From ec751598d0980b81d768578cd35f137a203aaafe Mon Sep 17 00:00:00 2001
From: Dread <34528298+islandbitcoin@users.noreply.github.com>
Date: Mon, 28 Aug 2023 15:06:35 -0400
Subject: [PATCH] auto update script

---
 .github/workflows/deploy-gcp.yaml | 92 +++++++++++++++++--------------
 1 file changed, 51 insertions(+), 41 deletions(-)

diff --git a/.github/workflows/deploy-gcp.yaml b/.github/workflows/deploy-gcp.yaml
index 45ef01d09b..93a1d2d596 100644
--- a/.github/workflows/deploy-gcp.yaml
+++ b/.github/workflows/deploy-gcp.yaml
@@ -6,44 +6,54 @@ on:
       - gcp
 
 jobs:
-  build:
-    env:
-      CLUSTER_NAME: flash-cluster
-      NAMESPACE: default
-      GALOY_NAMESPACE: galoy
-      GALOY_DEPS_NAMESPACE: galoy-deps
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Setup Google Cloud SDK
-        uses: google-github-actions/setup-gcloud@v1.1.1
-        with:
-          service_account_key: ${{ secrets.GCP_SA_KEY }}
-          project_id: flash-staging-cluster
-          export_default_credentials: true
-
-      - name: Configure Kubernetes Cluster
-        run: |
-          gcloud container clusters get-credentials $CLUSTER_NAME --zone us-east1
-
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v1
-        with:
-          terraform_version: 1.0.0
-
-      - name: Terraform Init
-        run: terraform init
-        working-directory: ./dev
-
-      - name: Terraform Validate
-        run: terraform validate
-        working-directory: ./dev
-
-      - name: Terraform Plan
-        run: terraform plan -var 'bitcoin_network=signet' -var 'name_prefix=galoy-sig'
-        working-directory: ./dev
-
-      - name: Terraform Apply
-        run: terraform apply -auto-approve -var 'bitcoin_network=signet' -var 'name_prefix=galoy-sig'
-        working-directory: ./dev
+  job_id:
+    # Add "id-token" with the intended permissions.
+    permissions:
+      contents: "read"
+      id-token: "write"
+    build:
+      env:
+        CLUSTER_NAME: flash-cluster
+        NAMESPACE: default
+        GALOY_NAMESPACE: galoy
+        GALOY_DEPS_NAMESPACE: galoy-deps
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/checkout@v2
+
+        - id: "auth"
+          uses: "google-github-actions/auth@v1"
+          with:
+            service_account: "flash-cluster@flash-staging-cluster.iam.gserviceaccount.com"
+
+        - name: Setup Google Cloud SDK
+          uses: google-github-actions/setup-gcloud@v1.1.1
+          with:
+            service_account_key: ${{ secrets.GCP_SA_KEY }}
+            project_id: flash-staging-cluster
+            export_default_credentials: true
+
+        - name: Configure Kubernetes Cluster
+          run: |
+            gcloud container clusters get-credentials $CLUSTER_NAME --zone us-east1
+
+        - name: Setup Terraform
+          uses: hashicorp/setup-terraform@v1
+          with:
+            terraform_version: 1.0.0
+
+        - name: Terraform Init
+          run: terraform init
+          working-directory: ./dev
+
+        - name: Terraform Validate
+          run: terraform validate
+          working-directory: ./dev
+
+        - name: Terraform Plan
+          run: terraform plan -var 'bitcoin_network=signet' -var 'name_prefix=galoy-sig'
+          working-directory: ./dev
+
+        - name: Terraform Apply
+          run: terraform apply -auto-approve -var 'bitcoin_network=signet' -var 'name_prefix=galoy-sig'
+          working-directory: ./dev