Login to the Google Container Registry using the oauth2 accesstoken (#…

…977)
hfhbd · May 17, 2024 · 95d5c3c · 95d5c3c
1 parent 1393388
commit 95d5c3c
Showing 1 changed file with 15 additions and 9 deletions.
diff --git a/.github/workflows/CD.yml b/.github/workflows/CD.yml
@@ -43,12 +43,19 @@ jobs:
 
       - name: Login to GitHub Container Registry
         run: echo "${{ github.token }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
       - id: auth
         uses: google-github-actions/auth@v2
         with:
           workload_identity_provider: projects/963273362268/locations/global/workloadIdentityPools/github-deployment/providers/github
           service_account: github-todo@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
-      - run: gcloud auth configure-docker europe-west4-docker.pkg.dev
+          token_format: access_token
+      - name: Login to Google Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: europe-west4-docker.pkg.dev
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
 
       - uses: actions/configure-pages@v5
       - uses: actions/setup-java@v4
@@ -76,14 +83,13 @@ jobs:
       - name: Read Google Docker Digest
         id: googleDockerDigest
         run: echo "::set-output name=digest::$(cat backend/build/jib-image.digest)"
-#      https://github.com/actions/attest-build-provenance/issues/73
-#      - name: Attest
-#        uses: actions/attest-build-provenance@v1
-#        id: attestGoogle
-#        with:
-#          subject-name: europe-west4-docker.pkg.dev/${{ secrets.PROJECT_ID }}/composetodo-repo/${{ env.service_name }}
-#          subject-digest: ${{ steps.googleDockerDigest.outputs.digest }}
-#          push-to-registry: true
+      - name: Attest
+        uses: actions/attest-build-provenance@v1
+        id: attestGoogle
+        with:
+          subject-name: europe-west4-docker.pkg.dev/${{ secrets.PROJECT_ID }}/composetodo-repo/${{ env.service_name }}
+          subject-digest: ${{ steps.googleDockerDigest.outputs.digest }}
+          push-to-registry: true
 
       - name: Assemble with Gradle
         run: ./gradlew :web:jsBrowserDistribution