Enhance GitHub Actions workflows for conditional image pushing and authentication

- Updated conditions for pushing app and test app images to exclude shared targets.
- Added a new step for authenticating to Google Cloud using workload identity and service account secrets.
- Introduced a step to retrieve the short SHA for better traceability in the workflow.

Author: trent-codecov

.github/workflows/_build-app.yml

@@ -51,7 +51,7 @@ jobs:
           make ${{ inputs.make_target_prefix }}build.app
 
       - name: Push app
-        if: ${{ !github.event.pull_request.head.repo.fork && github.repository_owner == 'codecov' }}
+        if: ${{ !github.event.pull_request.head.repo.fork && github.repository_owner == 'codecov' && inputs.make_target_prefix != 'shared.' }}
         run: |
           make ${{ inputs.make_target_prefix }}push.app-temp
 
@@ -85,6 +85,6 @@ jobs:
           make ${{ inputs.make_target_prefix }}build.test-app
 
       - name: Push Test App
-        if: ${{ !github.event.pull_request.head.repo.fork && github.repository_owner == 'codecov' }}
+        if: ${{ !github.event.pull_request.head.repo.fork && github.repository_owner == 'codecov' && inputs.make_target_prefix != 'shared.' }}
         run: |
           make ${{ inputs.make_target_prefix }}push.test-app-temp

.github/workflows/_push-env.yml

@@ -46,11 +46,21 @@ jobs:
         with:
           fetch-depth: 0
           submodules: 'recursive'
+          
       - name: Get Release SHA
         env:
           SHA: ${{ github.sha }}
         id: sha
         run: echo short_sha="${SHA:0:7}" >> $GITHUB_OUTPUT
+
+      - id: "auth"
+        name: "Authenticate to Google Cloud"
+        uses: "google-github-actions/[email protected]"
+        with:
+          token_format: "access_token"
+          workload_identity_provider: ${{ secrets.CODECOV_GCP_WIDP }}
+          service_account: ${{ secrets.CODECOV_GCP_WIDSA }}
+
       - name: Pull built image
         run: |
           make ${{ inputs.make_target_prefix }}pull.app-temp