[docs][container] Document using GCP workload identity

ianlewis commented 1 year ago

Create a section in the README that outlines how to use GCP workload identity and gives pointers on how you need to set it up.

chasen-bettinger commented 1 year ago

Hey @ianlewis , I'd like to pick this ticket up if you think that's a good idea. What context are we trying to use GCP workload identity in and what are we trying to accomplish by using it?

ianlewis commented 1 year ago

@chasen-bettinger Go for it!

What context are we trying to use GCP workload identity in and what are we trying to accomplish by using it?

It's for authentication with GCP when pushing to Artifact Registry from the container generator.

I would add a new section to the README. There you can show an example of using it.

Some links that may be helpful:

Setting up Workload Identity Federation: https://github.com/google-github-actions/auth#setting-up-workload-identity-federation
Configuring OpenID Connect in Google Cloud Platform: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform
Artifact Registry: Create a Docker repository: https://cloud.google.com/artifact-registry/docs/docker/store-docker-container-images#create

slsa-framework / slsa-github-generator

[docs][container] Document using GCP workload identity #1732