feat: gcloud auth using workload identity (#163)

* test(infra): Workfload identity provider

Changelog: test

* test: add sa

* feat(infra): Add workflow identity in composite

Changelog: feature

* feat: update composite input

* feat: add gcloud auth workflow identity

* feat: add workflow identity

---------

Co-authored-by: dimzrio <[email protected]>

.github/workflows/pre-commit.yaml

@@ -11,6 +11,10 @@ on:
 env:
  BRANCH: ${{ github.head_ref || github.ref_name }}
 
+concurrency:
+  group: pre-commit-check
+  cancel-in-progress: true
+
 jobs:
   pre-commit:
     runs-on: ubuntu-latest

infra/tools/gcloud/action.yaml

@@ -52,15 +52,36 @@ inputs:
     description: "List of additional gcloud components to install"
     type: string
 
+  service_account:
+    required: false
+    description: "Service Account name for workload identity"
+    type: string
+    default: 'false'
+
+  workload_identity_provider:
+    required: false
+    description: "Workload identity provider"
+    type: string
+    default: 'false'
+
 runs:
   using: "composite"
   steps:
-    - name: Authenticate to Google Cloud
+    - name: Authenticate to Google Cloud with SA
+      if: "${{ inputs.workload_identity_provider == 'false' }}"
       uses: google-github-actions/auth@v2
       with:
         project_id: ${{ inputs.project_id }}
         credentials_json: ${{ inputs.credentials_json }}
 
+    - name: Authenticate to Google Cloud with Workload Identity
+      if: "${{ (inputs.workload_identity_provider != 'false') && (inputs.service_account != 'false') }}"
+      uses: google-github-actions/auth@v2
+      with:
+        project_id: ${{ inputs.project_id }}
+        workload_identity_provider: ${{ inputs.workload_identity_provider }}
+        service_account: ${{ inputs.service_account }}
+
     - name: Setup gcloud
       uses: google-github-actions/setup-gcloud@v2
       with: