From fb5e69731f2b404881b836de1a0464b277d66a2c Mon Sep 17 00:00:00 2001
From: kharf <kevinfritz210@gmail.com>
Date: Thu, 11 Apr 2024 08:05:32 +0200
Subject: [PATCH] feat: introduce service account keyless authentication

---
 action.yml    |  3 ++-
 entrypoint.sh | 16 +++++++++-------
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/action.yml b/action.yml
index 8a44005..f8a6f15 100644
--- a/action.yml
+++ b/action.yml
@@ -10,7 +10,8 @@ inputs:
     required: true
   service_account_key:
     description: 'Base64 encoded JSON key for GCP service account'
-    required: true
+    required: false
+    default: ''
   image_name:
     description: 'Name of container image to be deployed'
     required: true
diff --git a/entrypoint.sh b/entrypoint.sh
index 5d9aea5..cb2fbdc 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -21,13 +21,15 @@ SERVICE_NAME_LENGTH_LIMIT=62
 
 set -e
 set -o pipefail
-
-echo "$INPUT_SERVICE_ACCOUNT_KEY" | base64 -d >key.json
-trap "{ rm -f key.json; }" EXIT
-
-enableDebug
-gcloud auth activate-service-account --key-file=key.json --project="$INPUT_PROJECT_ID"
-disableDebug
+if [ -n "$INPUT_SERVICE_ACCOUNT_KEY" ]; then
+  echo "$INPUT_SERVICE_ACCOUNT_KEY" | base64 -d >key.json
+  trap "{ rm -f key.json; }" EXIT
+  enableDebug
+  gcloud auth activate-service-account --key-file=key.json --project="$INPUT_PROJECT_ID"
+  disableDebug
+else 
+  gcloud auth activate-service-account --access-token-file="$GITHUB_WORKSPACE" --project="$INPUT_PROJECT_ID"
+fi
 
 IMAGE_TAG="latest"
 if [ -n "$INPUT_IMAGE_TAG" ]; then