From 95d5c3cb8931188d8417399439650f32fac1cff1 Mon Sep 17 00:00:00 2001
From: Philip Wedemann <22521688+hfhbd@users.noreply.github.com>
Date: Fri, 17 May 2024 15:46:58 +0200
Subject: [PATCH] Login to the Google Container Registry using the oauth2
 accesstoken (#977)

---
 .github/workflows/CD.yml | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/CD.yml b/.github/workflows/CD.yml
index 545298e9..3e359af8 100644
--- a/.github/workflows/CD.yml
+++ b/.github/workflows/CD.yml
@@ -43,12 +43,19 @@ jobs:
 
       - name: Login to GitHub Container Registry
         run: echo "${{ github.token }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
       - id: auth
         uses: google-github-actions/auth@v2
         with:
           workload_identity_provider: projects/963273362268/locations/global/workloadIdentityPools/github-deployment/providers/github
           service_account: github-todo@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
-      - run: gcloud auth configure-docker europe-west4-docker.pkg.dev
+          token_format: access_token
+      - name: Login to Google Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: europe-west4-docker.pkg.dev
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
 
       - uses: actions/configure-pages@v5
       - uses: actions/setup-java@v4
@@ -76,14 +83,13 @@ jobs:
       - name: Read Google Docker Digest
         id: googleDockerDigest
         run: echo "::set-output name=digest::$(cat backend/build/jib-image.digest)"
-#      https://github.com/actions/attest-build-provenance/issues/73
-#      - name: Attest
-#        uses: actions/attest-build-provenance@v1
-#        id: attestGoogle
-#        with:
-#          subject-name: europe-west4-docker.pkg.dev/${{ secrets.PROJECT_ID }}/composetodo-repo/${{ env.service_name }}
-#          subject-digest: ${{ steps.googleDockerDigest.outputs.digest }}
-#          push-to-registry: true
+      - name: Attest
+        uses: actions/attest-build-provenance@v1
+        id: attestGoogle
+        with:
+          subject-name: europe-west4-docker.pkg.dev/${{ secrets.PROJECT_ID }}/composetodo-repo/${{ env.service_name }}
+          subject-digest: ${{ steps.googleDockerDigest.outputs.digest }}
+          push-to-registry: true
 
       - name: Assemble with Gradle
         run: ./gradlew :web:jsBrowserDistribution