name: ci on: push: branches: - "master" env: workload_identity_provider: projects/140364730894/locations/global/workloadIdentityPools/codesandbox-microservices-pool/providers/github-actions-provider service_account: github-image-pusher-sa@codesandbox-microservices.iam.gserviceaccount.com jobs: docker: runs-on: ubuntu-latest permissions: contents: "read" id-token: "write" steps: - name: Checkout uses: actions/checkout@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: driver: docker - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: europe-docker.pkg.dev/codesandbox-microservices/codesandbox/type-fetcher tags: | type=sha,prefix= - id: auth name: Authenticate to Google Cloud uses: google-github-actions/auth@v1 with: token_format: "access_token" workload_identity_provider: ${{ env.workload_identity_provider }} service_account: ${{ env.service_account }} - uses: docker/login-action@v3 with: registry: gcr.io username: "oauth2accesstoken" password: "${{ steps.auth.outputs.access_token }}" - name: Build and push uses: docker/build-push-action@v5 with: context: . push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }}