From b94375979547bd5ac75b9aaae7b22a7cd7278c32 Mon Sep 17 00:00:00 2001
From: grahamalama <graham.beckley@gmail.com>
Date: Mon, 16 Sep 2024 13:25:55 -0400
Subject: [PATCH] Fix failing deployment workflow due to google auth action
 config (#110)

* Add token permissions to build_parser_images job

* Use correct value for `workload_identity_provider` option

We now store this value as a workflow variable rather than a secret
---
 .github/workflows/build-and-push-images.yaml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-and-push-images.yaml b/.github/workflows/build-and-push-images.yaml
index a5822071..b8737f2d 100644
--- a/.github/workflows/build-and-push-images.yaml
+++ b/.github/workflows/build-and-push-images.yaml
@@ -18,6 +18,9 @@ jobs:
     strategy:
       matrix:
         context: [argocd, circleci, github, pagerduty]
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - uses: actions/checkout@v4
       - uses: docker/setup-buildx-action@v3
@@ -27,7 +30,7 @@ jobs:
         with:
           token_format: 'access_token'
           service_account: artifact-writer@${{ env.GCP_PROJECT_ID }}.iam.gserviceaccount.com
-          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_POOL_PROJECT_NUMBER }}
+          workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }}
 
       - uses: docker/login-action@v3
         name: Docker login
@@ -62,7 +65,7 @@ jobs:
         with:
           token_format: 'access_token'
           service_account: artifact-writer@${{ env.GCP_PROJECT_ID }}.iam.gserviceaccount.com
-          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_POOL_PROJECT_NUMBER }}
+          workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }}
 
       - uses: docker/login-action@v3
         name: Docker login