remove audience entirely. very confusing as it doesnt even seem that …

…the OIDC's audience needs to match that of the JWT provided by GA?
SchmidtDSE · Dec 31, 2023 · 3d64c47 · 3d64c47
1 parent c58e161
commit 3d64c47
Showing 1 changed file with 2 additions and 15 deletions.
diff --git a/.github/workflows/cloud_build.yml b/.github/workflows/cloud_build.yml
@@ -12,19 +12,6 @@ jobs:
       contents: 'read'
       id-token: 'write'
 
-    steps:
-    - name: Checkout actions-oidc-debugger
-      uses: actions/checkout@v3
-      with:
-        repository: github/actions-oidc-debugger
-        ref: main
-        token: ${{ secrets.GITHUB_TOKEN }}
-        path: ./.github/actions/actions-oidc-debugger
-    - name: Debug OIDC Claims
-      uses: ./.github/actions/actions-oidc-debugger
-      with:
-        audience: 'projects/YOUR_PROJECT_NUMBER/locations/global/workloadIdentityPools/YOUR_PROJECT_ID/providers/YOUR_WIF_PROVIDER_POOL_NAME'
-
     - name: Checkout
       uses: 'actions/checkout@v4'
 
@@ -33,8 +20,8 @@ jobs:
       with:
         workload_identity_provider: 'projects/dse-nps/locations/global/workloadIdentityPools/github/providers/oidc-provider'
         project_id: 'dse-nps'
-        audience: '[email protected]'
-        service_account: '[email protected]'
+        token_format: 'access_token'
+        access_token_lifetime: 300
 
     - name: Build and Deploy
       run: |