From 065adb18c8423803745503bbea57845a84e33e3c Mon Sep 17 00:00:00 2001 From: april418 Date: Thu, 11 Jun 2026 00:45:19 +0900 Subject: [PATCH] =?UTF-8?q?ci(prune):=20prune=20workflow=20=E3=81=AB=20AR?= =?UTF-8?q?=20=E8=AA=8D=E8=A8=BC=E3=82=92=E8=BF=BD=E5=8A=A0=E3=81=99?= =?UTF-8?q?=E3=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit prune action 内部の pnpm install が @intimatemerger-internal/* を AR から 取得する際 401 になり、override の要否判定ができず常に全 keep になっていた。 WIF 認証 + setup-gcloud + artifactregistry-auth を追加して解消する。 Co-Authored-By: Claude Opus 4.8 --- .github/workflows/prune-supply-chain.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/prune-supply-chain.yml b/.github/workflows/prune-supply-chain.yml index b79e935..b4ba4eb 100644 --- a/.github/workflows/prune-supply-chain.yml +++ b/.github/workflows/prune-supply-chain.yml @@ -8,6 +8,7 @@ on: permissions: contents: write pull-requests: write + id-token: write jobs: prune: @@ -25,6 +26,19 @@ jobs: with: node-version-file: package.json + - id: auth + name: Authenticate to Google Cloud + uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 + with: + workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ vars.WORKLOAD_IDENTITY_SERVICE_ACCOUNT }} + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 + + - name: Login to ArtifactRegistry + run: npx --yes google-artifactregistry-auth + - uses: IntimateMerger/prune-supply-chain-overrides-action@0e16deedcabd3995212707a1afe2dcc484f26c38 # v1.0.2 with: working-directory: .