Using GCP Access Token

susom · Oct 3, 2024 · 1817dc3 · 1817dc3
1 parent 123f29d
commit 1817dc3
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 12 deletions.
diff --git a/.github/workflows/vertx-base.yaml b/.github/workflows/vertx-base.yaml
@@ -6,9 +6,9 @@ on:
   workflow_dispatch:
 
 permissions:
+  id-token: write
   contents: write
   packages: write
-  id-token: write
 
 jobs:
   test:
@@ -50,7 +50,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-
       - name: Set up JDK 17
         uses: actions/setup-java@v4
         with:
@@ -67,15 +66,24 @@ jobs:
       - name: Set up Maven settings
         run: cp ./travis/new-settings.xml ~/.m2/settings.xml
 
-      - name: Authenticate to Google Cloud
+      - name: Authenticate using Workload Identity Federation
         uses: google-github-actions/auth@v2
         with:
           project_id: 'som-rit-infrastructure-prod'
           workload_identity_provider: 'projects/294515190965/locations/global/workloadIdentityPools/github/providers/susom-github'
 
+      - name: Generate GCP Access Token
+        id: auth
+        run: |
+          export GCP_ACCESS_TOKEN=$(gcloud auth print-access-token)
+        env:
+          GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
+
       - name: Deploy Snapshots
         run: |
           mvn -Dmaven.wagon.http.retryHandler.count=5 \
               -Dmaven.wagon.httpconnectionManager.ttlSeconds=30 \
               -Dmaven.wagon.http.timeout=1200000 \
-              --batch-mode -e -DskipTests=true deploy -X
+              --batch-mode -e -DskipTests=true deploy -X
+        env:
+          GCP_ACCESS_TOKEN: ${{ steps.auth.outputs.GCP_ACCESS_TOKEN }}
diff --git a/travis/new-settings.xml b/travis/new-settings.xml
@@ -5,22 +5,26 @@
   <servers>
     <server>
       <id>artifact-registry</id>
+      <username>oauth2accesstoken</username>
+      <password>${env.GCP_ACCESS_TOKEN}</password>
       <configuration>
         <httpConfiguration>
           <get>
             <usePreemptive>true</usePreemptive>
           </get>
-          <put>
+          <head>
             <usePreemptive>true</usePreemptive>
+          </head>
+          <put>
+            <params>
+              <property>
+                <name>http.protocol.expect-continue</name>
+                <value>false</value>
+              </property>
+            </params>
           </put>
-          <params>
-            <property>
-              <name>http.protocol.expect-continue</name>
-              <value>false</value>
-            </property>
-          </params>
         </httpConfiguration>
       </configuration>
     </server>
   </servers>
-</settings>
+</settings>