Merge pull request #4819 from coralproject/develop

iambrianchan · web-flow · commit dc8101be18ed · 2025-09-25T16:18:19.000-04:00
v9.10.5
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -10,6 +10,10 @@ env:
   IMAGE_CACHE_REPOSITORY: "coralproject/ci"
   DOCKERHUB_USERNAME: "coralproject"
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   build-and-test:
     name: Test
@@ -84,22 +88,25 @@ jobs:
       - uses: webfactory/ssh-agent@v0.9.0
         with:
           ssh-private-key: ${{ secrets.REPO_PATCHED_DEPLOY_KEY }}
-      - name: Login to GAR
-        uses: docker/login-action@v3
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
         with:
-          registry: us-east1-docker.pkg.dev
-          username: _json_key
-          password: ${{ secrets.GAR_JSON_KEY }}
+          project_id: the-coral-project
+          workload_identity_provider: projects/418768622481/locations/global/workloadIdentityPools/github-actions/providers/github
+          service_account: github-actions@the-coral-project.iam.gserviceaccount.com
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
           username: ${{ env.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
+      - name: Configure Docker GAR
+        run: |
+          gcloud auth configure-docker us-east1-docker.pkg.dev --quiet
       - name: Define SHORT_SHA with commit short sha
         run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV
       # Build tag push the image after a merge to develop
       - name: Build and Push (develop)
-        if: github.ref == 'refs/heads/develop' || github.ref
+        if: github.ref == 'refs/heads/develop'
         run: |
           docker buildx build \
             --platform linux/amd64 \
@@ -136,17 +143,20 @@ jobs:
       - uses: webfactory/ssh-agent@v0.9.0
         with:
           ssh-private-key: ${{ secrets.REPO_PATCHED_DEPLOY_KEY }}
-      - name: Login to GAR
-        uses: docker/login-action@v3
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
         with:
-          registry: us-east1-docker.pkg.dev
-          username: _json_key
-          password: ${{ secrets.GAR_JSON_KEY }}
+          project_id: the-coral-project
+          workload_identity_provider: projects/418768622481/locations/global/workloadIdentityPools/github-actions/providers/github
+          service_account: github-actions@the-coral-project.iam.gserviceaccount.com
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
           username: ${{ env.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
+      - name: Configure Docker GAR
+        run: |
+          gcloud auth configure-docker us-east1-docker.pkg.dev --quiet
       - name: Define SHORT_SHA with commit short sha
         run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV
       # Build for develop branch using native docker buildx
@@ -185,12 +195,15 @@ jobs:
           uses: actions/checkout@v4
         - name: Define SHORT_SHA with commit short sha
           run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV
-        - name: Login to GAR
-          uses: docker/login-action@v3
+        - name: Authenticate to Google Cloud
+          uses: google-github-actions/auth@v2
           with:
-            registry: us-east1-docker.pkg.dev
-            username: _json_key
-            password: ${{ secrets.GAR_JSON_KEY }}
+            project_id: the-coral-project
+            workload_identity_provider: projects/418768622481/locations/global/workloadIdentityPools/github-actions/providers/github
+            service_account: github-actions@the-coral-project.iam.gserviceaccount.com
+        - name: Configure Docker GAR
+          run: |
+            gcloud auth configure-docker us-east1-docker.pkg.dev --quiet
         - name: Create and Push Manifest for develop branch
           if: github.ref == 'refs/heads/develop'
           run: |
diff --git a/.github/workflows/build-test-deploy.yml b/.github/workflows/build-test-deploy.yml
@@ -14,6 +14,10 @@ env:
   SENTRY_ORG: "voxmedia"
   SENTRY_PROJECT: "coral"
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   build-and-test:
     name: Test
@@ -78,13 +82,6 @@ jobs:
       - uses: webfactory/ssh-agent@v0.9.0
         with:
           ssh-private-key: ${{ secrets.REPO_PATCHED_DEPLOY_KEY }}
-      - name: Authenticate with GCP
-        id: "auth"
-        uses: "google-github-actions/auth@v2"
-        with:
-          credentials_json: "${{ secrets.GAR_JSON_KEY }}"
-      - name: Set up Cloud SDK
-        uses: "google-github-actions/setup-gcloud@v2"
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
@@ -153,13 +150,6 @@ jobs:
       - uses: webfactory/ssh-agent@v0.9.0
         with:
           ssh-private-key: ${{ secrets.REPO_PATCHED_DEPLOY_KEY }}
-      - name: Authenticate with GCP
-        id: "auth"
-        uses: "google-github-actions/auth@v2"
-        with:
-          credentials_json: "${{ secrets.GAR_JSON_KEY }}"
-      - name: Set up Cloud SDK
-        uses: "google-github-actions/setup-gcloud@v2"
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
@@ -273,11 +263,12 @@ jobs:
         with:
           username: ${{ env.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
-      - name: Authenticate with GCP
-        id: "auth"
-        uses: "google-github-actions/auth@v2"
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
         with:
-          credentials_json: "${{ secrets.GAR_JSON_KEY }}"
+          project_id: the-coral-project
+          workload_identity_provider: projects/418768622481/locations/global/workloadIdentityPools/github-actions/providers/github
+          service_account: github-actions@the-coral-project.iam.gserviceaccount.com
       - name: Set up Cloud SDK
         uses: "google-github-actions/setup-gcloud@v2"
       - name: Define RC_TAG
diff --git a/client/package.json b/client/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@coralproject/talk",
-  "version": "9.10.4",
+  "version": "9.10.5",
   "author": "The Coral Project",
   "homepage": "https://coralproject.net/",
   "sideEffects": [
diff --git a/common/package.json b/common/package.json
@@ -1,6 +1,6 @@
 {
   "name": "common",
-  "version": "9.10.4",
+  "version": "9.10.5",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
diff --git a/config/package.json b/config/package.json
@@ -1,6 +1,6 @@
 {
   "name": "common",
-  "version": "9.10.4",
+  "version": "9.10.5",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
diff --git a/server/package.json b/server/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@coralproject/talk",
-  "version": "9.10.4",
+  "version": "9.10.5",
   "author": "The Coral Project",
   "homepage": "https://coralproject.net/",
   "sideEffects": [

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@coralproject/talk",`
`3`		`- "version": "9.10.4",`
	`3`	`+ "version": "9.10.5",`
`4`	`4`	`"author": "The Coral Project",`
`5`	`5`	`"homepage": "https://coralproject.net/",`
`6`	`6`	`"sideEffects": [`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "common",`
`3`		`- "version": "9.10.4",`
	`3`	`+ "version": "9.10.5",`
`4`	`4`	`"description": "",`
`5`	`5`	`"main": "dist/index.js",`
`6`	`6`	`"types": "dist/index.d.ts",`