add explicit login step for artifact registry

trufflesecurity · Sep 21, 2023 · 93b9a47 · 93b9a47
1 parent bef3eb2
commit 93b9a47
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -8,6 +8,7 @@ on:
 permissions:
   contents: write
   packages: write
+  id-token: write
 
 jobs:
   Release:
@@ -30,9 +31,20 @@ jobs:
         id: 'auth'
         uses: 'google-github-actions/auth@v1'
         with:
+          token_format: 'access_token'
           workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
           service_account: ${{ secrets.SERVICE_ACCOUNT }}
 
+      - name: Docker Login to Google Artifact Registry
+        uses: docker/login-action@v2
+        with:
+          registry: gcr.io
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
+
+      - run: |-
+        echo ${{ steps.auth.outputs.access_token }} | docker login -u oauth2accesstoken --password-stdin https://us-docker.pkg.dev
+
       - name: Docker Login to GitHub Container Registry
         uses: docker/login-action@v2
         with: