chore: use DEPOT_TOKEN secret (#10237)

# Which Problems Are Solved Action runs on PRs from forks can't authenticate at depot. # How the Problems Are Solved - The GitHub secret DEPOT_TOKEN is statically passed as env variable to the steps that use the depot CLI, as described [here](https://github.com/depot/setup-action#authentication). - Removed the oidc argument from the depot/setup-action, as we pass the env statically to the relevant steps. - The `id-token: write` permission is removed from all workflows, as it's not needed anymore. # Additional Changes Removed the obsolete comment ```yaml # latest if branch is main, otherwise image version which is the pull request number ``` # Additional Context Required by these approved PRs so their checks can be executed: - https://github.com/zitadel/zitadel/pull/9982 - https://github.com/zitadel/zitadel/pull/9958
2025-08-12 01:47:33 +00:00 · 2025-07-15 15:40:27 +02:00
parent c4e0342c5f
commit ee13d4be7d
4 changed files with 20 additions and 11 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -19,7 +19,6 @@ permissions:
  issues: write
  pull-requests: write
  actions: write
-  id-token: write

 jobs:
  core:
@@ -50,6 +49,8 @@ jobs:
      console_cache_path: ${{ needs.console.outputs.cache_path }}
      version: ${{ needs.version.outputs.version }}
      node_version: "20"
+    secrets:
+      DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }}

  core-unit-test:
    needs: core
@@ -88,6 +89,8 @@ jobs:
    with:
      ignore-run-cache:  ${{ github.event_name == 'workflow_dispatch' || fromJSON(github.run_attempt) > 1 }}
      node_version: "20"
+    secrets:
+      DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }}

  container:
    needs: [compile]
@@ -108,6 +111,8 @@ jobs:
    with:
      login_build_image_name: "ghcr.io/zitadel/zitadel-login-build"
      node_version: "20"
+    secrets:
+      DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }}

  e2e:
    uses: ./.github/workflows/e2e.yml