From 4f85f7f63d08480e106600b12be65f7aa2c17cab Mon Sep 17 00:00:00 2001
From: Michael Franklin <illusional@users.noreply.github.com>
Date: Tue, 19 Sep 2023 13:34:07 +1000
Subject: [PATCH] Add workload identity federated login + test

---
 .github/workflows/deploy.yaml | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index 997b1129d..e50b6b11d 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -6,6 +6,7 @@ on:
     branches:
       - main
       - dev
+      - workload-identity-federation
 
 jobs:
   deploy:
@@ -23,11 +24,16 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: "gcloud setup"
-        uses: google-github-actions/setup-gcloud@v1
+      - id: "google-cloud-auth"
+        name: "Authenticate to Google Cloud"
+        uses: "google-github-actions/auth@v1"
         with:
-          project_id: sample-metadata
-          service_account_key: ${{ secrets.GCP_SERVER_DEPLOY_KEY }}
+          workload_identity_provider: "projects/774248915715/locations/global/workloadIdentityPools/gh-deploy-pool/providers/gh-provider"
+          service_account: "sample-metadata-deploy@sample-metadata.iam.gserviceaccount.com"
+
+      - id: "google-cloud-sdk-setup"
+        name: "Set up Cloud SDK"
+        uses: google-github-actions/setup-gcloud@v1
 
       - name: "gcloud docker auth"
         run: |