add auth with GKE using OIDC

Mladen Rusev · Mladen Rusev · commit d8c965364386 · 2025-09-15T11:44:59.000+03:00
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -66,6 +66,10 @@ jobs:
 
   test-e2e:
     runs-on: ubuntu-latest
+    permissions:
+      contents: 'read'
+      id-token: 'write' # This is required for OIDC authentication
+
     steps:
       - uses: actions/checkout@v4
         with:
@@ -75,6 +79,16 @@ jobs:
         with:
           DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}
 
+      - name: Authenticate to Google Cloud
+        id: auth
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: 'projects/1034149387603/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider'
+          service_account: 'gke-cluster-creation@machineidentitysecurity-jsci-e.iam.gserviceaccount.com'
+
+      - name: Set up gcloud CLI
+        uses: google-github-actions/setup-gcloud@v2
+
       - id: go-version
         run: |
           make print-go-version >> "$GITHUB_OUTPUT"
@@ -91,6 +105,6 @@ jobs:
           VEN_API_HOST: api.venafi.cloud
           VEN_ZONE: tlspk-bench\Default
           VEN_VCP_REGION: us
-          CLOUDSDK_CORE_PROJECT: jetstack-mael-valais
+          CLOUDSDK_CORE_PROJECT: machineidentitysecurity-jsci-e
           CLOUDSDK_COMPUTE_ZONE: europe-west1-b
           CLUSTER_NAME: test-secretless
