ./test-results.json

    - name: Upload test results
      uses: actions/upload-artifact@v2
      with:
        name: jest-test-results
        path: ./test-results.json
       
    # Clean up
    - name: Docker Compose Down
      run: docker-compose down

  build-and-push:
    needs: [build-and-test]
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4
      - name: Use Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '20.x'

      - name: Lint Dockerfile
        uses: hadolint/hadolint-action@v3.1.0
        with:
          dockerfile: Dockerfile
          failure-threshold: error

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
    
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_TOKEN }}

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          push: true
          tags: xxxx/dora-metrics-service:latest
          platforms: linux/amd64

  deploy:
    needs: [build-and-push]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Use Node.js
        uses: actions/setup-node@v3
        with:
         node-version: '20.x'
      
      - name: Authenticate with Google Cloud
        uses: google-github-actions/auth@v2
        with:
          project_id: ${{vars.GCP_PROJECT}}
          credentials_json: ${{ secrets.GCP_SA_KEY }}
  
      - name: 'Set up Cloud SDK'
        uses: 'google-github-actions/setup-gcloud@v2'
        with:
          version: '>= 363.0.0'
  
      - name: Add SSH key
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.GCP_SSH_PRIVATE_KEY }}" > ~/.ssh/google_compute_engine
          echo "${{ secrets.GCP_SSH_PUBLIC_KEY }}" > ~/.ssh/google_compute_engine.pub
          chmod 400 ~/.ssh/google_compute_engine
          chmod 644 ~/.ssh/google_compute_engine.pub

      - name: Copy docker-compose to VM
        run: |
          set -e
          gcloud compute scp ./docker-compose.prod.yaml ${{vars.VM_USER}}@${{vars.VM_INSTANCE}}:${{vars.VM_DEPLOY_DIR}} --ssh-key-file ~/.ssh/google_compute_engine --tunnel-through-iap --project ${{vars.GCP_PROJECT}} --zone ${{vars.VM_ZONE}} --verbosity=debug
  
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_TOKEN }}

      - name: 'Deploy to VM'
        env:
          GITHUB_TOKEN: ${{secrets.SERVICE_GITHUB_TOKEN}}
          CLICKUP_TOKEN: ${{secrets.CLICKUP_TOKEN}}
          PAGERDUTY_TOKEN: ${{secrets.PAGERDUTY_TOKEN}}
        id: 'ssh'
        uses: 'google-github-actions/ssh-compute@v1'
        with:
          instance_name: '${{vars.VM_INSTANCE}}'
          zone: '${{ vars.VM_ZONE }}'
          user: '${{ vars.VM_USER }}'
          ssh_private_key: '${{ secrets.GCP_SSH_PRIVATE_KEY }}'
          project_id: '${{ vars.GCP_PROJECT }}'
          command: 'export GITHUB_TOKEN=${GITHUB_TOKEN} && \
            export CLICKUP_TOKEN=${CLICKUP_TOKEN} && \
            export PAGERDUTY_TOKEN=${PAGERDUTY_TOKEN} && \
            cd ${{vars.VM_DEPLOY_DIR}} && \
            docker pull ${{vars.SERVICE_IMAGE}} && \
            docker-compose up -d --no-deps dora-metrics-service'

Log output

Run google-github-actions/ssh-compute@v1
  with:
    instance_name: instance-1
    zone: us-central1-a
    user: XXXX
    ssh_private_key: ***
    project_id: git-analytics-tool
    command: export GITHUB_TOKEN=$***GITHUB_TOKEN*** && \ export CLICKUP_TOKEN=$***CLICKUP_TOKEN*** && \ export PAGERDUTY_TOKEN=$***PAGERDUTY_TOKEN*** && \ cd /home/xxxx/monocle && \ docker pull xxxx/dora-metrics-service:latest && \ docker-compose up -d --no-deps dora-metrics-service
  env:
    CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /home/runner/work/service-dora-metrics/service-dora-metrics/gha-creds-f3b4c9b7fc2940ce.json
    GOOGLE_APPLICATION_CREDENTIALS: /home/runner/work/service-dora-metrics/service-dora-metrics/gha-creds-f3b4c9b7fc2940ce.json
    GOOGLE_GHA_CREDS_PATH: /home/runner/work/service-dora-metrics/service-dora-metrics/gha-creds-f3b4c9b7fc2940ce.json
    CLOUDSDK_CORE_PROJECT: git-analytics-tool
    CLOUDSDK_PROJECT: git-analytics-tool
    GCLOUD_PROJECT: git-analytics-tool
    GCP_PROJECT: git-analytics-tool
    GOOGLE_CLOUD_PROJECT: git-analytics-tool
    CLOUDSDK_METRICS_ENVIRONMENT: github-actions-setup-gcloud
    CLOUDSDK_METRICS_ENVIRONMENT_VERSION: 2.1.0
    GITHUB_TOKEN: ***
    CLICKUP_TOKEN: ***
    PAGERDUTY_TOKEN: ***
  
Successfully authenticated
Running: gcloud compute ssh xxxxx@instance-1 --zone us-central1-a --ssh-key-file /tmp/f8daefdf439cacbb7da2ca1a/google_compute_engine --quiet --tunnel-through-iap --project git-analytics-tool --command export GITHUB_TOKEN=$***GITHUB_TOKEN*** && \ export CLICKUP_TOKEN=$***CLICKUP_TOKEN*** && \ export PAGERDUTY_TOKEN=$***PAGERDUTY_TOKEN*** && \ cd /home/xxxxx/monocle && \ docker pull xxxx/dora-metrics-service:latest && \ docker-compose up -d --no-deps dora-metrics-service
Error: google-github-actions/ssh-compute failed with: failed to execute gcloud command `gcloud compute ssh xxxxx@instance-1 --zone us-central1-a --ssh-key-file /tmp/f8daefdf439cacbb7da2ca1a/google_compute_engine --quiet --tunnel-through-iap --project git-analytics-tool --command export GITHUB_TOKEN=$***GITHUB_TOKEN*** && \ export CLICKUP_TOKEN=$***CLICKUP_TOKEN*** && \ export PAGERDUTY_TOKEN=$***PAGERDUTY_TOKEN*** && \ cd /home/xxxx/monocle && \ docker pull xxxxx/dora-metrics-service:latest && \ docker-compose up -d --no-deps dora-metrics-service`: Using OS Login user [sa_xxxxx] instead of requested user [xxxxx]
WARNING: 

To increase the performance of the tunnel, consider installing NumPy. For instructions,
please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the_tcp_upload_bandwidth

bash: line 1:  export: command not found

Additional information

bash: line 1: export: command not found - actually this is another question - command is not "quoted" probably need to use double quotes.