From 1afc19e05a00199e2d9bb12c9daee87236db0a9a Mon Sep 17 00:00:00 2001
From: Wes Foyd <wesfloyd@gmail.com>
Date: Wed, 30 Mar 2022 16:04:44 -0400
Subject: [PATCH] Update production.yml

Security Patch: Updating google-github-actions to use Workload Identity Provider
---
 .github/workflows/production.yml | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml
index f318aab..33b2c83 100644
--- a/.github/workflows/production.yml
+++ b/.github/workflows/production.yml
@@ -13,13 +13,14 @@ jobs:
     outputs:
       image_name: ${{ steps.build.outputs.image_name }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - uses: ./.github/actions/build
         name: Build image
         id: build
 
   deploy_production:
+
     runs-on: ubuntu-latest
     environment: production
     needs: build
@@ -32,13 +33,19 @@ jobs:
           - "1"
           - "137"
           - "43114"
+    permissions:
+      id-token: write
+      
     steps:
       - uses: actions/checkout@v2
       
       - name: GCP Auth
-        uses: google-github-actions/auth@v0.4.0
+        uses: google-github-actions/auth@v0.6.0
         with:
-          credentials_json: ${{ secrets.GCP_SA_KEY }}
+          workload_identity_provider: ${{ secrets.GCP_workload_identity_provider }}
+          service_account: ${{ secrets.GCP_service_account }}
+          token_format: 'access_token'
+          
       - name: Get GKE credentials
         uses: google-github-actions/get-gke-credentials@v0.4.0
         with: