From 5addbcacf8276a88ffcf2dbae13a0e25447feb53 Mon Sep 17 00:00:00 2001
From: Evis Chang <yschang0926@outlook.com>
Date: Wed, 18 Oct 2023 08:10:22 +0800
Subject: [PATCH] add oauth

---
 .github/workflows/build-all.yml | 25 +++++++++++++++++++++----
 .github/workflows/main-cd.yml   |  4 +---
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/build-all.yml b/.github/workflows/build-all.yml
index 3ee3eee82..432f91782 100644
--- a/.github/workflows/build-all.yml
+++ b/.github/workflows/build-all.yml
@@ -9,10 +9,6 @@ on:
             version:
                 default: '0.0.1'
                 type: string
-        secrets:
-            GH_PAT:
-                required: true
-
 jobs:
     build-all:
         if: ${{ inputs.build-services == 'contract' }}
@@ -57,6 +53,15 @@ jobs:
               env:
                   GH_TOKEN: ${{ secrets.GH_PAT }}
 
+            - name: Authenticate to Google Cloud
+              id: auth
+              uses: 'google-github-actions/auth@v1'
+              with:
+                  token_format: access_token
+                  workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
+                  service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
+                  access_token_lifetime: 300s
+
             - name: Login Registry
               id: docker-auth
               uses: docker/login-action@v1
@@ -93,6 +98,9 @@ jobs:
             - name: Check out repository code
               uses: actions/checkout@v3
 
+            - name: Test
+              run: echo ${{ secrets.WIF_PROVIDER }}
+
             - name: Setup circom, related lib
               run: |
                   apt-get update && apt-get install -y build-essential curl
@@ -108,6 +116,15 @@ jobs:
             - name: Install and build packages
               run: yarn && yarn build
 
+            - name: Authenticate to Google Cloud
+              id: auth
+              uses: 'google-github-actions/auth@v1'
+              with:
+                  token_format: access_token
+                  workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
+                  service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
+                  access_token_lifetime: 300s
+
             - name: Login Registry
               id: docker-auth
               uses: docker/login-action@v1
diff --git a/.github/workflows/main-cd.yml b/.github/workflows/main-cd.yml
index f33878368..a621d15c2 100644
--- a/.github/workflows/main-cd.yml
+++ b/.github/workflows/main-cd.yml
@@ -2,7 +2,6 @@ name: CD-Main
 run-name: ${{ github.actor }} acitvates the actions 🚀
 
 on:
-    push: 
     workflow_dispatch:
         branches: ['feat_system_cicd_enhancment']
         inputs:
@@ -25,8 +24,7 @@ jobs:
         with:
             build-services: ${{ inputs.build-services }}
             version: ${{ inputs.version }}
-        secrets:
-            GH_PAT: ${{ secrets.GH_PAT }}
+        secrets: inherit
 
     backend:
         needs: build