Add cd steps to test auth

kipr · Aug 16, 2024 · baa81e8 · baa81e8
1 parent 121fe21
commit baa81e8
Showing 1 changed file with 24 additions and 13 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -10,21 +10,23 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       id-token: write
+      contents: read
 
     steps:
-      - name: Checkout actions-oidc-debugger
-        uses: actions/checkout@v3
-        with:
-          repository: github/actions-oidc-debugger
-          ref: main
-          # token: ${{ secrets.your-checkout-token }}
-          path: ./.github/actions/actions-oidc-debugger
-      - name: Debug OIDC Claims
-        uses: ./.github/actions/actions-oidc-debugger
-        with:
-          audience: '${{ github.server_url }}/${{ github.repository_owner }}'
-      # - name: Check out repo
-      #   uses: actions/checkout@v4
+      # - name: Checkout actions-oidc-debugger
+      #   uses: actions/checkout@v3
+      #   with:
+      #     repository: github/actions-oidc-debugger
+      #     ref: main
+      #     # token: ${{ secrets.your-checkout-token }}
+      #     path: ./.github/actions/actions-oidc-debugger
+      # - name: Debug OIDC Claims
+      #   uses: ./.github/actions/actions-oidc-debugger
+      #   with:
+      #     audience: '${{ github.server_url }}/${{ github.repository_owner }}'
+
+      - name: Check out repo
+        uses: actions/checkout@v4
       # - name: Install firebase-tools
       #   run: npm install -g firebase-tools
       # - name: Authenticate to Google
@@ -34,6 +36,15 @@ jobs:
       #     create_credentials_file: true
       #     export_environment_variables: true
       #     cleanup_credentials: true
+      - name: Authenticate to Google
+        uses: 'google-github-actions/auth@v2'
+        with:
+          workload_identity_provider: 'projects/705985154569/locations/global/workloadIdentityPools/kipr-github-identity-pool/providers/github'
+          create_credentials_file: true
+          export_environment_variables: true
+          cleanup_credentials: true
+      - name: Output directory contents
+        run: ls
       # - name: Install dependencies
       #   run: npm install
       # - name: Build