From 93b9a47b7ff8eb6e932fc2796f7babbc1823f0b9 Mon Sep 17 00:00:00 2001
From: Mike Vanbuskirk <mike.vanbuskirk@trufflesec.com>
Date: Wed, 20 Sep 2023 20:26:07 -0400
Subject: [PATCH] add explicit login step for artifact registry

---
 .github/workflows/release.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4bf683f..3081c4d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,6 +8,7 @@ on:
 permissions:
   contents: write
   packages: write
+  id-token: write
 
 jobs:
   Release:
@@ -30,9 +31,20 @@ jobs:
         id: 'auth'
         uses: 'google-github-actions/auth@v1'
         with:
+          token_format: 'access_token'
           workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
           service_account: ${{ secrets.SERVICE_ACCOUNT }}
 
+      - name: Docker Login to Google Artifact Registry
+        uses: docker/login-action@v2
+        with:
+          registry: gcr.io
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
+      
+      - run: |-
+        echo ${{ steps.auth.outputs.access_token }} | docker login -u oauth2accesstoken --password-stdin https://us-docker.pkg.dev
+
       - name: Docker Login to GitHub Container Registry
         uses: docker/login-action@v2
         with: