diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1057ee5..148e614 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -13,25 +13,35 @@ jobs: name: Build images runs-on: ubuntu-latest + permissions: + contents: 'read' + id-token: 'write' + steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Get release version run: echo "$RELEASE_VER" - - uses: google-github-actions/setup-gcloud@v0.2.0 + - uses: google-github-actions/auth@v2 with: - service_account_key: ${{ secrets.GKE_PROD_SA_KEY }} - project_id: ${{ secrets.GKE_PROD_PROJECT }} - export_default_credentials: true + project_id: 'genuine-flight-317411' + workload_identity_provider: 'projects/429189597230/locations/global/workloadIdentityPools/github/providers/robusta-repos' # prod - # Configure Docker to use the gcloud command-line tool as a credential helper for authentication - - run: |- - gcloud auth configure-docker us-central1-docker.pkg.dev + - name: Set up gcloud CLI + uses: google-github-actions/setup-gcloud@v2 + with: + project_id: genuine-flight-317411 - - run: |- - gcloud config get-value project + - name: Configure Docker Registry + run: gcloud auth configure-docker us-central1-docker.pkg.dev + + - name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} - name: Update package version run: | @@ -66,11 +76,6 @@ jobs: poetry install --no-dev poetry publish --build -u __token__ -p ${{ secrets.PYPI_PROJECT_TOKEN }} - - name: Login to Docker Hub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - name: Release Docker CLI if: "!github.event.release.prerelease"