1349 Update Github Action to use WIF auth (#74)

.github/workflows/checks-and-tests.yml

@@ -11,32 +11,41 @@ jobs:
   java-checks-and-tests:
     name: Java Checks and Tests
     runs-on: ubuntu-latest
+
+    # Add "id-token" with the required permissions.
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+
     steps:
 
       - name: Checkout
         uses: actions/checkout@v3
 
       # Google auth allows maven to pull artifacts from our registry
+      # And acquire a token for authenticating with the docker registry
       - id: auth
         name: Authenticate to Google Cloud
         uses: google-github-actions/auth@v1
         with:
-          credentials_json: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_KEY }}
+          token_format: 'access_token'
+          workload_identity_provider: ${{ secrets.WIF_PROVIDER }}
+          service_account: ${{ secrets.SERVICE_ACCOUNT }}
 
       # Authenticating with Dockerhub ensures image pulls are authenticated, so not as severely rate limited
       - name: Log in to Dockerhub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       # Also log docker in to GCP, to allow image pulls from our private registries
       - name: Log in to Google Docker Artifact Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: europe-west2-docker.pkg.dev
-          username: _json_key
-          password: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_KEY }}
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
 
       - name: Set Up JDK 17
         uses: actions/setup-java@v3