Agent token (#245)

Author: maximbilan

.gitignore

@@ -36,3 +36,4 @@ credentials.json
 
 # Ignore generated credentials from google-github-actions/auth
 gha-creds-*.json
+key.json

scripts/generate_agent_token.sh

@@ -1,3 +1,18 @@
 #!/bin/bash
 
+SERVICE_ACCOUNT=$CAPY_SERVICE_ACCOUNT
+PROJECT_ID=$CAPY_PROJECT_ID
+
+gcloud iam service-accounts add-iam-policy-binding $SERVICE_ACCOUNT \
+  --role=roles/iam.serviceAccountTokenCreator \
+  --member=serviceAccount:$SERVICE_ACCOUNT \
+  --project=$PROJECT_ID
+
+gcloud iam service-accounts keys create key.json \
+  --iam-account=$SERVICE_ACCOUNT
+
+# Activate the service account
+gcloud auth activate-service-account --key-file=key.json
+
+# Generate the identity token
 gcloud auth print-identity-token