diff --git a/.github/workflows/prune-supply-chain.yml b/.github/workflows/prune-supply-chain.yml index 529b9af..4526558 100644 --- a/.github/workflows/prune-supply-chain.yml +++ b/.github/workflows/prune-supply-chain.yml @@ -8,6 +8,7 @@ on: permissions: contents: write pull-requests: write + id-token: write jobs: prune: @@ -25,6 +26,19 @@ jobs: with: node-version-file: package.json + - id: auth + name: Authenticate to Google Cloud + uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 + with: + workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ vars.WORKLOAD_IDENTITY_SERVICE_ACCOUNT }} + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 + + - name: Login to ArtifactRegistry + run: npx --yes google-artifactregistry-auth + - uses: IntimateMerger/prune-supply-chain-overrides-action@3eee6bcd79a4067a84c9a0902c898add08cabb1f # v1.0.4 with: working-directory: .